The Invisible Siege: Securing the Indo-Pacific’s Telecom Backbone

For the Indo-Pacific, this is a serious warning. Many countries are racing to expand 5G, upgrade undersea cables and deploy edge data centers—smaller facilities positioned closer to end users to reduce latency and improve network speed—often with limited visibility and uneven encryption standards. Operators face the dual burden of growing capacity while defending against adversaries who know the terrain. More than 70 percent of mobile traffic is now encrypted, which limits both interception and defense. Encryption is essential, but it also blinds security tools never designed for such volume. Maintaining confidence in that encryption, and the integrity of the systems that depend on it, will be critical as threat actors evolve.

Nokia also reports that denial-of-service attacks are changing form. Large-scale assaults that once lasted days are being replaced by short, intense bursts automated by AI. These micro-attacks strike in minutes but at enormous scale, exploiting defensive lag. While major carriers can often absorb them, smaller operators and satellite providers cannot. For island states and remote regions, losing connectivity even briefly can isolate emergency services, transport systems or financial networks.

This pattern reflects a broader strategic shift. Adversaries are testing the resilience of national communication grids without triggering open conflict, probing how quickly governments and companies detect and recover. The region’s telecommunications are being treated as both a weapon and a proving ground. The invisible siege described by Nokia is already underway. China’s Salt Typhoon campaign has penetrated various telecom networks to harvest metadata and enable surveillance, while its counterpart Volt Typhoon has embedded access in critical infrastructure for future escalation.

Policy needs to now move beyond compliance. Telecommunications are already recognized as critical infrastructure and should now be integrated into national defense planning. Governments could consider how to more deeply embed telcos in threat-intelligence cycles, contingency exercises and scenario testing. Cryptographic resilience could also be a core investment priority. Operators and vendors need support to adopt next-generation architectures now, not after standards are set. As well as this, the region needs a shared picture of network health. Real-time threat data across carriers, regulators and cyber agencies would expose stealth campaigns that span borders.

The Indo-Pacific’s connectivity boom is often framed in terms of opportunities—digital trade, 5G, smart cities and AI-driven economies. Nokia’s findings show the cost. As the physical and virtual layers merge, commercial risk and national security increasingly overlap. An attack on one carrier can ripple across the region within hours, demanding the same approach used for collective defense: shared awareness, coordinated action and sustained investment.

If CrowdStrike’s report revealed how adversaries use AI to accelerate attacks, Nokia’s shows where those attacks will land. Telecom networks are the connective tissue of the Indo-Pacific’s digital life. They are also its new front line. Securing them is both a strategic and a technical challenge. The region’s stability will depend on whether it can keep the lights on and the lines open when pressure comes.

James Corera is director of ASPI’s Cyber, Technology and Security Program. Jason Van der Schyff is a fellow with ASPI’s Cyber, Technology and Security program. His research focuses on sovereign industrial capability, secure hardware, and the resilience of critical technology supply chains. This article is published courtesy of the Australian Strategic Policy Institute (ASPI).