May 23, 2022
By Howard Kidorf
When I think of the protection key infrastructure, I think of bridges, tunnels, ports, airports, the facilities necessary for military and civil order, and the scattered facilities that supply food and energy in the form of electricity and hydrocarbons.
As many have pointed out in this era of COVID-mandated travel restrictions, the infrastructure upon which the Internet depends is, similarly, fundamental to the operations of nearly all economies in the developed and developing world.
With this in mind, I would like to introduce two key focuses of everything having to do with the connectivity that we so enjoy (assuming that we enjoy our work and not just the addictive games we play online): data centers and undersea cable. Data centers are where a massive deployment of computers and memory supply the services that we call the Internet. (A later article will discuss these wonders of the modern world.)
Undersea cables are the means by which most of these data centers are connected to each other.
A data center is relatively easy to physically protect. Barbed-wire fencing, armed guards, man-trap security doors, and biometrics are some of the tools of the trade. These work quite effectively. (Protecting against a software invasion is much trickier.)
The connections between data centers, however, are required to make the web a worldwide operation.
Some of the headline uses for these cables include the Society for Worldwide Interbank Financial Telecommunications (backbone of the international banking system) and military uses for some countries to project power around the world.
Given society’s bedrock dependence on undersea cable, it is quite reasonable to ask if these undersea cables are vulnerable?
The short answer is yes. To dig in, we have to ask: vulnerable to what? Espionage? Vandalism? Malicious, non-war sabotage? Wartime acts?
If you are wondering about vulnerability to espionage, the answer is that tapping optical fiber is relatively easy. This is not my business, but it strikes me that every submarine cable comes to the beach. At the beach, the cables usually enter a manhole to allow a splice of the marine cable to a cable variety more conducive to terrestrial installation and maintenance. Between the beach manhole and a cable station building or data center there is often hundreds or thousands of meters of land cable. Hence, the question is not really “are submarine cable tappable” it is really “what is the best way to get access to the information on undersea cables.” Is this information accessible? Yes. Every member of the of the information security business that I have spoken to has said that information in transit is vulnerable to interception. (The current solution to this problem is encryption.)
Are cables secure from being cut? Absolutely not! More than 200 major cables are repaired every year with most of them damaged by man-made activity (usually anchors or fishing). Cables are cut so often, in fact, that all operators of global networks plan not just one back-up path, but between 2 to 4 back-up paths. The multiple paths are necessary due to the very real probability that two or more cables contributing to a point-to-point connection are cut. It is not until there are 4 or 5 paths between data centers before the assurance of at least one with sufficient capacity is operating.
All telecom operators consider these probabilities very carefully to protect their revenue streams (did I just imply that Google and Facebook are telecom operators? My bad!).
Back to vandalism and malicious, non-war sabotage? Yes, undersea cables are vulnerable in the same sense that any power transmission line is vulnerable. These assets are long and distributed over a very long space. In both cases, power and telecom, there is (or should be) a lot of redundancy in the network. Hence an outage on one or two links is inconvenient, but not devastating. Another observation is that damage to the outside plant takes a link out of service. However, damage to the cable is usually easily repaired. Damage to the terminal stations, is a completely different story. When I am asked about cable security, I usually make sure there is plenty of time to talk about restoration plans.
Most governments regulate undersea cables as assets that have national security implications. Hence, there are lots of formal permitting and licensing requirements. Attached to these licenses come operating requirements such as who can own the facilities, who can enter the cable station, what equipment may be deployed, and perhaps most importantly, visibility into the nation’s international facilities and the ability to intervene in their operations if necessary.
This leads to the question of the vulnerability in times of war.
The bottom line is that if an advisory sees value in cutting some, or all, of the cables belonging to its enemy, there is little standing in their way. Today’s situation hasn’t changed since the British ringed the world with telegraph before the end of the 1800s. Upon the outbreak of World War One, the British performed possibly the first information-warfare operation by dredging for, and cutting, all the German submarine telegraph cables. (The British also intercepted all German communications on the British cables that continued to operate.)
Little has changed since the summer of 1914 except for: a) the increased use of physical diversity as protection, b) use of satellite backup for critical communications, c) diverse ownership and use of modern cables, d) availability of accurate data on locations of cables. These factors all are important of when and how to target undersea cables in a time of all-out war.
Seeking answers to your questions about undersea cable security, please contact us.