Worldwide connectivity relies on undersea cables to deliver immense amounts of data, but even underwater systems are not exempt from attack.
By Howard Kidorf, Managing Partner, Pioneer Consulting
When you think of the protection key infrastructure, you might think of bridges, tunnels, ports, airports; the facilities necessary for military and civil order, and the scattered facilities that supply food and energy in the form of electricity and hydrocarbons.
These days, in the era of COVID-mandated travel restrictions and remote work, you probably would say that the infrastructure upon which the Internet depends is, similarly, fundamental to the operations of nearly all economies in the developed and developing world.
To that end, there are two main hubs of all things connectivity: data centers and undersea cables. Data centers are where a massive deployment of computers and memory supply the services that we call the Internet. Undersea cables are the means by which most of these data centers are connected to each other.
A data center is relatively easy to physically protect. Barbed-wire fencing, armed guards, man-trap security doors, and biometrics are some of the tools of the trade. These work quite effectively. Protecting against a software invasion is much trickier, but an entire industry is dedicated to cybersecurity, and nations take their cybersecurity seriously.
But what about the security of the connections between these data centers? These connecting cables are required to make the web a worldwide operation. Some of the headline uses for these cables include the Society for Worldwide Interbank Financial Telecommunications (SWIFT – the backbone of the international banking system) and military uses for some countries to project power around the world.
Given society’s bedrock dependence on undersea cables, it is quite reasonable to ask: are these undersea cables vulnerable?
The short answer is: yes.
To dig in, we have to ask: vulnerable to what? Espionage? Vandalism? Malicious, non-war sabotage? Wartime acts?
If you are wondering about vulnerability to espionage, the answer is that tapping optical fiber is relatively easy. Every submarine cable comes to land via a beach. At the beach, cables usually enter a manhole to allow a transition of the marine cable to a cable variety more conducive to terrestrial installation and maintenance. Between the beach manhole and a cable station building or data center there are often hundreds or thousands of meters of land cable. Hence, the question is not really “are submarine cables tappable?” it is really “what is the best way to get access to the information on fiber-optic cables?” Is this information accessible? Yes. Information in transit is always vulnerable to interception; the current solution to this problem is encryption.
Are cables secure from being cut? Absolutely not! More than 200 major undersea cables are repaired every year, with most of them damaged by man-made activity (usually anchors or fishing). Cables are cut so often, in fact, that all operators of global networks plan not just one back-up path, but 2-4 back-up paths. These multiple paths are necessary due to the very real probability that two or more cables contributing to a point-to-point connection are cut. It is not until there are four or five paths between data centers that there is acceptable assurance of sufficient operating capacity.
All telecom operators consider these probabilities very carefully to protect their revenue streams… including companies that own cables but are not officially categorized or regulated as telecom operators, like Google and Facebook.
But what about vandalism and malicious, non-war sabotage? Undersea cables are vulnerable in the same sense that any power transmission line is vulnerable. These assets are lengthy and distributed over very long distances. In both cases, power and telecom, there is (or should be) a lot of redundancy in the network. Hence, an outage on one or two links is inconvenient, but not devastating. Another observation is that damage to the outside plant takes a link out of service. However, damage to the cable is usually easily repaired. Damage to the terminal stations is a completely different story.
Most governments regulate undersea cables as assets that have national security implications. Hence, there are many formal permitting and licensing requirements. Attached to these licenses come operating requirements such as who can own the facilities, who can enter the cable station, what equipment may be deployed, and, perhaps most importantly, visibility into the nation’s international facilities and the ability to intervene in their operations if necessary.
This leads to the question of the vulnerability in times of war. The bottom line is that if an adversary sees value in cutting some, or all, of the cables belonging to its enemy, there is little standing in its way. Today’s situation hasn’t changed since the British ringed the world with telegraph cable before the end of the 1800s. Upon the outbreak of both the Spanish-American war and World War I, the Americans and the British, respectively, performed possibly the first electronic information-warfare operations by dredging for, and cutting, Spanish and German submarine telegraph cables (the British also intercepted all German communications on the British cables that continued to operate). Little has changed since the summer of 1914 except for: a) the increased use of physical diversity as protection, b) use of satellite backup for critical communications, c) diverse ownership and use of modern cables, and d) availability of accurate data on locations of cables. These factors are all important regarding when and how to target undersea cables in a time of all-out war.
If we want to feel safe that the Internet will always continue uninterrupted, even the highly resilient, packet-by-packet routing designed by the US-funded Defense Advanced Research Projects Agency cannot guarantee this. However, there are many things that subsea cable analysts and engineers do everyday to make it more resilient. These efforts are good enough for average disasters, both natural and anthropogenic, but absolute protection is not possible against a determined advisory.
Howard Kidorf is a managing partner at Pioneer Consulting, which provides a full suite of services for purchasers, lenders, and suppliers of undersea telecom cable systems. He can be reached at: email@example.com