Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
Cyber Subterfuge and Curious Sharks Threaten the World’s Subsea Fiber-Optic Cables
Malware, spies, and hackers, plus erosion and sharks, pose huge risks to the fiber optics that transmit almost all the world's data.
Under the world's oceans lie 550,000 miles of submarine cables. According to a March 2019 report by StableSeas, this subsea network is responsible for 97% of intercontinental communication and transmits $10 million worth of financial transactions every day. The network is controlled by more than 200 operators, and owners include subsea-specific operators, traditional communications providers, governments, public-private partnerships, and enterprises including Google and Facebook.
Should the network falter – damaged or broken lines can snap or slow connections – multiple countries and millions of users, including governments and critical industries, would be impacted. But more nefarious dangers lurk as well.
"Concerningly, the integrity of this vital global communication super-highway is significantly at risk from accidental and malicious compromise, " the StableSeas report states. "Current approaches to ensure the integrity of this infrastructure are inadequate."
Tim Cash, a long-time consultant and systems engineer, takes it a step further.
"[Cybersecurity is] nonexistent despite multiple nascent articles by the community to point out how easy it would be to take down international submarine and terrestrial communications – which have been going on since the days of World War I," he says. "The [communications] technology today is far better, thus we are at far greater risk of any specific government being targeted and toppled from power through the use of subterfuge, mitigation, or counter-engineering."
Echoing the StableSeas report, he added: "Our technologies … do not have any but the most superficial protection mechanisms … where the threats are multiple in number."
Accident-Prone Environment
Submarine cables are designed to have a minimum 25-year shelf life; anything less is unacceptable due to deployment challenges. Over that time, shifting tides, erosion, storms, and saltwater take their toll. Debris, sea creatures that attach themselves to cables, and the occasional curious, nibbling shark are all potential disruptors of data flow.
However, these nonmalicious and natural causes – from earthquakes to gill-netters' gear to fish bites – are only "extremely rare" causes of cable failure, according to Telegeography, which monitors all submarine network outages and damage.
The larger physical threats are man-made: Fishing boats and larger ships, such as cruise liners, dragging their anchors deep in the ocean and hitting subsea cables, make up about two-thirds of cable faults, TeleGeography reported.
In 2008, for example, a boat trying to moor off the coast of Egypt reportedly cut a cable – ultimately knocking out Internet service to 75 million people in at least three countries. Fast forward, and Yemen and its citizens, as well as the entire Red Sea region, started 2020 with slow or nonexistent connectivity after one subsea cable was cut.
In addition, an anchor dragged along the ocean's floor likely caused Tonga's cable outage in early 2019. The line, cut in two places, supported about 100,000 people and forced the island-nation's residents, businesses, government agencies, and tourists to rely on satellite Internet until regular services resumed.
In some cases, operators can use automated technologies housed inside the cable housing's repeaters to avoid the cost and time of pulling the damaged cable out of the sea to fix it, only to redeploy it underwater, says Brian Chee, a retired IT specialist at University of Hawaii on Oahu and previously a senior computer scientist at the GSA Office of Information Security.
"We can control the repeaters and have them change fiber-optic paths in case a ship drags an anchor," he says.
Cable Thieves and Malicious Attacks
Theft, too, can cause subsea cable outages. In 2007, a Vietnamese fisherman took out one of the two subsea cables serving that Asian country and some of its neighbors when he removed fiber-optic cable, not old copper lines, for resale. Another service provider created a workaround, but fixing the cable took months – and millions of dollars. (Vietnam's government began educating fishermen, salvage boat operators, and others on the critical role fiber-optic cable plays in keeping the country connected for business, social, and political reasons.)
Of course, physical damage could also be driven by malicious intent for crime or espionage.
It's been possible in the past, albeit challenging, to get into a rival's fiber-optic cable lines, Chee says. The United States began spying on the USSR's submarines in 1971. Russia allegedly has come uncomfortably close to allies' cable lines, published reports say.
"Tapping an undersea cable at depth is risky, dangerous, and very, very difficult. It's probably not going to happen," Chee says. "When they start becoming vulnerable is in the shallow depths – 300 feet or shallower – because then you can start getting to the point where humans can start going in and out of, say, a submersible and bring cameras in."
As consultant Cash points out, nation-states could perform intentional, malicious damage by simply removing or disabling a cable to disrupt communications between nations deemed unfriendly by their regimes, he said. Nation-state actors could also intercept such communications.
Compared with terrestrial networks, undersea cable systems have few fibers and fewer hackable access points. The most vulnerable point may be the Network Management Systems (NMS), which are limited to the specific cable stations associated with each system, the Network Operation Centers, and remote access portals for each system supplier. Armed guards usually protect landing stations, with security assets similar to those found in data centers, Chee says.
"All landing stations on the face of the Earth are considered high-security areas," he adds. "And if you're tapping under the ocean, you still have to bring that data on-shore somehow. You then, somehow or another, would have to bribe or coerce someone into telling you which fiber is which and what does what. The amount of effort … is stunning."
Submarine cable providers offer an array of security services, such as early-warning alert zones via geofencing, real-time alerts to select customer staffers, and surveillance using drones and other vessels, according to Ocean Specialists.
As the StableSeas Report warns, though: "NMS are web-based systems relying on readily exploitable HTTP and TCP/IP protocols and Windows operating systems, making these systems extremely vulnerable to compromise. Once a hacker is able to gain access to an NMS, the hacker will have full access to all data being transmitted in the network and will be able to delete, disrupt, or shut down the data flow at will."
Some nonprofit and educational groups look after retired telco subsea cables that combine proprietary systems (often orphaned today) with old operating systems, says Chee. Although the proprietary technologies may be less vulnerable to attack, older Microsoft OSes have a legacy of being targeted.
New Protections Are Available, but Not Easy
While older networks are generally robust, the subsea networks developed over the past five years were designed specifically with physical and cybersecurity in mind, says Richard Marshall, founder and president of X-SES Consultants, who also previously worked at the Department of Defense.
"The undersea cables are enshrouded with multiple layers of protective coating to protect the internal fiber-optic cable from water environmental hazards occurring naturally and artificially, plus the cable is further encased in a protective pipe that extends for several miles from the shoreline," he tells Dark Reading. "At that point, from the United States, for example, to the edge of the continental shelf, the subsea cable bundle is buried a meter-and-a-half under the sand as further protection. Beyond that point, the weighted cable drops to the bottom of the sea. At the shoreline terminus the same protective measures are taken in reverse."
One risk-reduction step comes early on when designers choose the landing point or place where the submarine cable makes landfall. In conjunction with the Network Operations Center (NOC), this landing point uses multiple systems to monitor the fiber-optic network in real time and sound alerts if problems arise. In addition to being at or near a busy port or harbor, landing points should be close to other transportation hubs, such as airports or trains, so executives can easily reach the site. Marseilles and Hong Kong are two of the busiest landing points.
If a cable is damaged, a submarine robot retrieves the impaired components so workers can repair or connect the pieces or send them onto specialized ships for resolution.
Cybersecurity should be included from Day One and coupled with a strong and aggressive defensive program, Marshall said. Even then, he concedes, the newest subsea cable systems are not impervious to successful attacks. Best practices help further protect these invaluable undersea assets.
"Perhaps the first from a cybersecurity standpoint is the commitment to the use of strong encryption for data whether in storage or in transit. I realize this may be viewed as a gratuitous observation, but until recently the subsea fiber-optic cable systems did not have enough bandwidth capacity to provide room for the use of military grade encryption systems," Marshall says. "The newer systems do."
Most malicious hackers target known vulnerabilities, and subsea cable systems with robust protections will be less attractive than more poorly secured alternatives, Marshall said.
International treaties legally protect lines and empower nations to lay, maintain, and repair them up to 12 nautical miles outside territorial waters. These laws also encompass criminal and civil penalties for malicious or accidental damage, according to insurance publication MapFire Global Risks.
Despite improved protections, continued explosive demand for bandwidth, coupled with the need for high-speed communications between continents, will shine a brighter light on the dark depths of what's lying on the ocean floors. Hackers, rogue governments, and others with malicious intent are bound to view these invaluable assets with more than passing interest.
Related Content:
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register.
About the Author
You May Also Like
Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024