Something murky is going on again under the sea. In the UK, defence staff chief Sir Stuart Peach has warned that Russia has been operating ships near the undersea cables that digitally connect the US, Europe, and others.
He worries that Russians cutting those cables represent “a new risk to our prosperity and way of life” by choking off most digital communications.
He isn’t the only one to fret about the vulnerability of undersea data communications cables. In 2015, US intelligence officials were equally worried about Russian vessels operating along US submarine cable routes.
They have reason to worry. These fibre connections carry around 97% of our digital traffic, and according to a new report issued by UK think tank Policy Exchange, there are around 213 independent cable systems, comprised of half a million miles of fibre.
These things are both expensive and fragile. It costs around $500m to run an undersea cable across the Atlantic, and they’re easy to break. Maps can be easily found online.
They come ashore at well-documented ingress points, typically connecting to terrestrial networks in small buildings or under manhole covers. These points are often highly concentrated. A handful of sites within a 30-mile radius of New York City handle most transatlantic communications traffic for the US.
Just off the coast, they’re protected by metal sheathing because they’re relatively close to the surface, and close to a lot of sea traffic. Out in the deep sea, they just lie unprotected on the sea bed. They’re bombable and breakable – and in many locations, they channel through narrow points, again making it easier to target several cables at once.
Repairs and redundancy
There are solutions to the problem. When a cable is broken, a repair ship can fix it. Fixing broken cables isn’t easy, though. It takes specially-equipped vessels to find, hook and resplice the cables on the ocean floor. The ships are a finite resource, and take time to reach their destination and do the job.
Cable operators can also rely on redundancy. There are multiple cables connecting different regions, and they are sometimes purposefully arranged in a redundant loop, so that a broken cable can fail over to another.
Nevertheless, cutting cables can disrupt communications in a region. In Vietnam, a fishing trawler stole 61 miles of undersea cable in a copper harvesting operation, and disrupted digital communications in southeast Asia for months. The following year, cuts to cables in the Mediterranean caused widespread disruption in communications throughout the middle east. Egypt, Sri Lanka, and India were all affected. Experts blamed it on a ship’s anchor near the port of Alexandria, or on earthquakes. There are many more examples of serious outages from cable cuts.
Then there’s the danger of undersea snooping. Tapping cables to intercept information is relatively easy to do domestically (the NSA has infamously done so). It’s far harder under the sea, but far from impossible. Russia’s Yantar spy ships reportedly carry mini-submersibles that are already capable of submarine cable snooping. The US is said to have had the capability for years, and mounted an operation called Ivy Bells to listen in on Russian submarine cables during the 70s.
Inadequate legal protections
Can’t we prosecute those who tinker with our undersea communications networks? Not easily. They’re privately owned, in international waters, and not subject to many laws. Those agreements that do cover them aren’t up to the job of protecting them.
The 1982 UN Convention on the Law of the Sea (UNCLOS) is perhaps our best bet, but it was created six years before the first trans-Atlantic fibre-optic link started pushing communications traffic back from satellites to cables. It also applies only to the parts of the undersea cable on the sea bed, rather than to the landing sites.
UNCLOS Article 113 requires states to outlaw their own ships from damaging submarine cables. Few have done that.
Saving our cables
What’s to be done about our vulnerable submarine networks? Getting governments to implement UNCLOS laws is one recommendation from the International Cable Protection Committee (ICPC), a 60 year-old non-profit with 160 members dedicated to exchanging information about the industry.
Rather than letting it fall through the cracks due to lack of ownership, bring together governance and control of these cables under one agency per state, as Australia and Singapore have done, it adds. It also suggests regular desktop ‘cable war games’ to co-ordinate an incident response focused on repairs.
The Policy Exchange report calls for raising the security around cable landing sites, and establishing heavily-monitored cable protection zones, following Australia’s model, in which certain types of anchoring and fishing are banned.
The report also suggests broadening geographic diversity so that points of failure aren’t concentrated in a single area, and encouraging private organizations to build more ‘dark cable’.
If we don’t take measures like these, then we might one day find the Internet going down on a nationwide basis – and not just for a day or two. It would make an attack like Mirai look trivial in comparison. In short, there’s an existential threat to the Internet, and we must do more to protect ourselves against it.