The advent of the internet, WiFi, fiber optic cables, 5G, and satellite communications have dramatically changed the way the world stays connected and shares information. When the first submarine cable was installed in 1858, it could take up to 18 hours for a trans-Atlantic transmission to be completed. Today, there are approximately 750,000 miles of undersea cables stretching across the world’s oceans, and data management has become much more complex. According to a Department of Homeland Security Office of the Director of National Intelligence (ODNI) study, “Commercial undersea cable communications carry over 97 percent of all intercontinental electronic communications.” The U.S. Coast Guard Quarterly Collection Advisory Message also noted that undersea cable threats remain an enduring but underreported priority when assessing threats to the maritime transportation system. Approximately $10 trillion in transactions and limitless information are transmitted through undersea cables in both civilian and government sector assets every day. Maintaining the security of undersea cables is paramount to the United States’ maritime strategic interests.
Fiber Optic Undersea Cables
Because of their international nature, multiple aspects of the undersea cable industry increase threat levels. Some of these characteristics include highly integrated international components, the complexity of international cable networks and lack of awareness by risk managers, regional laws and policies affecting cable operations, and increasing global risk levels. Of the more than 400 current undersea cables, the United States is connected to the world through approximately 88, including 17 scheduled to be completed between 2022 and 2024.
Maintaining global cyber infrastructure is paramount to keeping militaries, governments, and research and financial institutions online. In 2021, Norwegian undersea fiber-optic cables were cut. Norway’s Institute of Maritime Research reported “extensive damage” to the Lofoten-Vesterålen Ocean Observatory that rendered the system inoperable in an area of strategic interest.
Further complicating matters, cable maintenance is not performed by governments, but instead by chartered contracting companies. After a cable fault notification has been received, a contractor is “obligated to sail with a trained crew and spare parts for repair within 24 hours.” While contracted cable-laying and maintenance ships are strategically placed in many diverse regions to quickly respond to a cable break, breaks disrupt global communication—especially when it disrupts government traffic that includes “sensitive diplomatic and military orders.” The military’s net-centric warfare relies on undersea cable operability, where receiving fast and reliable communications are paramount.
With the construction of new cable infrastructure, new threat trends have emerged to exploit telecommunication capabilities. According to Justin Sherman of the Atlantic Council, three key trends threaten undersea cable security and resiliency: authoritarian governments, companies managing undersea cables, and the rapid growth of cloud computing.
State actors have taken notice as undersea cables have become more important to global communication. By controlling the contracting companies, authoritarian governments can “reshap[e] the Internet’s physical topology and digital behavior.” According to a report by Michael Sechrist, China invested $1.1 billion in the construction of 27,000 kilometers of cables managed by more than 40 companies, with cable landing stations in the United States, Korea, Taiwan, and Japan.
As the strategic importance of cable networks grows, authoritarian control of companies raises geopolitical concerns because state actors can choose when, where, and how cables are built and “enable data interception and development of technological dependence” through other countries’ borders. Cable owners may insert “backdoors” for monitoring landing stations and cable builders may compromise physical infrastructure along the ocean floor. However, approximately 59 percent of the global internet infrastructure is controlled by private companies, with only 19 percent of cable providers being state-owned.
Regardless, undersea cable infrastructure and the sensitive information it carries should be a significant cybersecurity concern for the United States and friendly countries, especially regarding the Southern Cross cable. According to Commander Michael Matis, U.S. Navy, cutting the Southern Cross cable would severely cripple Australian commercial business transactions and disrupt financial data flows and national security.
With Beijing and Moscow exerting control over providers, the risk vulnerabilities and interest in intercepting sensitive data grows. According to ODNI, Russia “is particularly focused on improving its ability to target critical infrastructure, including underwater cables and industrial control systems, in the U.S. and allied countries, because compromising such infrastructure demonstrates its ability to damage infrastructure during a crisis.” The Kremlin has continually emphasized the importance of controlling the internet as a key geopolitical asset. In 2014 during Russia’s illegal annexation of Crimea, there were reports of “tamper[ing] with fiber optic cables, caus[ing] outages of local telephone and Internet systems.” In addition, Andrew Lennon, the former commander of NATO’s submarine force, noted that “Russia is clearly taking an interest in NATO and NATO nations’ undersea infrastructure.” According to DefenseNews, Russian submarine activity and their capabilities has been well-documented, of which the Yantar, a Russian spy ship, “carries mini-submersibles that can either sever or tap” into submarine cables. Of note, Russian activity “often clusters around crucial, yet hard-to-reach cables” due to these deep sea cables being difficult to repair. Along with submarine presence, Rostelecom, the primary Russian state-owned telecommunications company, has been involved in numerous attacks that deliberately rerouted internet traffic to spy on transiting data. For example, in early 2020, Rostelecom had been involved in “dozens of potential hijacks” of the Border Gateway Protocol, which serves as the Internet’s “GPS” for traffic. Because Rostelecom has engaged in this activity and its investment in international markets catering towards the global volume of internet traffic, the company’s behavior and practices weaponize “a security flaw at the very core of the global internet.”
Remote Management Vulnerabilities
As telecommunication technologies develop, risks in cable security and resiliency increase. With the use of underwater autonomous underwater vehicles (AUVs) and remote management systems (RMSs), companies can monitor and inspect undersea infrastructure. While many AUVs are civilian owned, commercial AUVs pose a potential vulnerability because of the military’s dependence on public and private sector maintenance on undersea cable infrastructure, the Integrated Undersea Surveillance System, which evolved from the Sound Surveillance System, and instrumented undersea ranges. Because AUVs can reach exposed cables in deep regions of the oceans, it is possible outside actors could alter their state and operability. RMSs monitor and control cable systems over the internet and allow virtualization for companies and the possibility to “automate the monitoring of cable functionality.” Unfortunately, when connected to the Internet, RMSs also inadvertently expose cables to hacking risks. According to Justin Sherman of the Atlantic Council, introducing a “software-driven, ‘virtualized’ layer of control over cable systems” could expose cables to disruption or degradation of signals attempts and “harmfully alter or disrupt Internet traffic delivery” across key cables.
Unlike the first trend, there are more operational risks involved when assessing internet security and resiliency against malicious network monitoring and disruption. Since companies rely more on RMSs, states have found greater incentives to hack and monitor them. When there is a high volume of sensitive internet traffic, “intercepting or disrupting that data is more attractive to governments and criminal actors,” especially when “poorly secured” technologies rely on internet connectivity. Cable landing stations are vulnerable and, according to a recent CSIS study, their security should be made a priority.
Cable Landing Stations
With the possibility of physical attacks on cable landing stations, disruption to national security and global economic activity could constrict and halt information flows. In the United States, there are a variety of very accessible and impact-rich targets concentrated on the West and East Coasts, most notably the landings in New Jersey, New York, and Florida as well as Washington State, Oregon, and California. Once an adversary taps into an RMS, they gain access to that company’s capabilities and could potentially target U.S. mainland assets to manipulate or corrupt internet traffic, especially military traffic.
During military conflicts and geopolitical crises, maintaining landing station security is paramount to preventing devastating physical attacks on internet infrastructure. Because of their ability to perform a variety of functions, including terminating and supplying power to cables, landing stations are also targeted for disrupting data transmission. For example, terrorist organizations with offensive cyber capabilities could time their kinetic attacks to “destructively attempt to slow swaths of Internet traffic headed to the United States or another country.” Ensuring physical security against threats such as power outages, natural disasters, and malicious activity is particularly emphasized in a “nation-state context,” where, according to Sherman, “intelligence services could work to compromise landing stations through human operatives, such as planting monitoring equipment directly onto landing station infrastructure.”
Volume and Sensitivity of Data
Because of the high volume of data in the modern era, there is a greater need for awareness for safeguarding economic and national security by emphasizing the importance of cable security and resiliency. When sensitive national security and commercial data routes through undersea cables—principally when transfers are intercontinental—cyber criminals, terrorists, and nation-states could tap into and compromise it. It is imperative to implement robust mitigation methods to reduce the risk of a targeted network disruption, especially when not all malicious taps are immediately detected.
When vulnerabilities are found, improvements must be enacted to increase security and resiliency. Recommendations include increasing efficiency of the Cable Security Fleet (CSF) Program within the Department of Transportation’s Maritime Administration. Launched in January 2021, the CSF Program intends to maintain an active fleet of “commercially viable, privately owned U.S.-flagged vessels to meet national security requirements and maintain a U.S. presence in the international submarine cable services market.” Once implemented, two ships will be designated as fast-response vessels. In addition, fostering interagency coordination in response to cable outages should be streamlined to facilitate the fast repair of downed systems.
Multiple risks exist that could disrupt and slow the flow of data, both in the cyber domain and in the physical world. Undersea cables serve as valuable but vulnerable assets in a nation’s strategic placement in cyber and information warfare. If adversaries were to cut a cable cut or “sniff” into a network, havoc could spread, and countries could be left in the dark. As the strategic importance of undersea cable networks is undermined, key vulnerabilities will exist that could disadvantage U.S. cyber capabilities and infrastructure. With greater visibility and support from the U.S. government, undersea cable networks can experience substantial improvements in their security and resiliency against malicious cyber actors and protect vast volumes of data, both unclassified and sensitive, from manipulation and exploitation.