I just happened to be reading Breakpoint by Richard Clarke last week. The premise for the book is that the US finds itself undergoing a series of attacks on its infrastructure starting with simultaneous bombings of several beach heads for the main trans-Atlantic fiber cables as well as undersea cuttings of the same fiber.
I thought Mr. Clarke might have some insight into the past week's undersea cable outages in the Mideast. He was the chief counter-terrorism adviser on the U.S. National Security Council under Bill Clinton. His comments add a little level-headeness to some of the current hype. Here are his responses to my questions.
Threatchaos: After writing about a series of undersea cable outages in your book "Breakpoint" the recent events in the Mideast where four separate cables have been cut must have caught your attention. Do you think this many cable outages could be coincidence?
RAC: Cable cuts occur all the time, as do underwater relay failures.
When you turn the light on any phenomenon for the first time, it often seems that what you are looking at is a crisis when in fact in it is business as usual. What I tried to show in the form of a fast paced thriller in the opening chapter of Breakpoint was how much more damage could be done if an organized group set about to create havoc by attacking these strand that unite the global village. Disconnect cyberspace in key places and the unified global village and world economy can't operate. And we have no backup economic system.
Threatchaos: Whether or not these outages are nefarious let's play "what if?".
What would the next step be for a nation or terrorist organization that
Sought to disrupt communications in the Mideast?
RAC: There are many parts of the world where a few cuts would
disconnect them from cyberspace or so reduce band width as to have
much the same effect. Some of the places where the cuts could occur,
like deep under water, would make repair time consuming.
Threatchaos: "Breakpoint" makes it chillingly obvious that we have done nothing to protect critical assets like undersea cables and the power grid. Do these incidents in the Mideast reflect the vulnerability of undersea cables everywhere?
RAC: Yes, this is a reminder. And while undersea lines were cut in
the novel, there were also attacks on the places where the cables come
up from under the water and go on the beach. Those places are well
known and unprotected.
Threatchaos: What should the we do to make the Internet less vulnerable to physical attacks like this?
RAC: No one has the responsibility to insure there are redundant lines. Each company makes a decision based on market forces as to whether to invest in building new capacity. Nobody pays the private firms that own the fiber to build excess capacity. In some places it exists, but there are many point-to-point connections that have single points of failure and insufficient work-arounds available. There ought to be a public-private partnership, an international one, that insures there is adequate capacity to handle large scale outages caused by malevolent actors. That means back up dark fiber, rapid repair and replacement capability, and research to increase the bandwidth for laser uplink/downlink satellite comms.
Threatchaos: What can the typical large enterprise do to prepare for future network outages?
RAC. Large enterprises need to have service from multiple providers.
They need to investigate whether their multiple providers are all using the same fiber or the same conduit at key single points of failure. And they need to have contracts that allow for rapid re- provisioning to shift load from one provider to another.
By the way, Breakpoint is a great read. Opens your eyes to some underlying weaknesses in the world's infrastructure.