Alarm bells went off following reports last week that the U.S. is concerned about Russian ships operating near vital undersea cables, and that Russia could damage those cables in times of conflict or tension. At stake is the safety of the vast network of cables around the globe that carry almost all of the world’s Internet communications and financial transactions. As it happens, Russia may not have an incentive to damage those cables, since it would also suffer from any disruption in communications, according to experts at Wharton and New York University. However, the threat of cyber attacks on those cables is real, they said.
Severed cables can be easily repaired, albeit with heavy costs, and the bigger risk is from unintentional, routine cable breaks. The best defense against such threats is to avoid the existing concentration of cable landings along U.S. coasts, according to the experts. Instead, those landings should be dispersed so that all systems don’t go down in a crisis and have sufficient capacity to re-route communications traffic, they said.
The first reports last week painted a grim scenario. “The ultimate Russian hack on the United States could involve severing the fiber-optic cables at some of their hardest-to-access locations to halt the instant communications on which the West’s governments, economies and citizens have grown dependent,” a New York Times report warned. The U.S. has not formally responded to the perceived Russian threat, but the Times report quoted a Navy spokesman who said, “It would be a concern to hear any country was tampering with communication cables.” Coincidentally, President Obama had designated October as “National Cyber Security Awareness Month” to raise awareness about cyber security.
What Is at Stake?
The consequences would be huge in the event of “a systematic, large-scale attempt” to break undersea cables that proves difficult to remediate, said Wharton risk management professor Robert Meyer. It could disrupt up to 90% of global Internet traffic and financial transactions, he added. Meyer is also co-director of Wharton’s Risk Management and Decision Processes Center. However, he said it isn’t clear if Russia would want to damage the cables. “If you are sitting on a limb, [would] you want to cut off the branch?” Such damage is more likely caused by terrorists, he added.
“The more viable option is to build a more geographically diverse network of cables.” –Nicole Starosielski
Undersea cables routinely snap and get quickly repaired, noted Nicole Starosielski, professor of media, culture and communication at New York University’s Steinhardt School of Culture, Education, and Human Development. She rated attempts to protect undersea cables with patrolling ships as an unviable idea, given the vastness of the network. “The cables could be broken by any boat that drops an anchor,” she said. “The biggest threats are regular, unintentional breaks” – not intentional disruption.
“The more viable option is to build a more geographically diverse network of cables,” said Starosielski. She is also the author of The Undersea Network, a book that looked at the collection of undersea cables built over 150 years. She noted industry groups have for long sought policies that would facilitate the development of cable networks that avoid the concentration of pressure points along both U.S. coasts.
Meyer and Starosielski discussed ways to mitigate threats to subsea cables on the Knowledge at Wharton show on Wharton Business Radio on SiriusXM channel 111. (Listen to the podcast at the top of this page.)
Starosielski noted that while concerns about the security of undersea cables are not new, they are heightened now because of the widespread dependency on them. She pointed out that it is difficult to calculate the economic cost of damage to those cables, but added that some estimates put it at more than a billion dollars for South Korea and $3 billion for Australia, for example.
Perils of Concentration
Starosielski pointed to tele-geography maps that reveal the “pressure points,” or the concentration of the cable landings in the U.S. Many cable landings are around New York, in Long Island and New Jersey, among other locations, and then around Miami – but there are no other cable landings in between those two clusters on the U.S. East Coast. On the U.S. West Coast, the major cable landings are concentrated around Los Angeles, San Francisco, central California and Oregon, she noted.
“In the U.S., we have about 50 cables coming in to about 20 zones – they are not evenly distributed along the coast; they are clumped together,” said Starosielski. Typically, if a cable is cut, and it does not exclusively belong to any country, the traffic it carries is re re-routed to another cable because they are not all full, she explained. But there could be major problems if the cables that are cut are in the pressure points.
“The biggest threats are regular, unintentional breaks – not intentional disruption.” –Nicole Starosielski
The concentration of cable landings occurs because cable companies find it more economically viable to go to an existing cable station, where they can interconnect with all the other networks, said Starosielski. “There is not an economic incentive to diversify the network.”
One comforting fact, according to Starosielski, is that much of the U.S. communications infrastructure is within the country in the form of data centers and Internet exchanges, unlike some other countries that depend on overseas infrastructure. “If you were to sever these [cables], it would cause a catastrophic impact, especially on financial institutions, but it would not necessarily sever us from all networks,” she said. “But that is not true for all countries.”
Low Threat Visibility
Meyer pointed to inadequacies in the perceptions of those threats faced by undersea cables and landing stations. “Many people, including in government, are not aware of the scale of the importance of cables and how they are the lifeblood of global communications,” he said. Starosielski noted that that the each cable is usually the size of a garden hose, but carries massive amounts of information. “An entire country could make phone calls at the same time through one of these cables,” she noted.
Meyer recalled the findings of a survey last year at the World Economic Forum of 900 business leaders and academics, in which cyber attacks ranked No. 10 on a list of potential threats. When respondents were asked about which attacks would have the greatest impact, cyber attacks did not even make it to the Top 10, he added. Meyer attributed those responses to a mistaken belief that inherent redundancy would take care of any attack on the cables. “The mere knowledge that we have these wires going underneath the ocean that one can clip … would be a wakeup call for a lot of people.”
Repairs and Re-routing
As it happens, repairs of undersea cables are not exactly high-tech, although they could be expensive if they are far out in the ocean, said Starosielski. Typically, damaged cables are brought up from the deep ocean and the two ends are spliced together on the surface before being lowered again in the sea. Repairs to cables in coastal locations sometimes prove difficult and time-consuming as they require permits from governments, she added.
“The mere knowledge that we have these wires going underneath the ocean that one can clip … would be a wakeup call for a lot of people.” –Robert Meyer
The ordinary citizen does not feel disruptions because redundancies in the system absorb the re-routing of traffic from broken cables, said Starosielski. However, when cable breaks occur in any of the pressure points, or zones of concentration of landings, the impact could be huge, said Starosielski.
For example, the 2006 Hengchun earthquake off Taiwan triggered an undersea landslide that severed nine of the 11 cables running through the Luzon Strait between Taiwan and the Philippines, and took 49 days to be repaired, said Starosielski. However, the 2011 Fukushima earthquake in Japan did not cause as much disruption because the cable networks were more diverse and not concentrated, she added.
Facing Vulnerabilities
According to Meyer, the biggest concern is not that the cables would be cut, but the threat of hack attacks into the information they carry. He noted that cable networks are typically managed by remote software installations. “If a terrorist were to get hold of the management system and take the information from there, they would get access to the financial information which is flowing,” he said. “That would be much scarier and more difficult thing to control than simply cutting the cables, because — as Nicole [Starosielski] said — we could get a ship out and splice it back together again.”
Meyer called for a stronger appreciation of the repercussions of attacks on undersea cables to drive business and policy responses. He talked of “a tendency to worry about … the failures [that are] most easy to imagine.” Even if damaged cables could be repaired, an understanding of “how people’s lives would be disrupted by a five- or six-day shutdown of all financial transactions and the Internet would have a profound impact,” he said. “It is one of a number of risks that are sitting out there and would have very large impact that people don’t particularly think about, and the hope is we don’t have to worry about it.”