News

Actions

How vulnerable are the undersea cables that power the global internet?

Posted
and last updated

On July 29, 1858, two steam-powered battleships met in the middle of the Atlantic Ocean. There, they connected two ends of a 4,000 kilometer (2,500 mile) long, 1.5 centimeter (0.6 inch) wide cable, linking for the first time the European and North American continents by telegraph.

Just over two weeks later, the UK’s Queen Victoria sent a congratulatory message to then US President James Buchanan, which was followed by a parade through the streets of New York, featuring a replica of a ship which helped lay the cable and fireworks over City Hall.

In their inaugural cables, Queen Victoria hailed the “great international work” by the two countries, the culmination of almost two decades of effort, while Buchanan lauded a “triumph more glorious, because far more useful to mankind, than was ever won by conqueror on the field of battle.

The message took over 17 hours to deliver, at 2 minutes and 5 seconds per letter by Morse code, and the cable operated for less than a month due to a variety of technical failures, but a global communications revolution had begun.

By 1866, new cables were transmitting 6 to 8 words a minute, which would rise to more than 40 words before the end of the century. In 1956, Transatlantic No. 1 (TAT-1), the first underwater telephone cable, was laid, and by 1988, TAT-8 was transmitting 280 megabytes per second — about 15 times the speed of an average US household internet connection — over fiber optics, which use light to transmit data at breakneck speeds.

In 2018, theMarea cable began operating between Bilbao, Spain, and the US state of Virginia, with transmission speeds of up to 160 terabits per second — 16 million times faster than the average home internet connection.

Today, there are around 380 underwater cables in operation around the world, spanning a length of over 1.2 million kilometers (745,645 miles).

Underwater cables are the invisible force driving the modern internet, with many in recent years being funded by internet giants such as Facebook, Google, Microsoft and Amazon. They carry almost all our communications and yet — in a world of wireless networking and smartphones — we are barely aware that they exist.

Yet as the internet has become more mobile and wireless, the amount of data traveling across undersea cables has increased exponentially.

“Most people are absolutely amazed” by the degree to which the internet is still cable-based, said Byron Clatterbuck, chief executive of Seacom, a multinational telecommunications firm responsible for laying many of the undersea cables connecting Africa to the rest of the world.

“People are so mobile and always looking for Wi-Fi,” he said. “They don’t think about it, they don’t understand the workings of this massive mesh of cables working together.

“They only notice when it’s cut.”

Network down

In 2012, Hurricane Sandy slammed into the US East Coast, causing an estimated $71 billion in damage and knocking out several key exchanges where undersea cables linked North America and Europe.

“It was a major disruption,” Frank Rey, director of global network strategy for Microsoft’s Cloud Infrastructure and Operations division, said in a statement.

“The entire network between North America and Europe was isolated for a number of hours. For us, the storm brought to light a potential challenge in the consolidation of transatlantic cables that all landed in New York and New Jersey.”

For its newest cable, Marea, Microsoft chose to base its US operation further down the coast in Virginia, away from the cluster of cables to minimize disruption should another massive storm hit New York.

But most often when a cable goes down nature is not to blame. There are about 200 such failures each year and the vast majority are caused by humans.

“Two-thirds of cable failures are caused by accidental human activities, fishing nets and trawling and also ships’ anchors,” said Tim Stronge, vice-president of research at TeleGeography, a telecoms market research firm. “The next largest category is natural disaster, mother nature — sometimes earthquakes but also underwater landslides.”

A magnitude-7.0 earthquake off the southwest coast off Taiwan in 2006, along with aftershocks, cut eight submarine cables which caused internet outages and disruption in Taiwan, Hong Kong, China, Japan, Korea and the Philippines.

Stronge said the reason most people are not aware of these failures is because the whole industry is designed with it in mind. Companies that rely heavily on undersea cables spread their data across multiple routes, so that if one goes down, customers are not cut off.

How a cable gets laid

Laying a cable is a years-long process which costs millions of dollars, said Seacom’s Clatterbuck.

The process begins by looking at naval charts to plot the best route. Cables are safest in deep water where they can rest on a relatively flat seabed, and won’t rub against rocks or be at risk of other disturbances.

“The deeper the better,” Clatterbuck said. “When you can lay the cable down in deep water you rarely have any problems. It goes down on the bottom of the seabed and just stays there.”

Things become more difficult the closer you get to shore. A cable that is only a few centimeters thick on the bottom of the ocean must be armored from its environment as reaches the landing station that links it with the country’s internet backbone.

“Imagine a long garden hose, inside of which are very small tubes that house a very, very thin fiber pair,” Clatterbuck said. That hose is wrapped in copper, which conducts the direct current that powers the cable and its repeaters, sometimes up to 10,000 volts.

“The fibers are wrapped in urethane and wrapped in copper and wrapped again in urethane,” he said. “If we’re going to have to put that cable on a shoreline that is very shallow and has a lot of rocks, you’re now going to have to armor coat that cable so no one can hack through it.”

Cables in less hospitable areas can be far thicker than garden hoses, wrapped in extra plastic, kevlar armor plating, and stainless steel to ensure they can’t be broken.

Depending on the coast, cable companies might also have to build concrete trenches far out to sea, to tuck the cable in to protect it from being bashed against rocks.

“Before the cable-laying vessels go out they send out another specialized ship that maps the sea floor in the area when they want to go,” said TeleGeography’s Stronge. “They want to avoid areas where there’s a lot of undersea currents, certainly want to avoid volcanic areas, and avoid a lot of elevation change on the sea floor.”

Once the route is plotted and checked, and the shore connections are secure, huge cable laying ships begin passing out the equipment.

“Imagine spools of spools of garden hose along with a lot of these repeaters the size of an old travel trunk,” Clatterbuck said. “Sometimes it can take a month to load the cable onto a ship.”

The 6,600 kilometer (4,000 mile) Marea cable weighs over 4.6 million kilograms (10.2 million pounds), or the equivalent of 34 blue whales, according to Microsoft, which co-funded the project with Facebook.

It took more than two years to lay the entire thing.

Malicious cuts

The blackout came without warning. In February 2008, a whole swath of North Africa and the Persian Gulf suddenly went offline, or saw internet speeds slow to a painful crawl.

This disruption was eventually traced to damage to three undersea cables off the Egyptian coast. At least one — linking Dubai and Oman — was severed by an abandoned, 5,400 kilogram (6-ton) anchor, the cable’s owner said.

But the cause of the other damage was never explained, with suggestions it could have been the work of saboteurs. That raises the issue of another threat to undersea cables: deliberate human attacks.

In a 2017 paper for the right-wing think tank Policy Exchange, British lawmaker Rishi Sunak wrote that “security remains a challenge” for undersea cables.

“Funneled through exposed choke points (often with minimal protection) and their isolated deep-sea locations entirely public, the arteries upon which the Internet and our modern world depends have been left highly vulnerable,” he said. “The threat of these vulnerabilities being exploited is growing. A successful attack would deal a crippling blow to Britain’s security and prosperity.”

However, with more than 50 cables connected to the UK alone, Clatterbuck was skeptical about how useful a deliberate outage could be in a time of war, pointing to the level of coordination and resources required to cut multiple cables at once.

“If you wanted to sabotage the global internet or cut off a particular place you’d have to do it simultaneously on multiple cables,” he said. “You’d be focusing on the hardest aspect of disrupting a network.”

It would likely be easier to target onshore internet infrastructure with cyber and DDoS attacks, flooding the network and knocking key facilities offline. Though even then, Clatterbuck pointed out, military and other government organizations likely have satellite backups.

Submarine spying

Tapping underwater cables is not a new thing. During the Cold War, US submarines transported divers with specially designed equipment that they attached to Soviet cables in the Sea of Okhotsk to intercept all communications.

The secret surveillance lasted almost a decade, until information about the operation, codenamed Ivy Bells, was sold to the Soviets by a former National Security Agency communications specialist, Ronald Pelton.

Today, more than 99% of international communications are carried over fiber optic cables, most of them undersea, according to TeleGeography. While tapping undersea phone cables was no easy feat, surveilling modern fiber optic cables is even harder, but not impossible.

According to researchers with AT&T Labs, by carefully targeting parts of internet infrastructure, attackers could knock out parts of a network that they can’t surveil and force people onto cables they already control, potentially without the target even realizing that their communications are being exposed.

The easiest way of doing so is not by tapping the cable, but the point where it connects to land. This what UK and US spy agencies have been accused of doing in the past, allegedly with the cooperation of the private companies operating the cables.

In 2013, the Guardian reported — citing documents provided by National Security Agency (NSA) whistleblower Edward Snowden — that British spy agency GCHQ had “secretly gained access to the network of cables which carry the world’s phone calls and internet traffic.”

According to documents provided by Snowden, in 2012 GCHQ was handling 600 million “telephone events” every day and had compromised more than 200 fiber optic cables.

The NSA allegedly ran a similar operation called Upstream, which a presentation leaked by Snowden described as being able to access “communications on fiber cables and infrastructure as data flows past.”

GCHQ declined to comment for this article. In a statement, an NSA spokesman said the agency “can neither confirm nor deny mission related activities.”

“What we can say is that NSA conducts its foreign signals intelligence mission in a carefully controlled manner, in strict accordance with US laws and subject to multiple layers of oversight, focusing on important foreign intelligence and national security priorities,” the spokesman added. “In particular, privacy and civil liberties are integral concerns in the planning and execution of NSA’s mission.”

Attaching a probe or surveillance device to a cable somewhere along its length without disrupting the fiber optic traffic or alerting the cable’s owners would be far more difficult.

“You would need specialized equipment with a grapnel that can lower down to the cable and grab it and pull it up without damaging the rest of the cable,” Stronge said. Then the cable would have to be cut and reconnected in a way that doesn’t disrupt the light passing over the fiber optics. You’d also have to hope the operator didn’t notice that something was afoot while this process was underway.

“That’s difficult, it takes a lot of specialized equipment to do that,” he said, not to mention the “pretty good chance of electrocution” in dealing with a copper cable transmitting 10,000 volts.

Countries have been rumored to be attempting to spy on undersea cables. According to multiple reports, never confirmed by the US military, the USS Jimmy Carter submarine possesses advanced underwater cable tapping abilities, including a floodable chamber inside the sub so divers and technicians can have easy access to the cable.

And Washington isn’t the only power believed to be carrying out such activity. In 2015, US intelligence officials said underwater sensors had spotted Russian submarines near key communications cables, along with a spy ship believed to carry small underwater vehicles designed to sever or damage cables.

China is also ramping up the size of its submarine fleet, as part of a wider expansion of its military under President Xi Jinping.

In a 2016 report by the hawkish foreign policy think tank Center for Strategic and International Studies, the authors wrote that “is likely that Russian auxiliary vessels, including tele-operated or autonomous undersea craft, are equipped to be able to manipulate objects on the seafloor and may also carry sensitive communications intercept equipment in order to tap undersea cables or otherwise destroy or exploit seafloor infrastructure.”

They added that “this capability could enable collection of sensitive traffic carried on transatlantic cables and/or cyber attacks against secure computer systems, among other things.”

No Huawei

Of course, if you control the cable itself, you don’t need to worry about the difficulties of tapping it.

This was the concern when Chinese telecoms giant Huawei — which has faced intense pressure from Washington and its allies over surveillance fears — began moving into the undersea cable market.

In 2017, Australia blocked a planfor Huawei to install a 4,000 kilometer (2,485 mile) undersea cable linking Sydney with the Solomon Islands. Canberra stepped to provide most of the funding for theCoral Sea Cable System, which will also link Australia to Port Moresby in Papua New Guinea.

In June, Huawei said it would sell its 51% stake in Huawei Marine Systems, its undersea cable arm. Both companies have consistently denied accusations they pose any security threat, but that hasn’t helped assuage the firm’s fiercest critics.

James Stavridis, a retired US Navy admiral and former supreme allied commander of NATO, warned in April against “Beijing’s increasing influence in constructing and repairing the undersea cables that move virtually all the information on the internet.”

“There is no way to stop Huawei from building (undersea cables), or to keep private owners from contracting with Chinese firms on modernizing them, based purely on suspicions,” Stavridis said. “Rather, the US must use its cyber- and intelligence-gathering capability to gather hard evidence of back doors and other security risks.”

Clatterbuck, the Seacom CEO, was skeptical about how much use tapping an undersea cable would be, pointing to the huge amounts of data passing through it every second, creating a huge hayfield in which to look for needles.

“If you wanted to spy on people would you put a giant microphone over the US and spy on everyone?”

However, as the Snowden leaks demonstrated, governments are often happy to hoover up as much information as possible, whether they have a clear purpose or not, and artificial intelligence and other advances have made sifting through such datasets faster and faster.

China in particular, is building huge surveillance databases of its citizens, and has been linked to massive hack attacks against foreign companies and government bodies which resulted in terabytes of information being collected.

And if you’re looking for lots and lots of information, there are few better locations than the undersea cables which power the global internet itself.