Submerged security: How safe is our underwater data?

The global cable network is gigantic. There are an estimated 406 undersea cables globally, spanning 1.2mn kilometres and carrying telecommunication signals and data worldwide.

Most of them are owned by private telecom companies such as Google and Microsoft and their locations are easy to find on public maps. Despite their growing importance as global industries become ever more reliant on the transfer of data, according to the experts, little is being done to guard and protect these deep-sea cables.

China

Indeed, a recent Reuters investigation revealed APAC nations have been warned by US government officials, not to award contracts to Chinese companies because of data leak possibilities. 

The Asian superstate has been accused of encouraging private investment in APAC submerged cables so that it can create monopolise and spy on-network data from other countries, reports suggest. 

A contract called the East Micronesia Cable Project (funded to the tune of $72.6mn by the World Bank and the Asian Development Bank) could even be disbanded as a result of the accusation. This follows claims that Huawei Marine (the Chinese telco's deep-sea cable division) deliberately undercut competitor bids by more than 20% to secure the contracts. Other bidders included Japan's NEC, Finland's Nokia, and French-headquartered Alcatel Submarine Networks (ASN). 

Sources suggest the contracts are connected to an initiative called the Kiribati Connectivity Project (KCP), which was created to enhance communications to the islands of Nauru, Federated States of Micronesia (FSM) Kiribati.

The cables connect to the HNATRU-1 network. Critically, this serves Guam — a US Pacific territory strategically located close to China, North Korea, and the rest of East Asia. Guam is also the headquarters of the 7th Fleet's Navy Expeditionary Forces Command Pacific.

However, Chinese officials told Reuters the espionage claims are nothing more than a smear campaign led by the US against the nation’s businesses. The incident follows on from reports last year, that Google and Facebook rescinded their plans to connect Hong Kong and LA via an 8,000-mile-long cable to enhance capacity and internet speeds.

The decision to withdraw in July 2020, happened after a US Department of Justice committee formally recommended that the Hong Kong part of the network be cancelled on the grounds of national security. This is the first time a cable has been axed for such reasons and indicates the increasing tension between China and the US.

Vulnerable

Cable damage should not be underestimated. If a cable is compromised or broken, lines can slow or stop connections. Many countries and millions of users, including those that hold sensitive and critical information, could be affected. 

Cables, which have a minimum shelf life of 25 years, are typically situated on the seafloor, and when closer to shore are buried under the seabed for protection. Despite this, there have been numerous examples of them being damaged by fishing boat anchors – and even, on one occasion, 'salvaged' by a Vietnamese fishing boat crew, who stripped down the cable and sold it as scrap. 

However, deliberate sabotage and compromise of data is the greatest danger, as the 2019 StableSeas whitepaper reports that, “Cyberattacks are increasingly identified as the leading threat to the integrity of undersea fibreoptic cable networks. Compromise can manifest as illegal data acquisition for purposes of espionage or criminality, or through disruption or sabotage.”

The report continues, “Given the need for full disclosure to prevent accidental damage by commercial vessels, locations of cables and landing sites are clearly demarcated on maritime maps, making site identification easy. Vulnerabilities for intrusion are particularly high at cable landing sites, due in part to significant variability in the level of physical security at landing sites across countries and cable operators.”

It concludes, “Concerningly, the integrity of this vital global communication super-highway is significantly at risk from accidental and malicious compromise. Current approaches to ensure the integrity of this infrastructure are inadequate.”

Speaking to Alison Diana at The Edge, consultant and systems engineer, Tim Cash, lays the vulnerabilities bare. He says cybersecurity is “non-existent" even though a breach would be disastrous. "Despite multiple nascent articles by the community to point out how easy it would be to take down the international submarine and terrestrial communications – which have been going on since the days of World War I. 

He continues, “The [communications] technology today is far better, thus we are at far greater risk of any specific government being targeted and toppled from power through the use of subterfuge, mitigation, or counter-engineering.”

However, to some extent, location is everything, as the depths at which cables are laid, make them difficult to access and therefore compromise. Brian Chee, a retired IT specialist at the University of Hawaii on Oahu, points out, “Tapping an undersea cable at depth is risky, dangerous, and very, very difficult. It's probably not going to happen. When they start becoming vulnerable is in the shallow depths – 300 feet or shallower – because then you can start getting to the point where humans can start going in and out of, say, a submersible and bring cameras in.”

Chinese and Russian threats

According to a recent report by Defense News, cables can be prepped for information leaches during the manufacturing process too. Backdoors are installed to collect information while vulnerabilities are added at onshore landing stations where cables hook up to terrestrial networks.

Though cables can be tapped at sea, as Chee points out, it is a difficult process. However, nothing is impossible and Russian submarine activity near undersea cables is well-documented. According to reports, a Russian spy ship called The Yantar also carries mini submersibles that can sever or tap cables. The reported activity is clustered around critical, yet inaccessible cables because these are difficult to repair.

Chinese officials see the securing of undersea infrastructure as part of a broader strategic competition for data. One official Chinese Communist Party outlet recently explained that “although undersea cable laying is a business, it is also a battlefield where information can be obtained.”

Huawei Marine, for example, is a key player in the undersea cable industry. American officials have expressed concern because the company has built or repaired almost 25% of the world's submarine cables.

The StableSeas report concludes that reducing malicious breaches can be done by following the recommended protocols. It advises companies to, “Improve the monitoring of data transmission to detect possible interference, improve the physical security of cable landing sites and monitoring of cables in territorial waters. Additionally, there is a need to expand the mandate of regional and international cable protection associations to include aspects of malicious compromise.”