Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars     Apps
AFCEA logo
 

Cybersecurity Demands Physical Security

February 2006
By Robert Fonow

Threats to networking extend beyond virtual vulnerabilities.

In the United States, both corporate and Defense Department telecommunications have developed along a path of increasing complexity to support global geopolitical or commercial requirements. The paradox is that while this complexity improves the ability to support worldwide operations, the underlying network is becoming more vulnerable.

Network warfare discussions are dominated by cybersecurity issues—the protection of information on the network. The more critical threats to the system are attacks on highly vulnerable physical points in the network that are almost completely unprotected. It is estimated that in a crisis as much as 90 percent of U.S. Defense Department and NATO telecommunications traffic passes over networks with unsecured and unprotected critical transit points.

The Internet and what is described as the global telecommunications network must be viewed primarily as organizing concepts—ways to think about and manage network complexity. In fact, no such unitary physical infrastructure as the global telecommunications network or global Internet exists. The Internet certainly has software applications such as America Online, eBay and Google that are global in scope, but these are carried on a web of private independent networks with no controlling authority. These private independent networks increasingly are nationally owned as the largest U.S. and other international telecommunications companies retreat to protect their home markets in an era of unregulated competition. These networks are interconnected at hub facilities where national networks meet their international partners. The facilities are mostly unprotected and vulnerable to easy attack or internal sabotage.

U.S. corporations and government and defense officials operate under the assumption that there is an international telecommunications network and that the United States somehow owns it. This is an inaccurate assumption based on an outdated premise of U.S. supremacy in international telecommunications. In fact, since the dot-com crash and the ensuing depression in the telecommunications industry in many Western countries, virtually all physical international telecommunications infrastructure assets that U.S. investors owned have been sold to European or Asian interests.

Strategically, this creates problems for both corporate and government planners, but it is especially serious for military planners at a time when network warfare is becoming a major component of national defense. Most of the optimistic scenarios of network warfare reside at the highest levels of software abstraction, often ignoring the fact that real-world applications rely on a fragile physical international infrastructure that is almost completely out of the control of U.S. authorities or any military authority anywhere.

Yet, at the same time that U.S. telecommunications operators are retreating from international markets, the U.S. Defense Department, in conjunction with its strategic allies in Europe and Asia, is developing an overarching network warfare capability that is based on an assumed highly secure global networking capability.

The Global Information Grid (GIG), a sophisticated and ambitious plan, attempts to integrate all operational communications, taking advantage of the ability within digital communication for converging voice, video and data. The GIG is described as a global network that can be used to control a global battlespace. While it is thought of as a secure private network, it is mainly privately purchased portions, or partitions, of the international telecommunications system that also are available to any company or person who can pay for access. Much of the GIG runs over shared public transport facilities, often foreign-owned in foreign locations, with security provided by software at the applications layer and virtually no protection of critical physical facilities at important hubs in the network.

Military organizations, corporations and financial institutions around the world seem to be oblivious to the threats to their global operations. Virtually all international financial information and transactions pass through these same unprotected facilities.

The points of vulnerability lie particularly in two areas. The most dangerous vulnerability is the aggregation of high-capacity bandwidth circuits into a small number of unprotected carrier hotels in which several hundred network operators interconnect their circuits in one nonsecure building. These buildings often feed directly into the international undersea cable system. Security is often farcical. This lack of protection exists in several carrier hotels on transit points along the axis of the international telecommunications system that includes Dubai, Zurich, Frankfurt, London, New York, San Francisco, Los Angeles, Tokyo, Hong Kong and Singapore. In addition to being the most important channel for military communications today, this also is the telecommunications axis of the international finance system.

Several experts in international telecommunications believe that if one or two of these facilities were even partly destroyed by attackers, a natural disaster or internal sabotage, cascading failures could immobilize much of the international telecommunications system and Internet for several weeks. The effect on international finance, military logistics, medicine, commerce and agriculture in a global economy would be profound. A degraded system of military logistics would leave troops in the field with less support. The international flow of oil and food supplies would be impeded. Chaos in the shipping and airline industries would result. The system that supports e-mail, Word and Excel file transfers would be gone. Electronic funds transfers, credit card transactions and international bank reconciliations would slow to a crawl. When apprised of this possibility, a senior official of The Economist in London suggested that such an event would cause a global depression.

The second area is the international submarine cable network. Historically, consortia of national telecommunications carriers owned submarine cable systems. These consortia consisted of the traditional landline or incumbent telecommunications companies with international responsibilities such as AT&T in the United States before deregulation, British Telecom and, in Japan, Kokusai Denwa Denshin. Groups of these international players, a carriers club as it has been described, provided the capital and operating funds for undersea cables well into the 1990s.

With deregulation and privatization, more players meant more variations in consortia membership and indeed led to competing consortia and more cable lays. In addition, in the early 1990s the model changed to include privately owned cable systems such as Fiber Link Around the Globe (FLAG), Private Trans-Atlantic Telephone and Global Crossing that all based their business plans on geometric growth of data communications traffic from the Internet.

The largest capacity undersea cables are owned by FLAG and Tyco. Both networks were recently purchased by Indian companies from American investors. As commercial enterprises, these networks are in the business of making money. In an era of extreme competition, it is in the economic interests of the owners of the newest and largest capacity cables, each exponentially larger than the last, to use their enormous bandwidth capacity to lower prices and force other suppliers out of the market. The effect is to force more traffic onto fewer cables, creating a more effective target for disruption.

Today’s technology permits more and more traffic to be carried by fewer and fewer carrier hotels, cable providers and network services suppliers. The cost of an international telecommunications voice and data call per minute is approaching zero. This is putting extreme profit margin pressure on international submarine cable and network operators. Some analysts argue that the total capital value of the undersea cable network is less than the annual costs of maintaining the system in a hostile underwater environment. The system is quite likely bankrupt.

The combined vulnerabilities of the undersea cable networks in conjunction with the nonsecure carrier hotels that feed into them makes apparent the magnitude of the threat from terrorist organizations, natural disasters or the potential for network-based or information warfare among more traditional combatants.

Many international telecommunications experts now believe that, in light of the attacks of September 11, 2001, the international telecommunications system must be restructured. The United States would be well served by establishing a commission of experts and network architects from both the commercial telecommunications industry and interested military organizations. By necessity this would have to include experts from outside the United States, and the barriers between classified and unclassified data may have to be loosened for a full understanding of the problem, especially to get full cooperation from both U.S. and international participants. Several former U.S. Air Force communications officers with broad knowledge of both the U.S. and international commercial and defense networks are outside the conversation due to security clearance issues. One option is to have this commission meet in a secure facility at the NationalDefenseUniversity at the Secret level, which should permit the participants to work effectively without jeopardizing the most secure information.

The commission would consider problems in five areas. Commission members would determine the depth and breadth of the physical network security problem. They also would discuss the demands for short- and long-term security and how critical buildings could be protected now, especially in major commercial centers. In addition, the commission members would need to determine how soon a team of international telecommunications experts, strategists and economists could redesign and redistribute the critical assets of the physical network architecture as well as how the network could be redistributed for effective national and international security. They would discuss which agency or agencies would manage the network redesign and reconstruction. Finally, the commission members would have to determine who would pay for it.

The last issue is key. The economics underlying the telecommunications industry is a major problem today. Governments, militaries, corporations and especially international financial institutions expect to use international telecommunications at virtually no cost. They employ sophisticated groups of experts to manage reduced prices of competing carriers to the point where the network services providers are barely able to provide service. This alone explains to a large degree the aggregation of the cheapest bandwidth into shared facilities at lowest cost and most vulnerable security. This must change. Customers of the system will have to pay a fair price to maintain the security of a distributed telecommunications system. The other option is a catastrophic attack on the international system.

 

Robert Fonow is the managing director of RGI Limited, a management consulting and strategy analysis firm in Oakhill, Virginia, that specializes in the international telecommunications, Internet and broadband communications industries.