Burgeoning Fiber Infrastructure Holds the Line Against Adversaries
But it does have an Achilles’ heel or two that could pose a threat to its integrity.
Fiber is booming as telecommunications customers seek more services both in the cloud and at the network’s edge. The most important part of society’s information infrastructure, it is relatively secure in the face of attempts to wreak devastating harm to the nation, experts say. But that security is not absolute, and potential vulnerabilities could open up optical fiber to damaging attacks. Damage to this infrastructure, which serves as the backbone of the Internet and all the e-commerce that travels over it, could bring about an unprecedented economic upheaval.
But that scenario need not happen and does not necessarily loom in the immediate future. Henry Sienkiewicz, faculty member at Georgetown University who works at an encryption company, offers that the fiber infrastructure is “reasonably secure.” Hackers, for example, would require substantial skill and sophisticated specialized equipment—mostly illegal—to break into large-scale fiber links. Once in the fiber infrastructure, a hacker also would need to know how to work effectively. Furthermore, existing techniques for monitoring and protecting fiber infrastructure can prevent or mitigate these types of efforts, Sienkiewicz offers.
The fiber infrastructure has grown from its beginnings as dedicated long-haul telecommunications links to local signal delivery media that reach into individual homes and offices. With most of the fiber under commercial control, Sienkiewicz allows that companies must be cautious about monitoring and managing the security of that infrastructure. Issues such as signal loss, acoustic conditions, tension, temperatures and pressurization can plague fiber lines.
The telecommunications firms that own the bulk of large-scale fiber networks have improved their safeguarding efforts over the years, he offers. “It’s always chasing the next threat or understanding what the risk profile is in trying to make sure you mitigate it,” he says.
Chris Betz, chief security officer for CenturyLink, says that he worries about whether fiber infrastructure providers are ensuring confidentiality, integrity and availability of data are defended. Of those, availability tends to be the most oft-cited concern. Providers take steps to protect their facilities, where access is easier, but ultimately they rely on redundancy and resiliency, he says. The company works closely with its most crucial customers, such as the government, to ensure that the network’s capabilities meet those two conditions.
He adds that the federal government, which his company serves, also provides unique opportunities to design, build and maintain innovative fiber optic solutions. These feature unique survivability requirements to protect against a variety of disasters, both natural and human-made, across local area and national infrastructures. “The government is thinking about critical infrastructure and making sure that we have a fiber platform that’s built to be survivable and hyper-resilient,” Betz declares, adding that these solutions also can be applied to the commercial sector.
Both Betz and Dave Young, senior vice president of the Public Sector group at CenturyLink, emphasize the physical aspect of optical fiber security. Young notes that the interconnected nature of fiber networks requires operators to understand the relationships that constitute the network. This includes knowing where every asset is. “You have to know what it is and where it is before you can build a security plan around it,” he warrants.
Betz observes that security used to be considered an add-on feature to fiber networks. Now, security is part of fiber services when they are delivered. “One of the silent trends that has happened over the past several years is a move from security as an add-on concept to security as being a key part of everything we deliver,” he declares.
Young stresses the importance of knowing how fiber circuitry is going to be used and whether it is protected under the parameters of information security or just done in the public domain. Everyone can access information on who is building the infrastructure through public procurement documents, he notes. Betz adds that the industry limits the distribution of network route maps, preferring that people cannot target cables for disruption.
Betz allows that the hidden nature of the fiber infrastructure is one of its biggest threats. Because of its redundancy, this is not a direct threat to continuity of service, however. Accidental disruption requires effective monitoring and response to ensure continuity, he says. “While in one sense it is super frustrating, and frankly expensive, the flip side is that it helps us practice and prepare for times when that could be done maliciously rather than accidentally,” he states.
Anywhere a fiber cable can be found, it can be tampered with or outright vandalized, depending on the perpetrator’s intent, Sienkiewicz points out. He notes that some of the monitoring tools that are coming out now can spot signal loss from breakage arising from a tap. Interest seems to be rising, he suggests, among both saboteurs and malicious hobbyists who like to tinker.
Sienkiewicz offers that a monitoring device must be placed inside the network itself. Existing sensors laid across the fiber backbone can check for signal loss, acoustic degradation, cable tension and vibrational qualities. This type of centralized monitoring can obviate much of the challenge, he says. Also, data streams should be encrypted.
Betz reports that fiber support facilities that are visible to the public are guarded heavily with cameras, physical security and interoperation with local law enforcement. For cybersecurity, multiple layers of protection must be passed before access is allowed.
Yet much of the fiber infrastructure crosses oceans, which brings up different types of challenges. When fiber backbone comes ashore, the sovereignty of the infrastructure on the seabed comes into question. Sienkiewicz notes that no precedent has yet been established to determine who has access to the fiber when it is in territorial waters, and whether any government can exercise data sovereignty over the network in its waters.
“The threats come in two ways,” Sienkiewicz says. “One would be the ability to tap the fiber backbone on the seabed itself, and a bad actor of some sort—either nation-state or a talented non-nation-state—can tap into that infrastructure.” That would be the intrusive threat; the other threat is the exercise of sovereignty. “The question becomes, does that country through which the cable is traversing have the right to do a break-and-inspect and check that data?”
He cites the South China Sea as a prime example of this situation. Data connections there link New York, London and Singapore as major financial hubs, and the fiber servicing those centers passes through what China is claiming is its sovereign territorial waters. Unencrypted data would be an open book to anyone tapping into these fiber cables, he notes. The legality of that approach remains to be determined.
Natural disasters can wreak havoc on the fiber infrastructure. The 2011 Tohoku earthquake that unleashed a tsunami leading to the destruction of Japan’s Fukushima Daiichi nuclear power plant also disrupted a heavily used fiber cable. Network providers had to work around its absence by prioritizing traffic and moving it to other cables, Young relates, adding that this approach also applies to military traffic.
Whether an undersea cable is cut accidentally or deliberately, repairing it offers its own set of challenges. Land-based fiber often is vulnerable to accidental damage from excavations. Many elements of fiber backbone can be found affixed to the underside of bridges spanning rivers, where they can be seen and potentially sabotaged. The key to damaging major elements of the fiber backbone would be to identify which fiber clusters are vital, Sienkiewicz says.
But the real hidden threat to the fiber infrastructure may lie in its support technologies, Sienkiewicz suggests. The networking equipment that enables the fiber backbone to function could be the means of bringing it down. Hazards range from hackers to the entire supply chain of the networking environment, both wireless and hard-wired.
If the supply chain is compromised, then its hardware could be the source of intrusions into the fiber infrastructure. “If you have someone who has made a malware [advanced persistent attack] intrusion into the device itself, the question is are they able to go there and potentially take those devices offline?” Sienkiewicz asks. “Then that becomes the interesting game of chess that we’re playing here—or, rather, the virtual game of Go, because chess is not nearly complex enough to describe the problem.”
A nation-state that has the patience and financial wherewithal—and potentially controls the production of some of these support technologies—could wreak havoc, he continues. Securely managing the supply chain is extremely difficult, given that most of the commercial equipment is produced overseas. Even the security of domestically built equipment relies on having a trusted workforce that will not inject malware or Trojan horse chips into the environment, intentionally or unintentionally, he says.
Betz offers that the strongest area of worry is the supply chain that feeds the supplier that equips the fiber network company. A network provider can be good about using fiber equipment and keeping it running, but the firmware that is installed on the chips could be suspect. That is an area where the network operator must partner closely with its suppliers to ensure they have done the necessary due diligence on a consistent basis. “I want to make sure that my vendors are paying attention to their supply chains—that we’re able to work all the way back to the sources of the components and manage risk consistently across our whole supply chain,” he says. He notes that equipment that doesn’t process or understand data is less of a concern than gear that makes decisions based on the data traveling across it.
Betz observes that the fiber infrastructure is growing rapidly, particularly as new communications and networking capabilities come online. The diverse global fiber infrastructure will underpin all of these advances, which include the cloud. “The investments required over the next years to build resiliency and redundancy, as well as the capability, means that we are constantly investing in new fiber backbone,” he says.
The state of that infrastructure is changing, Betz adds. “The amount of rich data that’s going to happen in the local area—never mind the big backbone—means that we’re thinking about both edge computing and an edge-focused strategy,” he says. Local communications would be “hyperfast” and the network would be much broader.
Young states that his company has spent tens of millions of dollars of its own capital to extend the fiber infrastructure into U.S. government facilities. It also is applying corporate resources to build a global footprint that can be extended into the customer’s facilities. Its approach to fiber is to think globally and act locally, as the adage goes.
“The growing fiber infrastructure—locally, nationally and globally—to have low latency and high resilience, is incredible,” Betz says. “It’s actually a really exciting time to be part of communications.”
Sienkiewicz offers that the future of cyber likely will feature incremental upgrades. “The ability to cram more bits and bytes down that fiber backbone really is coming,” he predicts.
Betz adds that the volume of traffic over fiber continues to increase. The newest fiber was designed to work with capacities introduced by future technologies. The explosion of wireless systems and capabilities ultimately depends on fiber for network access, he notes. Many users want more compute resources closer to the edge. And many of the new applications rely on low latency, which again leads to fiber.
Planners must expect fiber to carry significantly more traffic than currently. This will occur at both the backbone and local levels. More content will move locally toward the edge of the network, and customers will expect speed and latency. “The relationships between the edge of the network and the core network will continue to evolve, with content moving out,” Betz predicts.
Young says that fiber advances are likely to be defined by the balance between next-generation fiber, which has glass that is higher in purity, and the optronic side featuring better lasers. Going with new types of fiber could be more expensive, depending on network conditions.