Cybersecurity Demands Physical Security
Threats to networking extend beyond virtual vulnerabilities.
Network warfare discussions are dominated by cybersecurity issues—the protection of information on the network. The more critical threats to the system are attacks on highly vulnerable physical points in the network that are almost completely unprotected. It is estimated that in a crisis as much as 90 percent of U.S. Defense Department and NATO telecommunications traffic passes over networks with unsecured and unprotected critical transit points.
The Internet and what is described as the global telecommunications network must be viewed primarily as organizing concepts—ways to think about and manage network complexity. In fact, no such unitary physical infrastructure as the global telecommunications network or global Internet exists. The Internet certainly has software applications such as America Online, eBay and Google that are global in scope, but these are carried on a web of private independent networks with no controlling authority. These private independent networks increasingly are nationally owned as the largest
Strategically, this creates problems for both corporate and government planners, but it is especially serious for military planners at a time when network warfare is becoming a major component of national defense. Most of the optimistic scenarios of network warfare reside at the highest levels of software abstraction, often ignoring the fact that real-world applications rely on a fragile physical international infrastructure that is almost completely out of the control of
Yet, at the same time that
The Global Information Grid (GIG), a sophisticated and ambitious plan, attempts to integrate all operational communications, taking advantage of the ability within digital communication for converging voice, video and data. The GIG is described as a global network that can be used to control a global battlespace. While it is thought of as a secure private network, it is mainly privately purchased portions, or partitions, of the international telecommunications system that also are available to any company or person who can pay for access. Much of the GIG runs over shared public transport facilities, often foreign-owned in foreign locations, with security provided by software at the applications layer and virtually no protection of critical physical facilities at important hubs in the network.
Military organizations, corporations and financial institutions around the world seem to be oblivious to the threats to their global operations. Virtually all international financial information and transactions pass through these same unprotected facilities.
The points of vulnerability lie particularly in two areas. The most dangerous vulnerability is the aggregation of high-capacity bandwidth circuits into a small number of unprotected carrier hotels in which several hundred network operators interconnect their circuits in one nonsecure building. These buildings often feed directly into the international undersea cable system. Security is often farcical. This lack of protection exists in several carrier hotels on transit points along the axis of the international telecommunications system that includes
Several experts in international telecommunications believe that if one or two of these facilities were even partly destroyed by attackers, a natural disaster or internal sabotage, cascading failures could immobilize much of the international telecommunications system and Internet for several weeks. The effect on international finance, military logistics, medicine, commerce and agriculture in a global economy would be profound. A degraded system of military logistics would leave troops in the field with less support. The international flow of oil and food supplies would be impeded. Chaos in the shipping and airline industries would result. The system that supports e-mail, Word and Excel file transfers would be gone. Electronic funds transfers, credit card transactions and international bank reconciliations would slow to a crawl. When apprised of this possibility, a senior official of The Economist in
The second area is the international submarine cable network. Historically, consortia of national telecommunications carriers owned submarine cable systems. These consortia consisted of the traditional landline or incumbent telecommunications companies with international responsibilities such as AT&T in the
With deregulation and privatization, more players meant more variations in consortia membership and indeed led to competing consortia and more cable lays. In addition, in the early 1990s the model changed to include privately owned cable systems such as Fiber Link Around the Globe (FLAG), Private Trans-Atlantic Telephone and Global Crossing that all based their business plans on geometric growth of data communications traffic from the Internet.
The largest capacity undersea cables are owned by FLAG and Tyco. Both networks were recently purchased by Indian companies from American investors. As commercial enterprises, these networks are in the business of making money. In an era of extreme competition, it is in the economic interests of the owners of the newest and largest capacity cables, each exponentially larger than the last, to use their enormous bandwidth capacity to lower prices and force other suppliers out of the market. The effect is to force more traffic onto fewer cables, creating a more effective target for disruption.
Today’s technology permits more and more traffic to be carried by fewer and fewer carrier hotels, cable providers and network services suppliers. The cost of an international telecommunications voice and data call per minute is approaching zero. This is putting extreme profit margin pressure on international submarine cable and network operators. Some analysts argue that the total capital value of the undersea cable network is less than the annual costs of maintaining the system in a hostile underwater environment. The system is quite likely bankrupt.
The combined vulnerabilities of the undersea cable networks in conjunction with the nonsecure carrier hotels that feed into them makes apparent the magnitude of the threat from terrorist organizations, natural disasters or the potential for network-based or information warfare among more traditional combatants.
Many international telecommunications experts now believe that, in light of the attacks of September 11, 2001, the international telecommunications system must be restructured. The
The commission would consider problems in five areas. Commission members would determine the depth and breadth of the physical network security problem. They also would discuss the demands for short- and long-term security and how critical buildings could be protected now, especially in major commercial centers. In addition, the commission members would need to determine how soon a team of international telecommunications experts, strategists and economists could redesign and redistribute the critical assets of the physical network architecture as well as how the network could be redistributed for effective national and international security. They would discuss which agency or agencies would manage the network redesign and reconstruction. Finally, the commission members would have to determine who would pay for it.
The last issue is key. The economics underlying the telecommunications industry is a major problem today. Governments, militaries, corporations and especially international financial institutions expect to use international telecommunications at virtually no cost. They employ sophisticated groups of experts to manage reduced prices of competing carriers to the point where the network services providers are barely able to provide service. This alone explains to a large degree the aggregation of the cheapest bandwidth into shared facilities at lowest cost and most vulnerable security. This must change. Customers of the system will have to pay a fair price to maintain the security of a distributed telecommunications system. The other option is a catastrophic attack on the international system.
Robert Fonow is the managing director of RGI Limited, a management consulting and strategy analysis firm in