Critical infrastructure security
With 98% of transcontinental communications transmitted over subsea cables, the damage caused by a stray anchor can be huge. Critical infrastructure protection is vital to commerce and our global wellbeing. Guy Matthews explores the measures we are taking to protect our networks.
Among the revelations made by the WikiLeaks website last year was a list of locations and facilities around the world regarded by the US government as vital to its national security. Included were factories, energy pipelines, transport hubs and, significantly, a large number of subsea cable landing points, satellite stations and other communications paraphernalia.
The idea that data networks might rank alongside airports and power grids as key to a nation’s ability to function is relatively new. A decade ago, telecoms infrastructure, even in developed nations, would have rated as important for the smooth running of commerce and integral to the wellbeing of citizens, but hardly something that presidential sleep might be lost over, or which might call for military intervention to be invoked. Ten years on and we might as well be on a different planet – where whole economies, and certain vertical sectors in particular, are an internet failure away from meltdown. If the world’s communications infrastructure is now this critical, its role in our very economic survival so central, surely nobody would take its protection for granted?
Hunter Newby, CEO of carrier-neutral network operator Allied Fiber, is concerned that an insouciant neglect pervades all our thinking on the protection of communications infrastructure. “I think people have a mental image of the world’s networks as a sort of celestial place where everything runs smoothly and seamlessly,” he says. “This is silly and borderline dangerous. There’s a physical reality to it, that’s full of single points of failure. It’s in everybody’s best interests to realise this, whether they are providing TV services, carrying out financial transactions or exchanging currencies.”
Partial protection, argues Newby, is no protection at all: “There isn’t really any element of this critical infrastructure that’s protected – not protected fully,” he says. “I can show you the end point of a network inside a secure building, and then take you a mile away to where the same network runs through a conduit by the highway where it could be damaged with ease. Least protected of all are subsea cables. On the seabed, so-called diverse cables are separated by thousands of miles, but once they get to a landing point they’re 18 inches apart.”
As a subset of the total network capital, submarine systems account for many of the higher profile disaster stories. Subsea assets seem worryingly prone to trauma, with both man-made and natural agencies impacting on services. This wouldn’t matter quite so much, says Rick Perry, VP for international networks planning and engineering with Cable & Wireless Worldwide, if they weren’t quite so vital in making society tick these days. “Submarine cables have always been important – but the growth in bandwidth and traffic makes them a lot more critical now than they were 10 or 15 years ago,” he says. “There’s greater potential impact from failure than there used to be.”
The only real answer to greater resilience is building more cables, argues Geoff Bennett, director of product marketing with equipment vendor Infinera: “More diversity, added to intelligent rerouting, is the key to resilience,” he says. “The biggest challenge is on routes where no new cables have been built in a while and where existing ones are reaching capacity. That’s because you can’t just fail over a nearly full cable’s traffic to another nearly full cable. That’s also why there are more and more consortiums doing cables, increasing the chances of moving traffic to a different cable owned by a consortium partner.”
Newby believes that full redundancy at every point of a network is the only true protection: “There’s only one way to deal with it – to build a physically redundant path with no more single points of failure, so you’re not just able to fall back from A to B, but also to C or D,” he says. “Many island nations especially are at risk of being totally cut off, which isn’t acceptable from my point of view.”
Drivers for change
A token of just how critical telecoms infrastructure has become is the intervention taken by an increasing number of governments in its protection (see box below). But the best driver for better infrastructure protection remains customer power rather than official mandate, believes Ian Douglas, managing director of telecoms for cable laying and maintenance specialist Global Marine Systems: “Prescriptive government measures do not necessarily make things better,” he says. “It’s a different matter if they want to put their hands in their pockets and help financially.”
Bennett of Infinera agrees: “Government intervention commonly has the effect of slowing down change,” he says. “Mind you, network operators do not have a great track record of self-regulation. They will sometimes get together to solve a problem, like the Internet Watch Foundation to tackle child porn, and just end up driving the problem somewhere else, while appearing to have been successful. A truly international agreement on protection is the only way.”
Private sector interests can only be driven to spend serious money on better infrastructure protection where there are heavy penalties for failure, he believes. “If a service is bought from a carrier and the SLA is broken, there can be horrendous consequences for that carrier, or the vendor that supplied them,” he says. “That said, there are examples of private sector interests going further than they are obliged to in order to solve a problem. The legal liability that BP faced during last year’s oil spill was actually capped very low. The US government wanted to uncap it, but BP put extra money in anyway to clear up the spill. That’s an example of going beyond an SLA, in order to save image.”
Sitting between governmental and private interests is the International Cable Protection Committee (ICPC), an independent non-profit body focussed on improved safeguarding for submarine networks. “Part of what we do is to encourage better relations between governments and cable owners,” says John Tibbles, chair of the ICPC’s media relations committee. A historic problem, he says, has been a degree of antipathy between the two sides.
“Until recently, most legislation concerning cables tended to treat them as an environmental hazard, and a problem for shipping,” he says. “This is changing now, and the governments of Australia and New Zealand are making damage to subsea cables a criminal act, creating protection zones for cables. This is a recent thing. Five years ago, only owners of cables and their customers saw their real value.”
He says the ICPC is also working with governments to improve response times to cable failures: “We’re encouraging governments to issue repair licences more quickly,” he says. “It used to take weeks, months even. We’re also trying to get governments to create a single point of contact when there’s a legal or regulatory issue we need to talk about, without going through layers of bureaucratic organisation. We’ve also improved relations between the cable industry and the fishing community through better communication, improving the once adversarial footing. We work with the International Maritime Organisation and a number of different port authorities to raise awareness for improving procedures for anchoring. If a supertanker drops its anchor on a cable, there’s only going to be one winner.”
Another part of the ICPC’s remit is correcting some of the misapprehensions that have grown up around the role of cables. Tibbles says: “Some people have been laboring under the impression that most essential international traffic was going over satellite, whereas actually around 98% of transcontinental communications go over subsea cables. It’s the nervous system of commerce.”
Tibbles says he is encouraged to see better cooperation between governments over cable protection – in some regions at least: “Singapore, Malaysia and Indonesia have recently collaborated over rules for shipping docking at Singapore,” he says. “In Africa, where there were no cables to speak of a few years ago, there’s awareness of their importance to growing economies. Our annual plenary session this year was in Mauritius, so we got people there who would probably not have come to New York or Hong Kong. This all helps to reinforce the importance of protection.”
Tibbles says it is only to be expected that the degree of protection afforded to infrastructure should differ from region to region: “Some countries have come a very long way, while others are still in the early stages of the process,” he says. “It can take a few years to get the right regulation in place, even in developed economies.”
Regions often face their own unique problems: “A particular issue for east Africa is piracy,” he says. “A submarine cable ship is not all that fast, and potentially vulnerable to piracy when approaching the site of a damaged cable at perhaps two or three knots.”
A company that knows all about African subsea capacity and its challenges is WIOCC, the main shareholder in the East Africa Cable System (EASSy) which launched in 2010. “Like any cable builder, we went through procedures first to make sure the impact on EASSy from a range of hazards would be minimal,” says Mike Last, director of business development and international marketing with WIOCC. “We checked for coral reefs and uneven seabeds, and made sure the cable was properly armoured. We used a collapsed ring configuration, with branches coming off the cable to landing stations. One break therefore is not too critical. About 90% of breaks are fairly easy to fix anyway. We’ve got a contract with Global Marine Systems for that.”
Last anticipates that once there are multiple cables ringing continent, it will be a formality to route traffic up both coasts, for added resilience: “This will be especially helpful for South Africa, the continent’s biggest economy,” he says. “Restoration agreements between cables are not as formalised in Africa as most of the rest of the world – perhaps because competition is new and fresh here. I’d expect agreements to become more established over the next two years. We’ll see governments, carriers and ISPs buying capacity not on one cable but several, as they go live. Bottlenecks inland will be gone too.”
So much has already changed, he points out: “A couple of years ago, sub-Saharan Africa was pretty much 100% dependent on satellite for traffic out of the continent, at the mercy therefore of factors like weather. Capacity was therefore used in a different way to the rest of the world. When I first started work in Africa a few years ago, I sent a 10Mb Powerpoint presentation and froze the company’s email system for three hours. The whole company was out of action, pretty much, and that was just an email.”
The danger, he argues, is moving too fast when new capacity arrives: “Seacom was the first east African cable, and once that was available you got a massive amount of interest from a whole lot of ISPs,” he recalls. “Many gave up their satellite capacity altogether, and when Seacom went down last year, it was a catastrophe. New systems create dependence. There was a big fuss about the impact on businesses and consumers on account of not enough diversity. Nobody notices when one Atlantic cable goes off line.”
He says WIOCC is making corresponding investments in terrestrial networks in east Africa to match the wet ones: “Single strand networks are giving way to two or three different connections between major locations,” he says. “Legislation to protect all these networks is now needed, like in developed markets. At sea, we need to be talking about maritime restrictions, or even gunboats in reserve. We’ve seen this in Australia where the government sees critical infrastructure as something that needs protecting. Lots of countries either have no legislation, or don’t have the ability to enforce any legislation that might be in place.”
If battling with Somali pirates and contending with troublesome trawlers is the high profile end of system protection, there’s a less glamorous but equally essential set of backroom processes and solutions that also exist to help service providers sleep easy in their beds.
Duncan Stephens, product manager with performance monitoring solution vendor Clarity, says that the first step of any protection strategy lies in the planning and design of a system “There are also more subtle things too, like establishing maintenance processes once the cable is launched,” he says. “Everyone is very excited and focussed when it’s new, but it’s three, four, five years later when you need to make sure you’re keeping up with performance management, monitoring, checking alarms. That’s what we provide.”
Some operators, he says, will tend to overinvest to ensure that everything is as protected as possible: “Some are more budget-conscious and ‘just in time’ oriented,” he claims. “This requires a greater maturity of system checking.”
On the terrestrial network front, it’s fixed-line operators who face the lion’s share of scrutiny over resilience, he says: “Increasingly, it’s mobile network operators too,” he believes. “They don’t face the stringent SLAs of some fixed networks, and the need for back-to-back SLAs with vendors and IT partners. But mobile networks are more mission critical than they used to be, thanks to the smartphone’s role in business these days.”
Stephens predicts that, whatever the unattractive cost implications for operators of networks on land or sea, cellular or fibre-based, protection levels will not only need to improve but to spread beyond the big name multi-terabit backbones and metro networks serving major cities: “We’ll see rising democratic demand that rural areas be given the same access to services, and protection of them, as we see today in urban areas. In both developed economies and emerging ones, we can all expect the issue of protection to become more and more important.”
Protection around the world
The USA Patriot Act of 2001 defines critical infrastructure as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.” Since 2004, this definition has embraced IT and communications assets as one of 14 different classes of vital infrastructure.
The US is by no means the only country to formalise policy for dealing with threats to critical infrastructure. Singapore, Australia and New Zealand have all enacted similar legislation. In 2005, the Australian government formed the Research Network for a Secure Australia (RNSA) out of private sector interests and university research departments. The RNSA’s function is to carry out “research and surveillance” with the objective of thwarting terrorists and cyberterrorists.
Canada too has been reviewing protection policies for a range of infrastructure types since a camera crew infiltrated a major hydro-electric power plant, gaining access to its main control panel unchallenged.
The dream of the global grid
There has of course been a great deal of submarine cable construction over the last three or four years, so are we at least some way down the road to a mutually supportive, self-healing global grid?
There’s still a long way to go, contends Stephen Alexander, chief technology officer with equipment vendor and cable upgrade provider Ciena: “Lots of the world is not meshed in an effective way yet,” he explains. “The Atlantic is in good shape, but Taiwan wasn’t, as the world found after the earthquakes of a couple of years ago. It is meshed now.”
“People talk about a global mesh, but in reality we’re still dealing with the protection of a lot of single links,” agrees Ian Douglas, managing director of Global Marine Systems. “Global mesh is a nice theory, but you can’t ignore the need to repair a cable when it’s broken. Repair and maintenance strategies are therefore still vital.”
The only safe assumption, says Douglas, is that any given cable will at some point sustain damage: “About 90% of failures are from aggression of some sort, usually accidental, with the minority down to technical failures, such as repeaters breaking,” he says. “Of course you can put cables where they’re less likely to be hit, as well as armour them and bury them.”
Commercial realpolitik, says Douglas, will always be a determinant of how resistant a cable is to physical damage or technical glitches. “A cable’s customers are under financial constraints, and aren’t likely to pay more if you go to them wanting money for a better protected cable,” he says. “I could build you a cable that would never break – but it wouldn’t be a very commercial one.”
At least, says Douglas, more attention is paid these days to exactly where and how a cable is put down: “Burial of at least three metres, once the cable is on the continental shelf, is the required minimum now,” he says. “We’ve just done a two to three metre burial on a cable in Indonesia and Malaysia, which would not have been the norm even three years ago. All newly built cable laying ships have a three-metre plough now, whereas older ones will have a one to 1.5-metre plough. The object is to avoid remedial work, where someone realises they didn’t lay the cable right the first time.”
Providing a cable with superior protection is no guarantee of successful differentiation on the high seas of the capacity market, he claims: “It’s hard, unless you have rival cables that have significant failure histories,” he says. “After the Taiwan earthquake, the cables that hadn’t been damaged suddenly had a commercial edge. Diverse landing stations, as you now have on the Atlantic, can also be a commercial advantage.”