recommended reading

How Do You Protect Undersea Internet Cables, Anyway?

Katherine Worzalla/

If you've been following the events in Syria over the past few days, you know the country’s Internet is now back from the dead after a 19-hour outage that the government blamed on “terrorist” sabotage—an explanation bought by approximately zero people.

But just because destroying the cables would be logistically and technically difficult for a terrorist or individual—not to mention suicidal; the voltage running through them would be enough to kill someone trying to cut through—doesn’t make it unthinkable. In March, Egyptian authorities accused three men in a fishing boat of trying to sever a submarine cable connecting Alexandria to the Web. The evidence was thin and experts are as cynical about that incident as the latest service disruption in Syria. But both episodes draw attention to how exposed the world’s Internet infrastructure really is.

Let’s begin with how the cables are physically stabilized. They’re not. The cables tend to rest unsecured on the ocean floor. Landslides, ship anchors—all are capable of moving or dragging the cables out of their normal position. Pull too hard, and they break. In 2006, an underwater landslide between Taiwan and the Philippines disrupted 19 out of 20 Internet cables in the area, causing service in much of Asia to go dark. Even though software could tell the repair crews exactly which part of the cables had malfunctioned, locating the actual point of the break took more time because the event had moved the cables and buried them.

There are other vulnerabilities, too. When the cables make landfall, they generally terminate at a control station that brings together more than one submarine cable. Disable the control station, and you might be able to cause some level of disruption downstream.These facilities are only lightly guarded, according to David Belson, who authors an annual "State of the Internet" report for Akamai, the Web-traffic routing company.

“They don’t have sharks with lasers on their heads, or armed guards, or anything like that,” Belson told me. “In many cases, the cables will just come ashore in some nondescript shack.”

The United States is home to at least a couple dozen such stations. Responsibility for defending them—and the underwater cables themselves—falls to the host country, or the consortium of companies that initially laid the fiber down. But there isn’t much patrolling that takes place, said Jason Healey, director of the Atlantic Council’s Cyber Statecraft Initiative. That’s because the assumption is most well-meaning people will try and avoid the cables.

Maritime cables are “extremely” well marked on maps, said Healey. That helps trawlers and tankers steer clear, but it could also aid a malicious actor under other circumstances.

Healey has worked with the White House on a number of cyber war-game exercises. In one scenario, fictitious Iranians disrupted the Internet by convincing a handful of ship captains to drag their anchors across the ocean floor off of Djibouti, France, Great Britain and Egypt.

Only in British waters would an attempt like that be reliably caught, said Healey.

“The British patrol heavily outside Bude,” he told me, referring to the cable landing station located in Cornwall. “If you’re in the area, they are going to be paying a lot of interest to you, and if you cut the cables they would be all over you very quickly, probably within minutes.”

Areas that are less well-developed—Djibouti, say—would almost certainly lack the capacity to defend the cables the same way. Luckily, nobody’s launched a “Die Hard”-style plot to unplug everything—yet. For now, all we have to worry about are environmental hazards. And “terrorists.”

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.