Picture of Robert Gezelter, CDP
RSS Feed Icon RSS Feed Icon
Follow us on Twitter

Worldwide Broadband Vulnerabilities are a Significant Hazard

We live in an interconnected world. We think nothing when we open our mobile phone to order something from an online store or to video chat with someone anywhere in the world. Distance matters little. Many people and businesses use online merchants with overnight delivery in place of local stock. Meeting and shopping online became second nature during the COVID-19 pandemic. Business organizations have followed suit. Business applications are now accessed in the cloud, with users located almost anywhere on Earth.

Painless communication is pure technology and neutral. It eases access to information, whether a grandchild's first steps or a wanted recipe as much as it provides access to false information, propaganda, and other undesirable activity.

Organizations, including governments, also use the global communications infrastructure. Information, both factual and opinion, are readily available worldwide via this infrastructure. Newspapers and broadcasts present single points of control; the decentralized web is notoriously far more difficult to control.

Recently, the Nord Stream 1 and 2 natural gas pipelines beneath the Baltic Sea sustained multiple, near simultaneous breaches. The other day, John Naughton, professor of the public understanding of technology at the Open University and the author of From Gutenberg to Zuckerberg: What You Really Need to Know About the Internet in an OpEd published by The Guardian asked an important question: What would happen if someone were to deliberately sever elements of the worldwide communications infrastructure?

Individual choices are reflected by organizations. Seamless high-speed connectivity is the basis of the systems used by business organizations. A simple, everyday toothpaste purchase at your local pharmacy or grocery may:

To be sure, not every toothpaste purchase triggers every event, but one can never know how many actions will be triggered by a simple purchase.

Today, myriad automated resource planning systems do much of this work unseen behind the scenes, propagating the necessary requests down the levels of the supply chain. Some connections directly use the global Internet using HTTP/TLS and similar protocols; others communicate through Virtual Private Networks (VPNs); and increasingly rarer connections go over dedicated private links. All communications eventually traverse the worldwide communications network, today composed of transcontinental and intercontinental fiber optic cables.

All of this widely available rapid communications infrastructure has been realized in the last few decades. International electronic mail was a glimmer as recently as the 1990s.

Access to communications is not a new concern. On August 5, 1914, shortly after the outbreak of World War I, the Royal Navy executed a 1912 contingency plan to sever Germany's telegraph cables to the outside world in the event of hostilities. Imperial Germany was forced to use third-party telegraph cables and radio for external communications.[1] The British Admiralty was thus able to intercept and eventually decode diplomatic messages to and from Imperial Germany, altering the course of the war on many occasions; the Zimmermann telegram episode involving a telegram from German Foreign Minister Zimmermann soliciting Mexico to enter the war and reclaim land ceded to the United States in the Mexican American war of the 1840s is but one example.

The present media environment makes denial potentially self-defeating. Impairing communications impairs all sides. However, as many have commented, initiating hostilities is not necessarily a rational actor.

One party or another may perceive that disruption may impair one side more than another, resulting in what may appear to be irrational actions.

Whether by Act of God, error, or nation state belligerence, cable failures occur. Are we prepared for the possible downstream consequences of such episodes?

One wonders whether the information technology community has adequately prepared for such situations. Many business systems presume ubiquitous broadband connectivity. Clearly, international transactions would be impeded by transoceanic cable faults; however, the interconnected world offers no guarantees that problems with long-distance communications would be limited to international transactions. Domestic networks could be impacted as well.

Today, purchasing anything with a credit/debit card today requires an authorization, regardless of scale. Thirty years ago, small purchases could be processed without an authorization. As Leslie Lamport wrote decades ago,

A distributed system is one in which the failure of a computer you didn't even know existed can render your own computer unusable.[2]

The clear network corollary to Lamport's comment about distributed systems is that the impairment of a communications link you didn't know existed can render your systems inoperable.

We have seen limited-scale instances of infrastructure denial. In 2020, MV Ever Given, a 200,000 ton container ship, ran aground in the Suez Canal. Traffic was blocked traffic for nearly a week. This incident disrupted cargo movement between Asia and Europe, causing significant costs and disruption.[3] Approximately US$ 10 Billion of international trade was affected.

More to the point, in a matter of days during 2008, four fiberoptic cables connecting India and Abu Dhabi to the global Internet were accidentally severed, greatly reducing bandwidth availability between India and the rest of the world. Many call centers and other Indian-located resources were taken effectively offline for days.[4]

The Abu Dhabi and Indian cases highlight a crucial point: Communications bottlenecks are as serious a hazard as complete disruption. Many of today's business applications have embedded timing presumptions that reflect ubiquitous high-speed communications. How many can operate as intended with the extended delays caused by degraded communications networks?

How often has applications testing visited what happens when network requests are subject to significant delay? How many systems inherently presume that requests can be relayed to trading partners within a matter of seconds? Are requesting systems single-threaded, so that a delay in a single request can cascade into a complete system freeze? Can business be transacted without access to centralized financial databases, e.g., MasterCard, VISA?

As we have painfully learned during the COVID-19 pandemic, supply chain disruptions metastasize quickly, often with many unexpected consequences.

All of these concerns, while not strictly a security issue should probably be of concern to CISOs and others responsible for information system security and integrity.

Edit (October 8, 2014) Clarified sentence describing August 1914 operation


[1] David Kahn (1967) The Codebreakers Chapter 9, pg 266
[2] Leslie Lamport (1987, May 28) Electronic mail message to src-t
[3] Mary-Ann Russon (2021, March 29) The cost of the Suez Canal blockage
[4] D Bowman and AFP (2008, February 3) Internet Problems Continue with Fourth Cable Break


URLs for referencing this entry

Bringing Details into Focus, Focused Innovation, Focused Solutions
Robert Gezelter Software Consultant Logo
+1 (718) 463 1079