Worldwide Broadband Vulnerabilities are a Significant Hazard
We live in an interconnected world. We think nothing when we open
our mobile phone to order something from an online store or to
video chat with someone anywhere in the world. Distance matters
little. Many people and businesses use online merchants with
overnight delivery in place of local stock. Meeting and shopping
online became second nature during the COVID-19 pandemic.
Business organizations have followed suit. Business applications are
now accessed in the cloud,
with users located almost
anywhere on Earth.
Painless communication is pure technology and neutral. It eases access to information, whether a grandchild's first steps or a wanted recipe as much as it provides access to false information, propaganda, and other undesirable activity.
Organizations, including governments, also use the global communications infrastructure. Information, both factual and opinion, are readily available worldwide via this infrastructure. Newspapers and broadcasts present single points of control; the decentralized web is notoriously far more difficult to control.
Recently, the Nord Stream 1 and 2 natural gas pipelines beneath
the Baltic Sea sustained multiple, near simultaneous breaches. The
other day, John Naughton, professor of the public understanding
of technology at the Open University and the author of From
Gutenberg to Zuckerberg: What You Really Need to Know About the
Internet
in an OpEd published by The Guardian
asked an important question: What would happen if someone
were to deliberately sever elements of the worldwide communications
infrastructure?
Individual choices are reflected by organizations. Seamless high-speed connectivity is the basis of the systems used by business organizations. A simple, everyday toothpaste purchase at your local pharmacy or grocery may:
To be sure, not every toothpaste purchase triggers every event, but one can never know how many actions will be triggered by a simple purchase.
Today, myriad automated resource planning systems do much of this work unseen behind the scenes, propagating the necessary requests down the levels of the supply chain. Some connections directly use the global Internet using HTTP/TLS and similar protocols; others communicate through Virtual Private Networks (VPNs); and increasingly rarer connections go over dedicated private links. All communications eventually traverse the worldwide communications network, today composed of transcontinental and intercontinental fiber optic cables.
All of this widely available rapid communications infrastructure has been realized in the last few decades. International electronic mail was a glimmer as recently as the 1990s.
Access to communications is not a new concern. On August 5, 1914,
shortly after the outbreak of World War I, the Royal Navy
executed a 1912 contingency plan
to sever Germany's telegraph cables to the outside world
in the event of hostilities. Imperial Germany was forced to use
third-party telegraph cables and radio for external
communications.[1] The British Admiralty was thus able
to intercept
and eventually decode diplomatic messages to and from Imperial
Germany, altering the course of the war on many occasions; the
Zimmermann telegram
episode involving a telegram
from German Foreign Minister Zimmermann soliciting Mexico to
enter the war and reclaim land ceded to the United States in
the Mexican American war of the 1840s is but one example.
The present media environment makes denial potentially self-defeating. Impairing communications impairs all sides. However, as many have commented, initiating hostilities is not necessarily a rational actor.
One party or another may perceive that disruption may impair one side more than another, resulting in what may appear to be irrational actions.
Whether by Act of God, error, or nation state belligerence, cable failures occur. Are we prepared for the possible downstream consequences of such episodes?
One wonders whether the information technology community has adequately prepared for such situations. Many business systems presume ubiquitous broadband connectivity. Clearly, international transactions would be impeded by transoceanic cable faults; however, the interconnected world offers no guarantees that problems with long-distance communications would be limited to international transactions. Domestic networks could be impacted as well.
Today, purchasing anything with a credit/debit card today requires an authorization, regardless of scale. Thirty years ago, small purchases could be processed without an authorization. As Leslie Lamport wrote decades ago,
A distributed system is one in which the failure of a computer you didn't even know existed can render your own computer unusable.[2]
The clear network corollary to Lamport's comment about
distributed systems is that the impairment of a
communications link you didn't know existed can render your
systems inoperable.
We have seen limited-scale instances of infrastructure denial. In 2020, MV Ever Given, a 200,000 ton container ship, ran aground in the Suez Canal. Traffic was blocked traffic for nearly a week. This incident disrupted cargo movement between Asia and Europe, causing significant costs and disruption.[3] Approximately US$ 10 Billion of international trade was affected.
More to the point, in a matter of days during 2008, four fiberoptic cables connecting India and Abu Dhabi to the global Internet were accidentally severed, greatly reducing bandwidth availability between India and the rest of the world. Many call centers and other Indian-located resources were taken effectively offline for days.[4]
The Abu Dhabi and Indian cases highlight a crucial point: Communications bottlenecks are as serious a hazard as complete disruption. Many of today's business applications have embedded timing presumptions that reflect ubiquitous high-speed communications. How many can operate as intended with the extended delays caused by degraded communications networks?
How often has applications testing visited what happens when network requests are subject to significant delay? How many systems inherently presume that requests can be relayed to trading partners within a matter of seconds? Are requesting systems single-threaded, so that a delay in a single request can cascade into a complete system freeze? Can business be transacted without access to centralized financial databases, e.g., MasterCard, VISA?
As we have painfully learned during the COVID-19 pandemic, supply chain disruptions metastasize quickly, often with many unexpected consequences.
All of these concerns, while not strictly a security
issue should probably be of concern to CISOs and others responsible
for information system security and integrity.
Edit (October 8, 2014) Clarified sentence describing August 1914 operation
[1] | David Kahn (1967) The Codebreakers Chapter 9, pg 266 |
[2] | Leslie Lamport (1987, May 28) Electronic mail message to src-t |
[3] | Mary-Ann Russon (2021, March 29)
The cost of the Suez Canal blockage |
[4] | D Bowman and AFP (2008, February 3)
Internet Problems Continue with Fourth Cable Break |
Sweden sends diving vessel to probe leaking Nord Stream pipelinesRetrieved from https://www.reuters.com/business/energy/russias-gazprom-says-pressure-nord-stream-pipelines-has-stabilised-2022-10-03/ on October 4, 2022
Internet Problems Continue with Fourth Cable BreakArabian Business retrieved from https://www.arabianbusiness.com/industries/technology/internet-problems-continue-with-fourth-cable-break-121812 on October 4, 2022
A quarter of world's Internet users vulnerable to infrastructure attackUPI Science News. Retrieved from https://www.upi.com/Science_News/2022/05/26/quarter-world-internet-users-vulnerable-attacks/1131653587857/ on October 4, 2022
Vladimir Putin’s latest frightening gambit lies at the bottom of the oceanThe Guardian. Retrieved from https://www.theguardian.com/commentisfree/2022/oct/01/vladimir-putins-latest-frightening-gambit-lies-at-the-bottom-of-the-ocean on October 4, 2022
The cost of the Suez Canal blockageBBC News. Retrieved from https://www.bbc.com/news/business-56559073 on October 4, 2022