Hiding Internet Infrastructure Doesn't Really Keep It Safe

"Why do you want to let terrorists destroy the internet?"

Jul 26 2016, 12:00pm

Photo: Ingrid Burrington

There are two questions that come up pretty frequently when I tell people that I document and write about network infrastructure. The first one is, So, where's the cloud? (Spoiler: mostly, northern Virginia, but also it's not a cloud and you should really stop calling it that.) The other is, Why do you want to let terrorists destroy the internet? The implication is that by mapping out the internet's geography, I'm basically offering up a blueprint for destroying it.

Anxiety about physical infrastructure security is understandable. Sometimes the threats to infrastructure security can feel a little over the top, as in the case of the New York Times report on the possibility of Russian submarine cable taps. It isn't a purely speculative concern, however. Last year, a spate of mysterious fiber optic cable cuts in northern California left parts of the region disconnected for hours.

My book, Networks of New York, is an illustrated guide to identifying network infrastructure, including internet cables. Conceivably, this could guide a would-be vandal to their targets—but the primary method they'd use to find those targets is a tactic explicitly already used to keep cables safe. Labeling buried utilities with color-coded flags, posts, or spray paint is a well-established part of street excavation. If one utility provider needs to do work that requires digging up a road, they need to know what's buried under that road so they don't end up damaging anything else buried nearby.

Taking out physical infrastructure is less of a hidden hack than one in plain sight

Alternatively, someone looking to damage some buried cable could just look for one of the entry points to the conduit like a manhole cover or junction box—which, if anyone really wanted to break those open, aren't actually that hard to access. It's relatively easy to buy manhole cover lifters online and even find video tutorials on how to open them.

In other words, taking out physical infrastructure is less of a hidden hack than one in plain sight—and one that by necessity has to be in plain sight, because that's actually one of the best ways to keep this stuff safe.

In other words, the California cable cutters did not need special knowledge to successfully disrupt communications. Not only that, they didn't need to do much work to get close enough to the cables. The FBI speculated that whoever made the cuts may have worn standard-issue utility or construction safety gear while doing it to avoid arousing suspicion (the amount of stuff people can get away with while wearing safety yellow vests is astonishing). If we had a culture that bothered to pay attention to construction and street excavation work, maybe someone would have noticed the rogue actor who rolled up to those handholes in northern California.

The California cable cuts are, of course, far from lighthearted hacks. Reports indicated that the effects of the fiber cuts reached as far north as Seattle and slowed down Microsoft's Azure cloud services in their western US region. That's still a far cry from shutting down the internet as a whole, and it would be pretty hard for someone to accomplish that with cable cuts alone.

This is inherent to the internet's design: When one route for moving traffic breaks down, traffic can be routed elsewhere. Or, that's how it's supposed to work.

In practice, however, a lot of this traffic ends up routed through data centers and internet exchanges—central points of network connectivity of which most are easily located online thanks to tools like Telegeography's Internet Exchange Map and whose vulnerability is pretty varied.

To take out some of the major chokepoints of the internet wouldn't be impossible, and it would have pretty devastating consequences, but any kind of attack on such a space at scale would require a degree of coordination and resources more likely in the hands of a sovereign country than a terrorist cell. And in an age where every war is a propaganda war, taking out the internet at scale is an act of mutually assured destruction: ISIS needs a global internet to coordinate and recruit, and western governments need a global internet to surveil that coordination and recruitment. Most sovereigns are far more content to exercise limited control and outages within their own boundaries using far less labor-intensive methods than physical infrastructure attacks.

While it's completely understandable to be concerned about individuals intentionally damaging internet infrastructure, incompetence and nonhuman intervention are just as likely to cause physical outages. Ship anchors, tractors, copper scavengers, and sharks are as big a threat to buried cables as mysterious cable cutters.

Additionally, climate change and natural disasters are huge threats to internet infrastructure that no amount of secrecy or security theater can overcome, and which will only become a greater concern in the coming years.

Ultimately, the assumption that publicly mapping internet infrastructure means it's inherently less safe is, in some ways, the analog variation of debating whether or not to open source encryption tools. While the impulse to keep these systems out of sight is understandable, being able to recognize and locate infrastructure prevents inadvertent damage and can potentially call attention to anyone attempting any intentional damage.

Furthermore, in the case of environmental threats that are largely beyond human control, being able to locate where the infrastructure is and where it's been broken or damaged means that people can get to repairing it more quickly. As the California cable cuts demonstrate, the internet's physical infrastructure is pretty vulnerable to disruption from fairly simple interventions—protecting it is a public concern, and one way to get a lot of people protecting it is to enable the public to recognize and understand how that infrastructure works.

The Hacks We Can't See is Motherboard's theme week dedicated to the future of security and the hacks no one's talking about. Follow along here.