On July 27, 2018, the Japanese government updated its cybersecurity strategy, calling for the strengthening of infrastructural protection, including that of international undersea cables. Given that cyber espionage, hacking, and information manipulation have featured extensively in the global news cycle and become agenda items for policymakers in many governments, we are reminded that functional infrastructure remains essential to the stability of societies. Undersea cables connecting continents and islands form the very core of global communications. The protection of such cables is crucial to maintaining the stability of cyberspace.
As a deeply connected archipelagic country, Japan is very much dependent on these cables. It has 15 cable landing stations, where undersea cables connect into land-based networks, on its soil, many of them hosting multiple cables. If those connections were disrupted, the result could be catastrophic. That Japan could lose all of these connections at once is not very probable, but it is by no means impossible. Considering today’s globalized and connected world, it is important to realize that an advanced, coordinated, and multi-pronged attack could disrupt the most modern and well-defended cyberspace infrastructure. It is time for us to think about the unthinkable.
The Strategic Importance of Cables
Undersea cables carry 99% of international communications traffic going through Japan. The remaining 1% is carried by artificial satellites, but they are less efficient and more expensive than cables, as signals must travel vast distances from the ground. These submarine conduits connect communications, broadcasting, and electricity.
The need for Japan to safeguard its communications infrastructure is underlined by its hosting of several large-scale international gatherings in the next couple of years. The country will be the site of the G20 summit meeting in June 2019, the Rugby World Cup in September 2019, and the Summer Olympic and Paralympic Games in 2020.
Undersea cables carry 99% of international communications traffic going through Japan.
The strategic importance of these cables extends beyond Japan. Asia’s three most important cable landing points are located in the Japanese prefecture of Chiba, home to the landing point closest to the U.S., the Bashi Channel off the coast of Taiwan, and the Strait of Malacca between the Malay Peninsula and the island of Sumatra. These points are essentially global cyberspace choke points for many undersea cables.
Further to the significance of undersea cables, China has been building such connections with the U.S., bypassing Japan, over the past 15 years. Yet, as Chinese cyberspace and communications services have grown more localized in the past decade, the need for high-performance cable connections between the two countries has become less critical.
Cable Damage Is Common
Cable damage is more common than one might think. In most cases, it is caused by fishing nets and ship anchors, but sometimes, cables are cut for criminal purposes.
In March 2018, undersea cables were cut in Mauritania, on the west coast of Africa. The entire country lost internet access for about 48 hours. Neighboring countries such as Sierra Leone, Liberia, Guinea Bissau, and Gambia were also affected. Whether the severance was accidental or deliberate remains a mystery. Similar cable-cutting incidents have occurred off the coast of Vietnam; and three people were arrested in 2008 while attempting to cut cables off the coast of Egypt.
Cable damage is more common than one might think.
Natural disasters are also an important cause of cable damage. For example, the 2011 Tohoku earthquake and tsunami severely damaged undersea cables in the area. As many cables linked to eastern Japan were lost, communications traffic running through the country had to be rerouted to western Japan. The loss of cables in eastern Japan meant massive difficulties for people trying to reach family members and friends over landline and mobile phones. However, thanks to the rerouting enabled by Japan’s robust infrastructure, eventually they were able to reach their loved ones via Facebook and Twitter instead.
Even more concerning is the possibility of terrorist attacks. While there has not yet been such an attack, any terrorist organization that mounted one would undoubtedly inspire copycat operations, leaving the network vulnerable to multiple acts of sabotage.
The first undersea cables, carrying telegraphic, and later telephone, communications, were built by governments and government-affiliated companies from the mid-19th century through to most of the 20th century. But in the 1980s, communications providers were privatized and began installing fiber optic cables. Now, international consortia of commercial operators own most cables. That is to say that the backbone of much of our technology and infrastructure is maintained by the private sector. Technically, the International Cable Protection Committee, an industry association, oversees such maintenance, but among its 176 members, only four are governmental bodies. This means that today, private industry actors are on the frontlines when it comes to ensuring the security and stability of the global communications system.
Cybersecurity resilience means that when something is broken, it is fixed quickly. Having robust network architecture is also important. When a country has multiple cable connections, traffic meant for a damaged cable could be rerouted to a functional cable instead. Most internet traffic would thus be little affected in such a case. However, the same could not be said of financial traffic. Cables serving finance tend to be newer and laid in locations that minimize the distance between traders and markets. The financial world, which runs on fast-paced transactions, could be severely affected if one or two high-volume cables were damaged.
Truly effective resilience requires more capabilities than those already in place. It needs thorough peacetime preparation and exercises. This is the only way we can be sure of what to do and how to do it should an incident occur.
Truly effective resilience requires more capabilities than those already in place.
In November 2017, the Global Commission on the Stability of Cyberspace, a multi-stakeholder initiative launched by the Hague Centre for Strategic Studies and the EastWest Institute (and of which I am a commissioner), published a call to protect the public core of the internet. Elements of the public core include, among other things, internet routing, the domain name system, certificates and trust, and communications cables.
The call states: “Without prejudice to their rights and obligations, state and non-state actors should not conduct or knowingly allow activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet, and therefore the stability of cyberspace.” Such a declaration could be a basis on which to clarify what constitutes wrongdoing, and have educational effects. But it would not constrain illicit actors.
Beyond self-defense within the private sector and building norms among governments, we have few measures to protect cables in democratic societies. The use of military force to protect such infrastructure is not practical, as cables span huge distances and are often located at remote points. What we can do right now is hide the locations of undersea cables and their landing stations from the public eye. The Australian government has already begun doing this. This, however, is merely a stopgap. There is a definite need to devise a more effective, global set of measures to ensure the security and stability of our undersea cables, and thus, that of the global communications system.