Nearly a dozen incidences of interrupted Internet services due to fiber optic cable cutting have led security experts to believe that online security remains null unless something is done to protect the physical infrastructure that underlies the Internet.
Since July 2014, attackers have intentionally severed fiber optic cables in 11 places in the San Francisco Bay Area, causing interruptions in Internet, phone and television services in Alamo, Berkeley, Fremont, San Jose and Walnut Creek, California.
The latest of these attacks took place on Tuesday in Livermore, Alameda County, where attackers severed three high-capacity cables owned by Internet backbone providers Zayo Group Holdings and Level 3 Communications, causing Internet outages in places as far as Sacramento.
Investigators have still to identify who is beyond the cable cutting, but the Federal Bureau of Investigation (FBI) and private security experts believe this could not possibly be the work of casual vandals, since the cables are placed in underground vaults inside protective sheathing called conduit. It takes expertise and special equipment to be able to get through the conduit.
Furthermore, while the cables are buried several feet underground, they span millions of miles of remote areas and are easily marked with orange poles and junction boxes. They are unmonitored and easily accessible, and while the cables are protected by the conduit, anyone who has a mind to disrupt the daily goings-on of the Internet can easily do so by snipping a handful of fiber optic cables with a pair of scissors.
"You can spend a lot of money on encryption and fire walling, but you also need to cover the basics," says Ralph Descheneaux of Network Integrity Systems. "At the end of the day, if you don't protect the actual transport mechanism, you're always going to have a point of vulnerability."
On Tuesday, technical experts took five hours to fix the three fiber optic cables alone. Internet service providers complained that the presence of investigators actually lengthened the repair process, as they still had to search the premises for evidence on who could possibly be behind the attack. Security consultants fear the attackers could be testing how the authorities and cable operators respond to cable cutting before launching more widespread attacks.
"Our most critical infrastructure is basically unsecured," says Roger Entner of Recon Analytics.
Photo: Steven Damron | Flickr