Deputy Editor, Infosecurity Magazine
Submarine communication cables are a growing target for cyber-threat actors, with incidents capable of causing huge global internet disruption, a new report has found.
Recorded Future said that recent geopolitical developments, including the Russia-Ukraine conflict, China’s coercive actions towards Taiwan and growing tensions between the US and China, “will very likely be key drivers of the near-term risk environment.”
The researchers believe these cables will be targets for sabotage and even espionage attacks amid escalating tensions between nation-states. For example, the report highlighted that two submarine cables connecting Taiwan with the outlying island of Matsu were cut by Chinese civilian ships, likely intentionally, within six days of each other in February 2023.
In June 2023, close ally of Russian President Vladimir Putin, Dimitry Medvedev, declared that Russia should have a free hand to destroy its enemies undersea communication cables.
An estimated 99% of intercontinental internet traffic and data and voice communication is transmitted through fiber-optic submarine cables laid along the ocean floor, facilitating over $10trn worth of financial transactions daily. They are also used to carry sensitive government communications, such as supporting overseas military operations.
Disruptions to these cables by adversaries can have severe economic and societal consequences for nations.
“These cables are literally the lifeblood of the internet, so you want to be really careful about potential and new attack vectors,” Craig Terron, Director of Global Issues, Insikt Group at Recorded Future, told Infosecurity Magazine during Infosecurity Europe 2023.
In addition to the severing of the cables underwater, Terron observed that remote network management systems are being used to operate the cables, which “opens up avenues to be potentially targeted by cyber threat actors.”
The report noted that these systems almost always require connection to the internet, meaning that “third-party vulnerabilities become more likely to jeopardize the security and resilience of the entire cable system.”
Terron added that these networks are using systems like Linux and Windows, which “actors are already exploiting.”
The only known example of a cyber-attack on submarine cables to date occurred in April 2022, when the US federal government revealed it had thwarted an attack on an underwater cable linking Hawaii and the Pacific Region. This attack was enabled by a credentials-related breach of a third-party.
Few other details were released about the incident, which Terron believes is a deliberate approach by authorities to “not give anyone any ideas.”
He also believes it is likely that similar attacks have occurred in other areas, but the information has not been shared by the relevant authorities.
The report argued that state-sponsored and hacktivist groups are more likely to carry out cyber-attacks on submarine cables than financially-motivated cyber-criminals – to cause disruption and sabotage.
Terron said that the severe repercussions of an attack of this nature by authorities may deter many cyber-criminal gangs from targeting critical submarine cables. He highlighted the ransomware attack on Colonial Pipeline in 2021, where the US Department of Justice (DoJ) quickly became involved due to the disruption to critical infrastructure.
Successful attacks on submarine cables could also cause knock-on data issues, according to Terron. He said that organizations using cloud hosting services with data centers based in locations where the internet is cut off, will “get resulting disruptions and impact their access to their own digital assets.”
Another issue relating to these cables is espionage. The report outlined the growing role of Chinese state-owned enterprises as cable owners and providers, which is “increasing China’s ability to manipulate, surveil and interfere with worldwide data flows.”
Terron told Infosecurity: “There’s been multiple governments warning against Chinese involvement in these submarine cable systems because of potential hacking capabilities – somebody could potentially obtain information through those information superhighways.”
He said that organizations and governments should encrypt their communications to mitigate against this risk.