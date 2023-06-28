Comment on this story Comment Gift Article Share

It’s getting awfully risky below the sea for communication cables, researchers warn

The Russia-Ukraine war, rising tensions with China and insatiable data demands are driving up the risks for undersea cables, according to security research published Tuesday.

The threats include cyberattacks and attempts to tap into the cables for surveillance purposes, Recorded Future said in its report.

“The relentless push for expanded bandwidth capacity has led cable system operators to embrace advanced network management systems, potentially enabling cyberattacks that exploit third-party vulnerabilities,” states the report, which was produced by the company’s threat research division Insikt Group.

It’s the latest warning about the cyberthreats posed to submarine cables. The topic has been studied in the past but has few publicly known incidents.

Those cables are vital to everything from communications to military operations to global finance. By some measurements, they’re responsible for almost entirely all intercontinental global internet traffic.

The nature of the threat

Even the best known cyberattack aimed at undersea cables is something of a mystery. Last year, DHS’s investigative unit, Homeland Security Investigations, said its agents had foiled a cyberattack targeting an undersea cable that connected Hawaii’s telecommunications and internet service.

It said an “international hacking group” was responsible for the attack on a private company that manages the cable. The responsible party had obtained stolen credentials, John Tobon, HSI special agent in charge, said at the time. And working with international law enforcement, HSI said it was able to make an arrest.

And that was about all the detail there was. A leading state official at the time didn’t seem to have gotten much information about the case, either. Frank Pace, the administrator of the Hawaii Office of Homeland Security, said he didn’t know “whether it was just a known cybercriminal group that wanted to compromise individuals or executives within the organization, or to install various forms of ransomware to hold their systems hostage.”

Besides hacking risks, cyber analysts have also pointed to surveillance threats.

“For all that US society may invest in securing digital systems, the cables that carry those systems’ data and services remain vulnerable to surveillance, signal manipulation, and even serious damage or other disruption,” Justin Sherman, a nonresident fellow at the Atlantic Council’s Cyber Statecraft Initiative, wrote in 2021.

(To be clear, the biggest perceived threats to date for the disruption of submarine cables are probably more physical kinds, from natural phenomena like earthquakes and sharks — yes, really, sharks — to damage by fishing boats or more malign threats like deliberate acts of sabotage.)

Fast forward

Recorded Future figures nations are the major overall concern nowadays, at least among nonaccidental disruptions.

“State actors are almost certainly the greatest threat with regard to intentional sabotage and spying, given their capabilities and strategic incentives,” its report reads. “Non-state actors, including activists and ransomware groups, pose a less capable and lower likelihood threat to the networks and operating systems that submarine cables rely upon, but the threat cannot be discounted.”

And that means U.S. adversaries with whom tensions are rising pose a big risk. Chinese companies are building more undersea cables, increasing espionage risks for countries and companies that rely on them, Recorded Future warned. (The Financial Times this month published fascinating maps of the cables built by firms from the United States, China and other countries.)

Russia, meanwhile, has demonstrated an interest in mapping undersea cables, probably for sabotage or disruption, the company said.

The cyberattack in Hawaii last year is a “glimpse of that possible future,” according to Recorded Future.

“In an effort to reduce costs, streamline operations, and enhance performance, submarine cable owners and operators are increasingly turning to remote network management systems to monitor and control their infrastructure,” the report reads. “These systems almost always require connection to the internet,” exposing them to threats, the company says.

Additionally, landing stations can serve as hubs of intelligence collection, Recorded Future observed.

What to do

The subject of cyber risks to undersea cables has gotten some federal attention: In 2017, the Office of the Director of National Intelligence produced a threat assessment on undersea cables. Besides the threat of sharks, the assessment also touched on cyberthreats.

“The technological access and motivation of a malicious actor to successfully ‘hack’ or ‘sniff’ a fiber optic network by tapping secretly into a fiber optic cable, under the water or at a landing station, should be recognized as a capability of cyber-criminal behavior,” it reads.

But some contend the subject hasn’t gotten enough attention. While a U.N. body and a nonprofit group are among those who have recommended physical security measures, “these organizations have not dedicated much public effort to concerns about cyber vulnerabilities,” Joseph Keller, a visiting fellow at the Brookings Institution think tank, wrote last month. And, he wrote, “some observers still believe that the United States has fallen short in fortifying the undersea communications cable system.”

The keys

White House outlines 2025 cybersecurity investment priorities

White House cyber officials on Tuesday released a memorandum outlining U.S. cybersecurity agency investment priorities for 2025.

The release from Office of Management and Budget Director Shalanda Young and Acting National Cyber Director Kemba Walden asks executive branch agencies to focus on five areas: Defending critical infrastructure, dismantling threat actors, shaping market forces, investing in a resilient future and forging international partnerships.

The two offices “will jointly review agency responses to these priorities in the FY 2025 Budget submissions, identify potential gaps, and identify potential solutions to those gaps,” the document says.

The offices will provide feedback to the agencies on whether their submissions adequately address the priorities, it adds.

Ransomware is highlighted as a “threat to national security, public safety, and economic prosperity.” Budget requests should factor in how agencies will work to clamp down on ransomware attacks, the memorandum says.

The administration is also pushing for agencies to enforce rules requiring software producers to adequately address default security requirements. Cybersecurity and Infrastructure Security Agency Director Jen Easterly and others have previously said Congress should work to hold software manufacturers legally liable when their products are insecure from cyberattacks.

Apple joins list of firms against encrypted message scanning in proposed U.K. law

Apple criticized rules in a proposed U.K. bill that would require encrypted messaging services like WhatsApp and Signal to scan messages for child sexual abuse material (CSAM), Chris Vallance reports for BBC News.

The Online Safety Bill aims to make the internet safer for children by clamping down on harmful or illegal material like CSAM and self-harm content. The company’s intervention “comes as 80 organizations and tech experts have written to Technology Minister Chloe Smith urging a rethink on the powers,” Vallance writes.

“End-to-end encryption is a critical capability that protects the privacy of journalists, human rights activists, and diplomats,” Apple said in a statement. “The Online Safety Bill poses a serious threat to this protection, and could put UK citizens at greater risk.”

Spanish officials had previously advocated banning end-to-end encryption in the E.U. in a bid to support a contested law that would allow for the scanning of private messages to weed out CSAM and other illegal content.

Some U.S. lawmakers have argued liability protections for tech companies should be removed if they knowingly let their users share CSAM, but cybersecurity experts fear such efforts could prompt tech companies to stop offering end-to-end encryption for users.

More arrests follow in fallout of European-wide encrypted phone network investigation

French, Dutch and European Union prosecutors said intelligence collected from hacking an encrypted network of phones led to at least 6,500 arrests since the operation was conducted by European law enforcement agencies three years ago, Mike Corder reports for the Associated Press.

The Encrochat platform, an encrypted communications service, was widely believed to be used by major crime groups throughout Europe. Encrochat subscribers would pay about $1,100 per device to receive a phone with physical privacy modifications like the removal of the GPS and camera functionality.

The service was investigated in 2017 and later taken down in 2020 by French and Dutch enforcers.

“The announcement underscored the staggering scale of criminality — mainly drugs and arms smuggling and money laundering — that was uncovered as a result of police and prosecutors effectively listening in to criminals using encrypted EncroChat phones,” Corder writes.

“It helped to prevent violent attacks, attempted murders, corruption and large-scale drug transports, as well as obtain large-scale information on organized crime,” E.U. police and judicial agencies said Tuesday in prepared remarks.

The U.K.’s Investigatory Powers Tribunal last month ruled that the nation’s national crime agency obtained proper warrants in connection to hacking and arrests made by European law enforcement agencies over the shuttered messaging service.

