Threats to undersea cables should worry business as well as government

[ad_1]

Porthcurno’s place in the UK’s communications infrastructure is something of a historical accident. In 1870, Scottish entrepreneur John Pender was aiming to land the first telegraph cable with India in Falmouth, but complications forced him ashore in the Cornish village instead.

Porthcurno, the nexus of six modern fibre optic cables, remains a communications hub. The village, where operations were moved into cliffside tunnels in the second world war, has also become a chronicler of the system’s vulnerabilities: its museum recorded a global summit in 2010 scrutinising the undersea cables on which the modern world unwittingly relies. The museum called it “a shift to a greater awareness” of our dependence on a hidden infrastructure.

It’s a shift that needs to happen again. The news last week that Russia has been making extensive use of spy-ships to map energy and cable infrastructure in the North and Baltic seas wasn’t surprising. The defence community has repeatedly warned that critical subsea assets are at risk, given Russia’s huge increase in submarine activity over recent years. Nato in February created a “co-ordination cell” for the issue. Last autumn’s sabotage of the Nord Stream pipelines has focused attention on other vulnerable deep sea targets.

Yet there remains what that 2010 summit called a “profound lack of awareness” about our dependence on this undersea network, a reliance that has grown with the explosion in global data flows. A report last year for the European parliament said that 400 cables carry about 99 per cent of global digital communications. There are clusters, where cables come ashore and on key routes. About 20 connect western Europe to the US, carrying two-fifths of global internet traffic.

“The thing about our industry,” one expert told me, “is that by its nature it’s unknown. We take loads of money, make lovely cables and stick them in the bottom of the ocean. And by and large, they’ve worked for 150 years.” The cables are largely privately owned and maintained by communications groups or tech companies such as Google and Amazon. The system is designed to withstand accidents, which happen regularly thanks to fishing trawlers and anchors.

But as US-based consultant Bob Fonow warns, there is little understanding of the system’s redundancy, or to what extent private owners have improved security at key junctures. Governments are promising improved protection but policing a sprawling network is challenging, especially as routes are made public to avoid accidents.

In a major outage, traffic would in theory seamlessly reroute on to other cables. How well this works in practice is debatable, especially as older networks may not be well maintained (and rerouting transatlantic traffic eastward through China raises its own questions). Global repair capabilities are also limited, with an average fix taking at least two weeks.

Resilience planning for a concerted attack is sorely lacking. Governments may not really know which cables are used, by whom or for what. International law in this area is woolly: “more suited to the peripheral role cables played in the 70s and 80s, rather than to the indispensable status they hold today,” according to up-and-coming Conservative MP Rishi Sunak in a report for Policy Exchange in 2017.

There is also no international mechanism to reprioritise critical traffic if needed, nor to prioritise repairs. “This has always been on companies’ risk registers but no one did any work on it because it felt too remote,” says Crispin Ellison, partner at Oliver Wyman. “Many large companies don’t know in detail which cables they use, for what services and especially those their outside contractors rely on.”

There is a particular risk in finance. Undersea cables carry $10tn of financial transfers daily, with global payments system

Swift and the US clearing system Chips among those reliant on this pipework.

One City of London financial firm, which asked not to be named, has just finished an in-depth review, mapping out usage, asking suppliers for assurances and considering alternatives for a worst-case scenario. Others should be doing the same — prompted by regulators, who in the UK at least are taking a closer look at third-party suppliers to the financial industry and ask regulated firms to test their resilience in “severe but plausible scenarios”.

“Severe but plausible” has taken on new meaning thanks to a pandemic — a well-known risk that was largely ignored — and the war in Ukraine. There is, now, another critical issue to be added to the list.

helen.thomas@ft.com

[ad_2]

Source link