Cybersecurity News that Matters

Cybersecurity News that Matters

Western powers face greater challenges than expected in protecting undersea cables from espionage, analysts warn

Illustration by Areum Hwang, The Readable

by David DiMolfetta

Oct. 30, 2024
10:03 PM GMT+9

Last month, the nations that comprise the prominent Five Eyes intelligence alliance, along with several of the group’s allies, announced that the extensive network of underwater cables that permit global data transmission requires updated security standards.

The vast amount of data constantly transferred via these cables—notably among allied Western powers that find themselves pitted against an array of cyber adversaries out of Asia and the Middle East—makes them prime targets for espionage and sabotage. Global reliance on underwater cables “presents major risks related to critical public interests and has national and economic security implications,” stated a coalition comprised of 15 nations and the European Union in a statement released in late September.

The statement outlined high-level principles aimed at strengthening cable protections against both accidental damage and covert hacking. However, cybersecurity experts who have advised allied nations and standards bodies warn that principles alone may not be enough—particularly as prominent cyber adversaries like Russia and China have neither endorsed nor committed to respecting these standards.

“These [cables] are actually harder to defend than computer networks,” said James Lewis, a former United Nations information security advisor who helped craft the Wassenaar Arrangement that oversees some 42 nations’ exports of technology and security tools.

“Having principles is nice, but only if everyone agrees to follow them,” said Lewis, head of the Strategic Technologies Program at the Washington, DC-based Center for Strategic & International Studies.

Surveillance risks within communication networks have become a major focus in cybersecurity. For instance, in the U.S., Chinese hackers have attempted to access the cellphone communications of presidential campaign officials by breaching infrastructures that support court-authorized wiretaps for American law enforcement agencies.

Globally, officials have been monitoring Russian naval movements near key undersea cable locations. In the Singapore Strait and the East China Sea—which links China, South Korea, Japan, and Taiwan—Chinese-affiliated cable repair ships have reportedly turned off their transponders during routine maintenance, raising suspicions of potential espionage or sabotage.

This situation has drawn recent scrutiny from U.S. Congress members, who have asked the White House to outline ways to better protect the cables from being tampered with or falling victim to other possible threats.

At least 600 undersea cables stretch across the globe, carrying nearly all the world’s internet traffic. Suspended thousands of kilometers underwater, they enable near-instantaneous global communications and data access across national borders. Even this article, published on a news website in South Korea, has likely reached overseas readers via an undersea cable.

Cables are prime targets for espionage because they transport a significant portion of the world’s sensitive data into internet environments controlled by foreign adversaries, said Emir Kremic, a technologist and head of Bosnia and Herzegovina’s Federal Institute of Statistics.

In addition, Balkan and Central Asian nations allied with the West face a unique dilemma: they rely on adversaries for their everyday telecommunications infrastructure, Kremic said. “The money is coming from the West, but they’re spending it on the East,” he told The Readable. “You can still feel the influence of Russia and China.”

For example, Huawei, a major Chinese telecom provider that much of the developed Western world has sought to remove from its networks due to spying concerns, has made significant investments in countries like Uzbekistan.

The same dynamic is evident at home in Bosnia and Herzegovina, Kremic said. He added that as long as Western-aligned countries rely on undesirable tech rivals, fully adhering to the new undersea cable principles will be impossible, as there will still be opportunities for espionage to take place.

Adding to potential security concerns is the fact that cables must eventually come ashore, noted Lewis from CSIS. He stated that espionage can be facilitated if there are inadequate physical security measures at the cables’ landing stations, which are located on or near shorelines.

Underwater cables have been in use since the 1850s, originally for relaying long-distance telegraph messages in Morse code. In the 1980s, fiber optics entered the global market, enhancing the transmission capabilities of transatlantic telephone networks. This advancement prompted a consortium of communications firms to invest billions in strengthening transcontinental communication lines.

Those conditions have since placed much of the development and oversight of modern undersea cables in the hands of industry players. But efforts to establish new cable standards are complicated by the fact that much of the West’s nexus of private sector cable operators face competition from Chinese state-owned companies or Russian military firms aligned with Moscow.

With the newly released principles, countries “have opportunities to collaborate on cross-border repairs, which is really important. However, the problem remains that the individuals handling the cables are private companies,” said Justin Sherman, founder and CEO of Global Cyber Strategies, a tech policy and geopolitics advisory firm.

For nations committed to these new principles, prioritizing collaboration with the private sector is essential, according to Sherman, a nonresident fellow with the Atlantic Council’s Cyber Statecraft Initiative.

Conversely, getting state-owned entities of foreign adversaries to comply won’t be easy, he said.

“If you get a Chinese company to sign onto these agreements, can you really trust them—considering how effective the Chinese government is at coercing tech firms—to resist demands to take a ‘special person’ on their repair boat or to install a device on the cable while they’re repairing it?” said Sherman.

Why all the tension between Eastern and Western undersea cable policies? If the internet is such a vital utility for our day-to-day lives, why not collaborate across all borders? Ultimately, there isn’t enough trust between regions to make that feasible, sources for this story said.

“The Chinese justify their [espionage] behavior by saying, ‘Well, you do it too,’” said Lewis. “They’re not going to sign onto principles they believe we won’t adhere to.”

  • Related article: Global thinkers discuss ways to penalize malicious cyber actors READ MORE

Editor’s note: This article was updated on October 31 to remove the phrase “included among which are undersea cables” in the sixth paragraph and to correct a source’s name from Krenic to Kremic.

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • David DiMolfetta

    David DiMolfetta is a contributing writer at The Readable. Based in Washington D.C., he is a full-time cybersecurity reporter for Nextgov/FCW, a news website and trade magazine focused on U.S. federal...

    View all posts
Reviewer:
Stay Ahead with The Readable's Cybersecurity Insights