Fiber Cable Sabotage Underscores Physical Security VulnerabilitiesBy Lawrence Walsh | Posted 2009-04-10 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
The disruption of voice and data telecom services to Silicon Valley by vandals cutting through four fiber optic cables in the wake of reports of foreign operatives compromising the U.S. power grid shows the vulnerability of the critical infrastructure to attacks and disruption.
The slicing of four fiber optic lines in Silicon Valley yesterday, along with the recent revelations of hacks against the U.S. electric grid, underscore the interconnectivity of the digital and physical worlds and the potential to disrupt daily life through coordinated attacks.
Authorities in the San Jose area say the deliberate cutting of fiber optic lines carrying landline, cellular and data streams to tens of thousands of homes and hundreds of businesses—including two IBM facilities—in a three-county area in Silicon Valley yesterday afternoon was an act of vandalism or, perhaps, sabotage. The lines are owned and operated by AT&T and Sprint, and at least one is leased to Verizon.
"Someone purposely cut these cables," AT&T spokesperson John Britton told the San Francisco Chronicle. "They didn't have concern for anyone. We will find who did it."
Voice and data services were restored early Friday morning, according to published reports.
Over the past two weeks, the digital world has been fixated by the potential impact of digital threats by hackers and malware writers. In the days leading up to April 1, security experts and vendors were issuing a steady stream of warnings of widespread Internet disruptions when the variant of the Conficker.C worm activated. In recent days, revelations that foreign operatives have hacked the U.S. power grid and planted malware for future use has struck alarms over the vulnerability of the country’s critical infrastructure.
"The more we connect these systems to the Internet, the greater the risk to coordinated attacks," says Pete Lindstrom, research director at Spire Security.
Since the Sept. 11 terrorist attack eight years ago, the federal government has acknowledged the potential for mass disruptions to communications, commerce, emergency services and military operations by a coordinated attack against physical and logical assets. When the Nimda worm struck just days after the Sept. 11 attack, federal officials issued an alert fearing that it was a cyberspace follow-up strike; the worm was quickly determined not to be connected to 9/11.
In recent years, the Department of Homeland Security has sponsored Cyber Storm, an annual exercise to test the responsiveness of government agencies and private sector assets to coordinated attacks. Many Cyber Storm participants have reported that the government has significant gaps in command and control of response to such scenarios.
"Physical security of our infrastructure is a tough thing to provide. It's like trying to put up a fence on our border; there's just too much opportunity for attack," Lindstrom says.
In his 2003 book Beyond Fear, security evangelist Bruce Schneier—now the chief security technology officer at BT—described a coordinated attack, in which a switching station in the Northwest was taken out by a truck bomb, effectively knocking out telephony and telecommunications services to much of the Pacific seaboard. Simultaneously, hackers pounced on digital assets to further disrupt government response efforts and cause economic disruptions.
There is no evidence that the Silicon Valley incident is the act of hackers or foreign operatives. And there are no reports of a coordinated digital attack following the cable breaks. However, the disruption to phone and data services caused by the incident forced officials in the three affected counties to deploy additional police, fire and emergency medical services.
"We're having a more visual presence out there in the field," Sgt. Don Morrissey, Santa Clara County sheriff's spokesman, told the San Francisco Chronicle. "We're out there to be the conduit, if you will. We're trying to bridge that communication gap between emergency services and citizens."
Following reports of the compromise of the U.S. power grid by Chinese and Russian spies, the North America Electric Reliability Corporation issued an advisory to its member organizations warning against security threats of both a physical and digital nature, as well as the potential for disruptions caused by intentional and accidental actions.
"One of the more significant elements of a cyber threat, contributing to the uniqueness of cyber risk, is the cross-cutting and horizontal nature of networked technology that provides the means for an intelligent cyber attacker to impact multiple assets at once, and from a distance. The majority of reliability risks that challenge the bulk power system today result in probabilistic failures that can be studied and accounted for in planning and operating assumptions. For cyber security, we must recognize the potential for simultaneous loss of assets and common modal failure in scale in identifying what needs to be protected. This is why protection planning requires additional, new thinking on top of sound operating and planning analysis," wrote Michael Assante, vice president and chief security officer of NERC.
Some speculate that the cable sabotage may be connected to a labor dispute between AT&T and the Communication Workers of America, which authorized a strike against the telecom carrier in March. CWA has denied that it or its members were involved in the cable incident.
As of this report, repair crews were still working to restore service. AT&T has issued a $100,000 reward for information leading to the capture and arrest of the responsible parties.
While the recent U.S. power grid hack and the Silicon Valley cable sabotage incident are serious incidents, Schneier tells Channel Insider that such incidents should be put into perspective. He says that more telecom damage and disruptions are caused by falling trees and errant backhoe operators than deliberate sabotage. "These reports sound just like reports after a winter storm in Minnesota. These events rarely happen and AT&T knows how to repair this. The lesson here is that it's something not to worry about," Schneier says.