The Cloud and the Deep Sea: How Cloud Storage Raises the Stakes for Undersea Cable Security and Liability
As the amount of cable disruptions increases (i.e., more cables are cut), on the other hand, the amount of data traffic that is lost increases exponentially.33 For example, an analysis was done of possible disruptions of the cable lines connecting Europe and India.34 It found that although "India is fairly resilient in the case of one or two cable disruptions," nearly seventy percent of traffic to and from India would be lost with just three concurrent cable disruptions.35 Actual data exists that supports similar predictions.36 In 2006, an earthquake along the coast of Taiwan triggered undersea landslides and broke nine undersea cables.37 This event had repercussions extending beyond the country of Taiwan.38 Internet telecommunications linking Southeast Asia were seriously impaired.39 More than six hundred gigabits of capacity went offline, and trading of the Korean won temporarily stopped.40 Even a week after the quake, an Internet provider in Hong Kong publicly apologized for continued slow Internet speeds.41
Undersea cable expert Douglas R. Burnett argues that "it is naYve to assume that submarine-cable landing stations, cables, the cable ships, and the marine depots that maintain the systems will escape asymmetric terrorist acts,"" and recent cases have proven that Burnett's concern is not unfounded. In 2007, "piracy was blamed in the theft of active submarine cables and equipment" off the coast of Vietnam." "In early 2008, over the course of just a few days, multiple cables were cut off the coasts of Egypt and Dubai," causing at least fourteen countries to lose a significant amount of data traffic." The "Maldives was entirely disconnectedfromtherestoftheworld."60 Theshorttimespanandclose proximity of these cuts raised suspicions of a deliberate attack.61 Most recently, in June 2010, terrorists in the Philippines struck an international cable.62 The public location of the cables and their lack of sophisticated armor or protection make them incredibly vulnerable to intentional attacks.
Most of the solutions that have been put forward by scholars focus on the structural security issues alone and what governments must do to secure this vital infrastructure. Douglas Burnett argues that governments should follow the lead of Australia and Singapore and coordinate a single point of contact for undersea cable issues.106 He suggests that the U.S. Navy should reach out to naval allies such as Canada and France as well as to cable industry representatives and together develop cable-protection strategies that enable the navy to respond quickly to pirate and terrorist attacks.107 Commander Michael Matis of the U.S. Navy recommends creating a new international cable construction regulatory regime that would promote greater international cooperation and information sharing.108 As part of that effort, he urges the United States to immediately ratify UNCLOS and encourages UNCLOS members to collectively update their legislation to protect cables and make it an international crime to tamper with them.109 These scholars understand that any action to increase the safety of undersea cables must be international. Models have shown that a cable break off the coasts of Marseille could have detrimental effects on data flow in and out of India.110 In other words, merely increasing security in one's own waters will not be sufficient. Any security strategy must be global in scope.
Perhaps even more troubling than the above-mentioned structural vulnerability of undersea cables is the lack of security efforts and criminal sanctions by governments to protect undersea cables and deter future attacks. U.S. National Intelligence director James Clapper recently testified that cyber attacks, (by which he meant purely digital attacks like computer worms or viruses that can shut down the electrical grid or financial markets),69 are the nation's number one security priority.70 Clapper highlighted how much governments, utilities, and financial services rely on the Internet and therefore are vulnerable to cyber attack.71 Yet at the same time, protection of undersea cables (a critical infrastructure that supports the Internet) from physical attacks is sorely lacking. For example, in the United States, the willful destruction of an international submarine cable is punishable by a maximum of two years in prison and a mere $5,000 fine.72 This fine is hardly a deterrent, and is far out of proportion to the damage that such an act would cause. Furthermore, the United States has not joined the 162 countries that have signed onto the United Nations Convention on the Law of the Sea (UNCLOS).73 As a result, there are no UNCLOS security protections for U.S. undersea cables outside of U.S. waters.74 Only Australia and Singapore have created a single point of contact within their governments to address issues of undersea cable security and to coordinate with cable owners to combat hostile actions.75 On a worldwide level, no organization is responsible for undersea cables and there have been no international tests of cable defense systems.76 The maintenance and security of the cables is left to private trade organizations.77 Given the extent to which governments themselves rely on these cables,78 the current lack of a coherent undersea cable security strategy by governments must be remedied. The infrastructure itself is vulnerable, and governments like the United States are not yet taking adequate actions to protect it. It is not enough for governments like the United States to focus on digital attacks on Internet systems. They must also take action to protect the physical structure of the Internet.79