WITHIN the last year there have been 16 so-called fiber cuts in the San Francisco Bay Area. According to the F.B.I., someone or some group has been going through manholes to sever fiber optic cables that supply telecommunications to large sections of the region, which is home to technology companies, academic institutions and Lawrence Livermore National Laboratory, overseer of the nation’s nuclear weapons.
Following each incident (usually occurring late at night and involving two or three separate fiber cuts) residents couldn’t make land or mobile calls, not even to 911, or send texts or emails. Hospital records in some instances were inaccessible. Credit cards and A.T.M.s didn’t work. And forget about Googling, watching Netflix or remotely turning on a coffee maker. (For security reasons, Lawrence Livermore declined to say how the cuts affected its operations.)
When we talk about the Internet, we talk about clouds and ether. But the Internet is not amorphous. You may access it wirelessly, but ultimately you’re relying on a bunch of physical cables that are vulnerable to attack. It’s something that’s been largely forgotten in the lather over cybersecurity. The threat is not only malicious code flowing through the pipes but also, and perhaps more critically, the pipes themselves.
Most worrisome are the throughways and junctures that handle enormous amounts of Internet traffic. It would be as if a major interstate highway or crucial interchange were closed and all the traffic was forced onto side streets. There would be gridlock, and some of those side streets might collapse under the weight. Data transfer would slow significantly or come to a halt, as has happened in Northern California.
Surprisingly, there isn’t even a good map of the Internet’s highways and byways to clearly show locations that, if taken out, would severely hamper the system. “Everybody assumes somebody knows, but after a while you find out nobody actually knows,” said Paul Barford, a professor of computer science at the University of Wisconsin who has made it his mission to find out where the vulnerabilities are.
He recently completed a map of the United States’ long-haul Internet infrastructure — stretches that span at least 30 miles and connect population centers of at least 100,000 people. It took him four years of cajoling information from commercial broadband providers and collecting public records to come up with a reasonably reliable map. Notably, his research was partly funded by the Department of Homeland Security and can be accessed only by D.H.S.-approved researchers.
“What we’re trying to avoid is giving bad guys a map to do bad things,” Professor Barford said. “Now that we can see the possible pinch points in the U.S., we are looking at ways to mitigate them.”
Security experts and networking engineers said they were most concerned about where major networks converge. These are called Internet exchange points, or I.X.P.s, where networks come together like highway interchanges to trade traffic, which is known as peering.
There are about 80 I.X.P.s in the United States but only a handful, including ones in New York City, Miami, Los Angeles, Seattle and outside Washington, are vital interchanges for domestic as well as international traffic coming from undersea cables from abroad (which are also vulnerable to cuts by mislaid anchors or submarine sabotage).
Plugging into these major hubs are hundreds of Internet and mobile service providers, as well as content delivery networks such as Google, Apple, Amazon, Facebook and Microsoft. If taken out by natural disaster (earthquake, hurricane) or a strategic attack, much of the United States, if not much of the world, would have hindered Internet access or none at all, depending on the severity and sophistication of the strikes.
“It’s crazy to see these unprotected buildings containing all this physical cabling that’s interconnecting continents as well as all of North America,” said John Savageau, an information and communications technology consultant who formerly managed I.X.P.s owned by the CoreSite Realty Corporation, a major player in the industry. “If one of these major nodes goes down, you’re going to have pain because customer performance will be seriously degraded, but if you have a coordinated attack on multiple locations, that’s a nightmare scenario.”