EXECUTIVE SUMMARY:
The Hawaii undersea cable attack highlights a pervasive problem – the loose security surrounding more than 700,000 miles of undersea cables that ferry information to financial markets and that communicate sensitive national security information between governments. These cables are the invisible force giving life to the modern internet.
Hawaii undersea cable attack
According to the US National Oceanic and Atmospheric Administration, nearly 95% of intercontinental internet data flows via hundreds of submerged internet cables. Ownership of the cables falls under the purview of several private and state-owned entities. For a multiplicity of reasons, the cables face increasing risks to their cyber security and resilience.
Reports indicate that threats to cable integrity include authoritarian regimes’ interests in controlling internet access, and surreptitious monitoring by government or criminal entities who wish to steal sensitive information.
Undersea cable attack story
In Honolulu, US federal agents recently disrupted a cyber attack targeting an unspecified telecommunication company’s servers. The servers are connected with an underwater cable responsible for internet, cellular connections and cable service in Hawaii.
Hawaii-based Homeland Security agents pursued this investigation on account of a tip from US mainland counterparts. The investigation resulted in the disruption of a “significant breach involving a private company’s servers associated with an undersea cable.”
An international hacking group is allegedly responsible for the attack. Law enforcement partners in several nations worked together in order to make an arrest, although the location of the arrest remains classified.
Credential theft’s role
The Department of Homeland Security’s Special Agent John Tobon shared that attackers appeared to have obtained credentials that permitted access into the unnamed company’s systems. The credential theft component of this story reinforces the importance of strong credential management policies, including the use of zero trust principles.
The attackers’ motivations remain unclear. They may have intended to create havoc, to shut down communications or to engage in espionage and information theft. In the wake of geopolitical events, the latter might not come as a surprise.
Espionage, information theft and disruption
The tapping of underwater cables in times of geopolitical turmoil is not new. Amidst the Cold War, US submarines dispatched divers to attach special equipment to Soviet undersea cables, allowing for the interception of all communications. This secret surveillance lasted for nearly a decade, until information was sold to the Soviets by a former National Security Agency communications specialist.
A contemporary disruption to cables could potentially take down portions of the internet’s infrastructure, forcing people to use cables within an authoritarian regime’s control. This could be another motive for undersea cable attacks. AT&T Labs has issued a report on this subject.
Further threats
Beyond authoritarian regimes, another threat to the security of the undersea cables includes the remote management of cable networks. A number of undersea cable systems are known for low levels of security. In turn, this makes cables vulnerable to persistent cyber attackers and advanced persistent threats.
Ransomware is also an “acute” threat in relation to undersea cables. Experts have expressed concern about the possibility of a cyber attacker holding an undersea cable management system hostage to engage in a ransom extortion scheme.
Closing thoughts
To better protect undersea cables, stronger government and private sector partnerships need to evolve. Opportunities to collaborate abound and everyone needs to work together when it comes to implementing more effective security solutions.
For related content, please see CyberTalk.org’s story entitled, Could Ten Million Dollars Simply Vanish into the Ocean? Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.