The internet cables that connect the world are vulnerable to cyberattacks and Congress wants to know who’s in charge of protecting them.
There is no clear answer for its members, however.
“It’s not so much that here’s clear jurisdiction and it ends at this part of the internet architecture and then the next person picks it up,” said Jeanette Manfra, assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA). “It’s really largely private sector-led in all cases and what we have is different tools to analyze and make assessment and take action if we have some concerns.”
Manfra, testifying at a Sept. 10 joint hearing in front of the House Armed Services Subcommittee and the House Oversight Committee about internet architecture security, said that it works across several agencies in the federal government on the issue, including the Pentagon, National Telecommunications and Information Administration, the intelligence community and several other entities.
Edwin Wilson, deputy assistant secretary of defense for cyber policy at the DoD, said the Pentagon also works with several government agencies. He added that the DoD includes undersea cables in its contingency plans and threat exercises.
Asked directly by Rep. Clay Higgins, R-La., if the vulnerabilities were being addressed, Wilson didn’t directly answer.
“We understand the threat and we understand the vulnerabilities,” Wilson said. “So the next is how do you mitigate those risks ... and so we have a very robust effort that we continually look and assess undersea cables because it’s the crux of and we rely on it for a lot of our communications.”
Manfra said that the undersea cables are a “high priority” for CISA.
“There’s absolutely more that we will do and can do,” said Manfra.
Two years ago, the Department of Homeland Security, in partnership with the Office of the Director of National Intelligence, put out a report detailing threats faced by undersea cables. The risk of cyberattacks against internet cables have faced “very limited attacks” underwater. Land-based cables were more vulnerable, according to the report. When submerged, cable less than 130 feet below water faced “high” risk of cyberattack, the report found.
The report warned that if a hacker gained access to a cable system, the consequences could be dire, according to the report. A hacker could then access “presentation servers,” which host web applications and for cable operators and contains system data.
“Hacking into a presentation server can, therefore, provide attackers control of multiple cable management systems, unprecedented top-level visibility of multiple cable networks and data flows, knowledge of physical cable vulnerabilities, and the ability to disrupt and divert traffic,” the report read. “With that access, an attacker may gain a potential ‘kill click.’ With a click of a mouse he or she could delete wavelengths and, potentially, significantly disrupt or alter global internet traffic routes.”
Manfra said that CISA, working with the FBI, have done physical security assessment and resiliency tests with cable landing stations, where underwater cables connect to networks on the shore. Rep. Stephen Lynch, D-Mass., asked Manfra if CISA regularly does threat assessments against parts of the internet architecture. Manfra said the frequency of the tests “depends.”
“Many of these would be assessment that, ideally, they could use for multiple years and would offer multi-year approaches to improving some of this security,” Manfra said. “But in some of the areas where maybe we’ve identified some weaknesses or perhaps we have some threat intelligence that they may be a target, we do prioritize engagement.”
But the most immediate threats to internet cables were natural disasters, like hurricanes or earthquakes, and ships. For example, Wilson pointed to ship anchors dragging along the ocean floor.
“We see in a day-to-day fashion the loss of capability, whether it’s natural disasters or man-made calamities out there under the sea; we see that happen on occasion on a very routine basis,” Wilson said. “So we’re consistently having to already do this for a living ... to maintain mission."
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.