The four undersea cables carrying global Internet traffic— which had snapped recently at four different locations in West Asia, all in a matter of one week—have been repaired. The first two are believed to be due to a ship dragging its anchor near Egypt, cutting the cables of SeaMeWe4 and Flag Telecom which carried traffic to West Asia and the Indian subcontinent. The third was between the UAE and Oman, again a Flag cable, while the fourth connected Qatar and the UAE. The last instance was due to a power outage, while nothing concrete is known about the third snap.
These cuts raised much alarm among Internet users unable to access websites and get emails on time. But more important is the concern among global security analysts whether these incidents were part of a larger sabotage plan— either from state or non-state actors —to cripple Internet traffic and create a sense of fear. Conspiracy theory stories have also mentioned the possibility of a blocking of communications with Iran as a precursor to some attacks.
Now that security concerns about the undersea cables have been raised for the first time, they have captured the attention of various governments. It is being proposed that security should not be left solely to the 86-member cable company consortium, International Cable Protection Committee (ICPC), and that governments should also play a role. But it will take time and effort to understand how undersea cables—carrying 95% of the global Internet traffic today—can be secured from downtime due to accidents, technical glitches and the more worrisome sabotage attempts. No doubt the chances of the first two causes are still seen as the highest, but a terrorist plan to attack these cables can’t be fully ruled out, considering the impact and attention such events could lead to. Ever since 9/11, eventualities that would not have been factored in earlier have emerged as security concerns.
Such fears have also gripped India. Beyond the voices raised in the general community of bloggers and chat room and email users, the larger concerns are of the country’s commercial and strategic sectors. Their business depends on this connectivity. In particular, Internet connectivity has ushered in a robust IT-enabled service industry in the country catering to back-office and call-centre functions for large companies in the US and Europe. The Indian BPO industry is growing by 30%-plus every year, employing more than half a million people and last year’s figure for India’s ITeS exports was $8.4 billion (Rs41,118 crore then). Besides, e-commerce is growing in the country and online banking has become popular. Further, with the government planning a massive mission mode e-governance project spanning different sectors, the availability and security of the Internet infrastructure is a major factor. More and more critical government data is likely to be hosted on networks and used by various agencies to provide public services.
So, how does one best manage that? Situations such as the recent cable outage make it imperative that protection of critical infrastructures is approached from a policy perspective. Merely reacting to outages is not enough. Many countries have a clearly defined critical information infrastructure policy, which outlines the level of protection of networks and the physical infrastructure that carries Internet traffic. Such policies also outline the best practices to be followed.
India is still to define such a policy, although an effort has been recently started in official circles. With Internet infrastructure having a strong impact on our economy, the government needs to put this in place soon. It also needs to work on global cooperative efforts with the various nations who have already taken proactive steps. The Indian government should also engage with the cable companies and bind them into reasonable service-level agreements so that outages could entail penalties and compensation to end-users.
Government agencies have been making efforts of late to look at the security of pipelines and the railways. Will similar attention be also given to create an action plan for protecting undersea cables?
Subimal Bhattacharjee writes on cyber security issues. Comment at firstname.lastname@example.org