In recent years, U.S. officials have grown increasingly fearful of a massive cyberattack, one capable of crippling infrastructure and crashing markets. In 2010, William Lynn, then deputy secretary of defense, wrote in these pages that cyberspace was “just as critical to military operations as land, sea, air, and space.” As defense secretary, Leon Panetta warned of a “cyber–Pearl Harbor.” And in 2013, James Clapper, the director of national intelligence, put cyberattacks at the top of his annual list of transnational threats.
Yet as Washington has poured billions of dollars into shoring up its defenses in the virtual world, it has largely ignored the physical infrastructure that allows cyberspace to exist in the real one. Today, roughly 95 percent of intercontinental communications traffic—e-mails, phone calls, money transfers, and so on—travels not by air or through space but underwater, as rays of light that traverse nearly 300 fiber-optic cables with a combined length of over 600,000 miles. For the most part, these critical lines of communication lack even basic defenses, both on the seabed and at a small number of poorly guarded landing points. And a mounting tally of small-scale breaches points to the potential for large-scale damage.
Washington’s neglect of undersea infrastructure extends beyond cables to an increasingly important source of global oil and gas supply: deep-water drilling. Today, offshore rigs in the Gulf of Mexico account for some 25 percent of total U.S. oil and gas production—a figure the Department of Energy predicts could reach 40 percent by 2040. Outside the United States, global production from deep-water wells has risen from 1.5 million barrels per day in 2000 to over six million barrels per day in 2014. As the infrastructure for offshore drilling grows more sophisticated and widespread, it is also becoming more susceptible to attack, with the potential consequences exceeding those of the giant 2010 oil spill in the Gulf of Mexico.
Although human activities underwater are regulated by numerous international bodies, no single entity has both the authority and the ability to take the lead. In the United States, the Coast Guard is responsible for enforcing security plans at the largest offshore energy platforms and protecting underwater structures at some ports. Yet no government agency or department has responsibility for the defense of the country’s submerged energy and cable infrastructure. As a consequence, two of the most critical sectors of the U.S. economy—communications and energy—could easily fall prey to a well-organized terrorist plot or a foreign attack. Fortunately, Washington still has time to correct course.
WHAT LIES BENEATH
British engineers laid the first submarine telegraph line across the English Channel in 1850. Eight years later, an effort backed by the American financier Cyrus Field bridged the Atlantic, linking Ireland to Newfoundland with a telegraph wire that eventually transmitted almost seven words per minute. After Alexander Graham Bell invented the telephone in 1876, the first underwater telephone cable soon followed, carrying conversations beneath the San Francisco Bay.
Although the number of cables proliferated, their speed and capacity stagnated until the introduction of two key advances during the 1920s and 1930s: coaxial copper cores and polyethylene insulation, which allowed individual cables to carry multiple voice channels and provided improved durability. In subsequent decades, capacity soared, rising from 36 voice channels per cable in the 1950s to around 4,000 in the 1970s. Nevertheless, installation and maintenance costs remained high, making satellites decidedly more attractive for carrying telephone traffic. Until the 1980s, satellites could provide almost ten times as much capacity as submarine cables while requiring only one-tenth as large an investment.
But then fiber-optic technology revolutionized global communications. In 1988, a consortium of British, French, and U.S. telecommunications firms laid the first fiber-optic cable across the Atlantic. TAT-8, as the line was called, could carry 40,000 telephone calls simultaneously—an order of magnitude greater than most existing coaxial cables could handle and at a fraction of the previous cost. Today’s fiber-optic cables can transmit an amount of data equivalent to the entire printed collection of the Library of Congress in about 20 seconds.
As a result, companies, governments, and individuals can send and receive more data than ever before. In 1993, Internet users transmitted around 100 terabits of data in a year; today, they send about 150 terabits every second. And this number is expected to exceed 1,000 terabits by 2020, fueled in large part by the expansion of cellular networks in Africa, Asia, and the Middle East.
Nearly all that data will travel along the seabed. Imagine, then, how damaging a determined attack on undersea infrastructure could be. One need only consider the destruction possible from natural causes and inadvertent interference. In 2006, an undersea earthquake near Taiwan snapped nine cables. It took 11 ships 49 days to finish repairs, while China, Japan, the Philippines, Singapore, Taiwan, and Vietnam lost critical communication links, disrupting regional banking, markets, and trade. In 2007, Vietnamese fishermen seeking to salvage copper from a defunct coaxial cable pulled up active lines instead, disrupting Vietnam’s communications with Hong Kong and Thailand for nearly three months and requiring repairs that cost millions. Given the scarcity of equipment and personnel, it could take months, if not years, for the United States to recover from a large-scale, coordinated assault. Attackers wouldn’t even need to target U.S. assets, since U.S. traffic flows through more than a dozen other countries that serve as major hubs for the global undersea cable network.
Much of this infrastructure allows the global economy to function. Every day, SWIFT, the Society for Worldwide Interbank Financial Telecommunication, transmits some 20 million messages to more than 8,000 banking organizations, security institutions, and corporate customers in nearly 200 countries, reconciling trillions of dollars’ worth of assets across global financial markets. Intercontinental Exchange, which operates a global network of currency exchanges and clearing-houses, typically processes over ten million contracts each day, covering the energy, commodity, financial, and equity derivatives markets. Without the undersea fiber-optic network, this type of electronic banking and commerce simply could not happen. And in the event that the cable system shut down, millions of transactions would be cut short.
Thanks to a number of factors, moreover, a major attack turns out to be surprisingly feasible. For one, fiber-optic cables, which are typically one to two inches thick, generally follow routes that avoid high-traffic shipping lanes, fishing areas, and sensitive environmental locations. Although that helps minimize the risk of accidental damage, it means that cables tend to land at only about two dozen major sites around the world. Of the roughly 40 major submarine cables that connect the United States to the world’s global undersea communications network, nearly all make landfall at narrow stretches of coast in California, Florida, New Jersey, New York, and Oregon. On the East Coast, nearly every transatlantic cable comes ashore within only tens of miles of one another in the New York–New Jersey area.
To make matters worse, maps of many cable routes are easily accessible to the public. Every year, operators report around 100 to 150 cases of major damage, roughly 70 percent of which are the result of human activities such as fishing and anchoring. That’s why submarine cable locations appear on nautical charts. Some cables even have acoustic beacons to make them easier to find. Information about global cable routes, meanwhile, is available on the Internet, making it easy to discern a given country’s weak spots.
With detailed coordinates at their fingertips, foreign militaries could target U.S. cables using remote-controlled submarines equipped with high-resolution sonar and loaded with explosives. The barrier to entry for this type of undersea warfare is relatively low, as several different companies now sell such technology on the consumer market. In fact, thousands of undersea vehicles, operated semiautonomously or remotely, are already in service worldwide. A well-financed terrorist group could easily get its hands on one in order to target key cables and junction points. It could also opt for brute force, using fishing trawlers equipped with deep-sea grappling hooks to maul cables in shallower waters.
The global undersea cable network does have a good deal of spare capacity, enabling the swift rerouting of global communications traffic in the event of an emergency like the 2006 Taiwan earthquake. Yet a well-planned attack could take this into account, targeting multiple intercontinental submarine cables, shore-based terminals, and coastal connection points. In the attack’s aftermath, service providers would likely struggle to cooperate, scrambling to repair their own networks by hoarding skilled personnel and scarce hardware.
The first offshore oil rigs appeared in California in 1896, not long after the first undersea telephone lines were put in place. But the industry stalled for decades. In the late 1940s, drilling came to a virtual standstill owing to disputes between state and federal authorities over the power to issue leases for oil exploration. But in 1953, U.S. President Dwight Eisenhower, who had campaigned on the issue, passed legislation empowering states to grant leases for activity up to three (and in some cases nine) nautical miles from the coastline and the U.S. Department of the Interior to sign off on drilling in areas beyond state jurisdiction. At first, U.S. offshore oil production rose steadily, from 133,000 barrels per day in 1954 to 1.7 million in 1971. Following a slew of new regulations in the 1970s and a steep decline in oil prices in the 1980s, however, growth slowed once again.
As interest waned, a dramatic shift was quietly under way in the Gulf of Mexico. New platform and drilling technologies were making it affordable to tap rich reserves of oil and gas at greater depths. Whereas an average-performing well in shallow water typically yielded a few thousand barrels of oil per day, deep-water fields provided upward of 10,000 barrels. Shell’s Auger field, which the firm discovered in 1987, eventually reached a maximum output of over 100,000 barrels. Using newly available three-dimensional seismologic tools, other energy companies, including Amoco, British Petroleum, Conoco, Exxon, and Mobil, also took part in the deep-water hunt.
Like the global undersea cable network, the United States’ deep-water drilling infrastructure is rapidly expanding while remaining almost entirely undefended. Drilling operations around the world, whether in the Bay of Bengal or the South China Sea, face similar risks. What’s more, as offshore energy infrastructure grows more complex, it is also developing new weaknesses. Today, a single production platform might draw on several undersea fields tens of miles apart. Each of those fields might have multiple wells linked by remotely controlled pipelines—potential targets for a hostile force. These mega-platforms are becoming increasingly important sources of supply: although the Gulf of Mexico is home to over 4,000 platforms, roughly one percent of them produce nearly 75 percent of the region’s total output.
A major attack on deep-water drilling infrastructure could have many immediate effects, but two stand out. First, the environmental damage could be devastating. Residents around the Gulf of Mexico are still feeling the repercussions of the 2010 explosion on BP’s Deepwater Horizon rig, and the cleanup costs have already reached into the tens of billions. Yet Deepwater Horizon was only one of thousands of production platforms and drilling rigs in the Gulf of Mexico, many of which belong to vast networks of undersea wells, pumps, and valves connected by thousands of miles of pipeline.
Second, an attack could cause a major disruption in global energy supplies. About one-third of global oil production now occurs offshore, with the largest fields in the Persian Gulf and the Caspian Sea. Onshore facilities along the Gulf Coast that are connected to sea-based ports by submarine pipelines account for over 40 percent of total U.S. oil-refining capacity and over 30 percent of U.S. natural-gas-processing capacity. Both in the United States and elsewhere, oil companies have increasingly ventured into deep and ultradeep water (greater than 1,000 and 5,000 feet, respectively). Over the past decade, global investment in offshore oil and gas infrastructure has steadily increased, from about $100 billion to over $300 billion annually. The estimated volume of newly discovered oil and gas reserves in deep water now exceeds that onshore and in shallow water. And by 2035, forecasts suggest, deep-water wells will account for 11 percent of total global production, up from six percent in 2013.
Submarine infrastructure is already vulnerable to attack and will become even more so in the coming years, especially as undersea vehicles grow more advanced and accessible. Unprotected cables and energy infrastructure could provide adversaries with all kinds of opportunities to gain the upper hand. Hostile forces could, for instance, plant explosive charges in sensitive locations and threaten to pull the trigger. Or they could set off explosions without warning, throwing markets into chaos and disrupting military command-and-control systems. State and nonstate actors could conduct anonymous attacks or act under a false flag. Attributing responsibility for a covert attack would prove challenging, making deterrence extremely difficult. Such moves wouldn’t be unprecedented, of course: before undersea fiber optics dominated global communications, cable cutting was a regular part of warfare. In 1914, the United Kingdom severed all five of Germany’s undersea cables in the English Channel the day after declaring war, and belligerents regularly snipped enemy cables during World War II. But today, it would be more difficult to sever fiber-optic lines without affecting a much larger and more interdependent system—making a potential attack all the more damaging.
Washington, meanwhile, has been slow to protect this Achilles’ heel. The Coast Guard, a component of the U.S. Department of Homeland Security, is responsible for maritime security, so protecting undersea infrastructure would presumably fall under its brief. But the agency remains narrowly focused on port security and, to a lesser degree, surface platforms on the continental shelf. It has fielded underwater surveillance systems to detect intruders and operates a small number of unmanned undersea vehicles—but mostly to protect ports, as well as to inspect pier structures and ship hulls.
The United States must do better. Although no panacea exists for protecting undersea infrastructure, Washington can and should adopt a number of concrete measures to reduce the likelihood of an attack and the consequences if one occurs. Although it would make sense for the Coast Guard to take on this mission, the agency currently lacks the manpower and expertise to do so effectively. The U.S. Navy, by contrast, has the requisite personnel and know-how but lacks law enforcement authority. Washington should therefore task the Coast Guard and the navy to work jointly, with new funding specifically tied to securing undersea infrastructure.
As a first step, the United States could declare protection zones within its existing exclusive economic zone—the maritime area in which Washington has special exploration and resource-exploitation rights—above critical undersea infrastructure, prohibiting unauthorized loitering and high-risk activities such as dredge fishing and anchoring. Some countries, including Australia and New Zealand, have already banned bottom trawling and anchoring near important fiber-optic lines. Given the vast expanse of ocean that would need to be monitored, enforcing such a ban would be difficult. But amending existing regulations would help. U.S. laws currently require certain types of large ships within “all navigable waters of the United States” to publicly broadcast their speed and direction. Authorities can use that information to monitor boats that are loitering too long in waters above or near critical undersea infrastructure. But smaller ships not covered by those rules can still operate huge winches capable of handling heavy grappling hooks or cranes that launch and retrieve undersea vehicles. Accordingly, Washington should require all ships with the capacity to mount an undersea assault to broadcast their positions. Since attackers might conceal their positions, the Coast Guard would also need to monitor the protected zones with coastal radar, surveillance aircraft, unmanned aerial vehicles, and surface patrols—a daunting and expensive proposition. To minimize costs, the agency could prioritize undersea infrastructure of the highest value, focusing on narrow fiber-optic cable corridors and a relatively small number of mega-platforms and deep-water ports.
With the exception of crude, grappling-hook-style attacks on the open sea and scuba-diver assaults in shallow water, nearly all other strikes on undersea infrastructure would require underwater vehicles. Given how dark it gets at low depths, those vehicles typically use high-frequency sonar to guide their course. Industry could be required to place relatively cheap sensors that detect sonar frequencies near key undersea infrastructure and along cable routes. If the sensors were tripped, they could alert nearby Coast Guard or navy vessels. To provide additional early warning capabilities, Washington could place acoustic sensors on the seabed or equip unmanned underwater vehicles to tow them in high-risk areas.
In addition to interdicting hostile vehicles, the U.S. government could increase the physical barriers in their way. To some degree, long stretches of submarine cables on the continental shelf already enjoy physical protection: many are buried underneath three to ten feet of seabed out to a water depth of about 5,000 feet. Although that layer prevents damage from dredge fishing and anchoring, it does not necessarily protect against explosives or physical attacks, so it may make sense to bury the cables at even greater water depths. And where pipelines from multiple deep-water oil fields come together, even rudimentary fences—metal nets strung between posts secured to the seabed—could do the trick. Since such barriers could stand in the way of routine inspections and maintenance, they would need to be used selectively.
Finally, Washington needs to prepare for the fallout if an attack succeeds. Undersea equipment is difficult to replace, so building redundant cable lines today could save billions of dollars in the future. To minimize the risk that a single attack could trigger a systemwide failure, the federal government could mandate new cable landing sites and offer tax incentives to firms that invest in redundant cable systems and backup hardware. Similarly, encouraging firms to build more deep-water ports—currently, oil and natural gas tankers rely on just a few—would make it more difficult for an attack on some of them to disrupt energy markets. There are also ample opportunities to cut red tape by streamlining the burdensome regulations that govern construction on the seabed. At the federal level, the permitting process can involve more than a half dozen agencies and take anywhere from a few weeks to a few years to complete. And pursuing a new global accord to monitor, protect, and repair transoceanic submarine cables would allow Washington to share the burden of repairing those cables in times of crisis.
Such policies would not be foolproof, but they would make it harder for an adversary to launch a successful attack. Their cost would be relatively low in comparison to the potential losses that would result from a global communications traffic jam or a massive oil spill. Yet the greatest barrier to reform is not funding; it is invisibility. Fiber-optic cables and offshore oil rigs work well and out of sight, and consumers tend to treat such critical infrastructure like oxygen, acknowledging its importance in theory but assuming its continued presence. If taken away, however, the effects would surely prove suffocating; minimizing the chances of a worst-case scenario, however remote they might seem, would be well worth the investment.