Real Cutting Edge: More Focus Needed On Physical Threats To Carrier Networks
As the FBI investigates 11 recent carrier network outages caused by fiber-optic cables being physically cut in underground vaults on the West Coast, solution providers say there is not enough emphasis being placed on securing physical network infrastructure.
"When a carrier is building a network, I don't think they give enough consideration to physical threats," said Steven Gerhardt, founder of D&M Enterprise Group, a Holmdel, N.J.-based Platinum partner of telecom master agent Intelisys.
Gerhardt is one of a number of solution providers speaking out in the wake of last week's outage that impacted the networks of service provider Level 3 and global bandwidth infrastructure provider Zayo. Three underground fiber-optic cables were purposely cut by an unknown individual, according to the FBI.
Physical attacks on a carrier network are no less dangerous than cyberattacks, experts say. A cyberattack often targets specific data -- such as credit card numbers -- for financial gain. The motivation of a physical attack, however, is often to disrupt or destroy service and is more common than most realize, said Bryan Sartin, director of the Risk team at Verizon Enterprise Solutions.
Higher-profile cyberattacks that could result in stolen financial or health-care information are typically more headline-grabbing, but outages due to physical attacks can be just as damaging. "It's funny how we don't hear nearly as much about how some of these breaches or outages have cost big business millions upon millions of dollars as we do about the 'potential' that theft of personal information ’might' impact individuals," said Chris Poe, chief innovation officer of Atrion Networking, a Warwick, R.I.-based IT service provider and Level 3 partner.
Mike Oliver, president of Solus Network Solutions, an Auburn, Calif.-based telecommunications consulting and managed service provider, and an Intelisys partner, said Solus Network Solutions has experienced outages due to physical damage on carrier networks multiple times, and the problem is not specific to any one provider. "[It can] be someone deliberately trying to hurt a carrier, drug addicts mistaking fiber lines for copper, or just a backhoe in the wrong place at the wrong time," Oliver said.
While end users would certainly consider an alternative carrier if theirs proved unreliable, many solution providers said the most recent outages won't affect Level 3 or Zayo's credibility because any carrier could be susceptible to a similar attack. "This is something that is out of their control," D&M Enterprise Group's Gerhardt said.
But those that rely on a carrier that falls victim to a physical attack -- and don’t have a backup plan -- will certainly be impacted, Gerhardt said. "They most definitely care. This affects their businesses. Without Internet your business is frozen, making the Internet just as, if not more important, than phone lines. You can always have your calls rerouted," he said.
The big question, according to Atrion Networking's Poe, is what can be done to better protect physical infrastructure.
Atrion Networking doesn't have specific contingency plans in place related to physical attacks on carrier networks, but the company works with its end customers to understand their unique business requirements. "[We] design and support solutions with the appropriate amount of resilience and redundancy based upon the clients' specific needs, and the business/technology landscape," Poe said.
For its part, D&M Enterprise Group suggests having a backup connection that is completely redundant from the primary connection for its customers. A backup connection is an insurance policy that many are willing to pay for, Gerhardt said. "It is a lot cheaper than paying your staff to just sit around waiting for the Internet to come back online so they can go back to work," he said.
JULY 8, 2015