Editor’s Note: Richard Salgado teaches at Harvard and Stanford law schools. He has worked on undersea cable security issues as a prosecutor with the US Justice Department and as a senior director at Google. Currently he is the principal member of the firm Salgado Strategies LLC, providing consulting services to clients including those with undersea cable operations. The views expressed in this commentary are his own. Read more opinion on CNN.
That we depend on undersea cables is obvious. Two often-cited statistics are that undersea cables are used to make over $10 trillion of financial transactions each day, and that they carry over 99% of international voice and electronic data.
So, there was real concern Monday when HGC Global Communications announced that several undersea cables off the coast of Yemen in the Red Sea, carrying huge amounts of data and communications, suddenly went dark. Some speculate that they were intentionally cut; Houthi rebels who have targeted maritime traffic in the area denied cutting the cables.
The damaged Red Sea cables connect enormous populations and land masses, not only regionally within the Middle East but also with the African, Asian and European continents. The impact of this disruption is reportedly falling mostly on India and countries in the Persian Gulf.
Repair is rarely easy with any cable break, and will prove to be particularly difficult in an area fraught with conflict. Estimates are that it will take months and will be very expensive. In the meantime, the cable operators have been attempting to re-route the traffic through other cables.
These cables are part of a worldwide undersea network that conveys information at the speed of light for all of us. Our financial, educational and government institutions cannot operate without this network. The same is true for health care systems, militaries, industries and average individuals. The world depends on the undersea cable network, so ensuring its resilience during outages is crucial.
We are again being offered a valuable if sobering lesson. The US government is in a position to greatly improve the situation but has yet to take this critical action. It needs to make resilience the top security priority for undersea cables and promote, not hinder, the laying of more state-of-the-art cables along new routes.
Undersea cables suffer outages regularly. There are approximately 870,000 miles of undersea cables in service today. The best estimates are that unplanned outages occur around 150 times a year.
Most outages are the result of accidents. Fishing equipment being dragged over cables and snapping them tops that list. Natural events like volcanic eruptions and earthquakes can also put cables in peril. The magnitude 9.0 earthquake and tsunami that hit Japan in 2011 knocked out many cables and landing stations. Without alternative routes to carry traffic, natural disasters can leave a country cut off from the rest of the world, as Tonga experienced in 2022 after volcanic activity severed its undersea cables.
The cause of the Red Sea undersea cable disruption is still a matter of conjecture. As opposed to most breaks, there are circumstances here supporting, though not proving, the theory that this was an intentional act. We will certainly learn more when the cuts are located and inspected, though it’s possible we may never have a conclusive explanation.
Regardless of the cause, we should take this moment to evaluate how we can make the undersea cable system resilient.
People who have abandoned their landlines for mobile phones may recoil at the fact that we use seemingly old-school physical wires that stretch enormous distances, rather than satellites, to connect the world.
Satellites do not offer a realistic replacement for cables yet. Connections through satellites are too slow and the bandwidth too low to come close to what cables offer. In any event, satellites may prove to be vulnerable as well, particularly if countries move to develop anti-satellite capabilities as Russia is reportedly doing.
Undersea cables are the only contender to handle international communications for now. When a cable fails, it matters. It is essential that there are alternative cables, of sufficient capacity and operating at sufficient speed, to take up the traffic immediately.
As a bonus, having fallback routes at the ready means that intentional attacks will be less effective and thus presumably less likely. The single best defense is to have lots of modern cables, running on different routes, connecting geographically dispersed landing stations.
That’s easier said than done. Designing and building an undersea cable system is an extremely expensive and long-term endeavor. A transcontinental cable can cost hundreds of millions of dollars and may take close to a decade to complete.
Much of the engineering and operation of undersea cables has been done by the private sector, sometimes with government financial backing. The first undersea transcontinental cable, connecting Newfoundland to Ireland, was laid in 1858 by the Atlantic Telegraph Company.
To inaugurate the momentous achievement, Queen Victoria and President James Buchanan successfully exchanged messages, at the rate of one letter every two minutes. Within weeks after it was lit, it failed. Short-lived as it was, it ushered in a new era of massive technological improvements, and cables stretching the breadth and depth of vast oceans.
Today, many of the newest and longest routes are being financed, designed and built not by traditional phone companies but the so-called hyperscalers like Amazon, Google, Meta and Microsoft. These next-gen cables can handle much more traffic, extend distances well beyond what was possible even just a decade ago, branch to regions never before served and carry data far faster than any cable of the past. Every one of these new state-of-the-art cables adds to the network’s resilience.
Given the significance of more and better cables, one would expect that the US government would have a unified and comprehensive national strategy to encourage and accelerate new deployments. It would be one that incentivizes the private sector to invest in high-capacity, low-latency cables connecting diverse locations. It would promote speedy repairs and foster sharing of threat information to help cable owners to improve security and incident response.
Our federal government has no such strategy.
Instead, the government largely relies on a slow, unpredictable, cable-by-cable licensing regime precariously built on a vague statute from the 1920s, enacted when international data flows comprised short telegrams and the rare expensive international phone call.
The Federal Communications Commission is the agency in charge of undersea cable licensing decisions. Security of the cable infrastructure plays an important role in this process, as it should. The FCC delegates responsibility for national security evaluations to the departments of Justice, Defense, and Homeland Security, and defers to their views.
In this role, these three departments exert influence over what routes are proposed, how they are designed, and how they are operated, sometimes insisting on details verging on minutia. They have a belabored and slow review process that has survived attempts to streamline it.
An applicant that sticks with it will, in the best of worlds, be required to sign a security agreement with the departments. Refusal means the departments will recommend to the FCC that a license be denied, a recommendation that will surely carry the day with the FCC.
These three departments have tremendous leverage to impose obligations on license applicants. In recent agreements, they have used that leverage to impose burdens beyond the scope of the licensing authority to reach non-cable parts of an applicant’s business. They have also required pre-approval of the installation of equipment and software in a manner that can delay important security upgrades and patches.
Negotiations are inherently adversarial, and these are made worse by the government’s mission creep, opaque rationale for requirements and lopsided bargaining position. The process does violence to what should be an open and frank relationship around common goals like security.
And things may be getting worse. The Biden administration recently issued an Executive Order that is mostly focused on the sale of sensitive data to certain countries, but also has ominous provisions that threaten to further deter undersea cable development.
The Red Sea outage is the realized risk that we must confront. The US should adopt a governmentwide strategy on undersea cables, with resilience as a keystone priority. The implementation should be multifaceted. Among other reforms, it should provide for reasonable undersea cable regulation that does not hinder investment. The FCC must be more diligent in handling license applications faster and avoiding overreach. This resilience initiative should also include a program to share threat information with cable operators, who are keen to protect the security of the data traversing their cables and the infrastructure itself. And the government should work to increase the availability of repair vessels to quickly fix damaged cables by negotiating with other countries to remove legal barriers that limit access.
The resilience of the undersea network is crucial to all of us. We can do better.
