You may have noticed on the front page of the media last Wednesday, April 27, that coordinated acts of malice have disrupted Internet access. These disruptions affected a number of large cities such as Grenoble, Lyon, Besançon, Reims and Strasbourg.
A preliminary investigation has been opened by the cyber section of the Paris public prosecutor’s office for the charges of “deterioration of property likely to affect the fundamental interests of the Nation”, “obstruction of an automated data processing system” and “criminal association”. (Euronews 27 avril 2022).
The striking point in this case is the coordinated nature of these attacks. It is obvious that the perpetrators knew the network and were able to attack inter-regional cables within a few minutes of each other, in several different locations. It seems that Free’s customers were the most affected, but SFR was also impacted.
It is important to remember that all our telephone, internet and TV communications pass through this type of cable. If acts of vandalism have already occurred, the organization, timing and execution of the acts conducted this Wednesday, April 27, are rather disturbing.
Events in a troubled international context
These events occur at a time of high international tension, when fears of attacks on our intercontinental fiber networks are being raised. Russia is believed to have the equipment to carry out this type of attack, despite the difficulties in implementing these threats.
It should be noted that an increasing number of Russian “fishing” or “oceanographic” vessels are sailing along the French or Irish coasts. Serge Besanger had expressed these concerns in his article of October 21, 2021 (The Conversation), indicating in particular that the Yantar, a Russian “oceanographic” vessel with an AS-37 mini-submarine, was able to dive in August 2021 to a depth of 6,000 meters off the coast of Ireland, following the route of the Norse and AEConnect-1 cables that connect Europe to the United States. Russia has done this type of operation before, including in 2014 during the annexation of Crimea by cutting Ukrainian cables.
Internet a network architecture
By its conception, the Internet is a network of packet communication networks without a nerve center (each packet of information is sent and processed by the ready reception node, in case of deficiency of one of the nodes the packet goes through another path – Universalis). This architecture stems from the Arpanet project, a military project initiated by DARPA. It was created at the time of the Cold War, with the objective of resisting a nuclear conflict.
Can this architecture, which was the guarantee of being able to continue to function in a degraded mode, still fulfill this function in the face of the explosion of digital use, and in particular the generalization and acceleration of the use of the Cloud? From now on, 99% of our communications (telephone, video, internet) go through these information highways. What would be the impact of the rupture of one or more of these highways on the functioning of all the other infrastructures? What would be the impact on our banking exchanges? What would be the impact on the preservation of our data in case of coordinated attacks on the network? These are the questions that are bothering me and to which I do not have an answer. But has the risk been measured? And what are the plans to compensate for this risk?
What risks for our infrastructures?
The events of this week raise many questions. If we can consider that the risk of attacks on submarine cables remains low given the means to be implemented, there are still questions about the protection of our digital infrastructures more locally.
Indeed, if infrastructures such as large data centers have a correct level of security, we can ask ourselves the question of the protection of our fiber optic network on these major routes as shown by the events of Wednesday, but also on the final loops.
For example, what about the protection of the distribution cabinets (residential or industrial buildings), of the splitters in the residential areas which seem to be accessible and not very well protected? Wouldn’t they be easy targets for sabotage? If the impact seems to be limited for each affected area, could a multiplication of such small acts in number and not very detectable finally have a significant impact given the high rate of digitalization of our society?
With our liberal policy, since the privatization of the late France Telecom, all national telecom and internet actors are private actors. Wouldn’t it be appropriate, as was done for EDF with the creation of RTE, to create a public player whose mission would be to manage the network infrastructures? Would taking these elements out of the strict competitive sector allow us to strengthen our facilities? The question seems legitimate.