http://www.fcw.com/article94825-06-12-06-Print By Brian Robinson June 12, 2006 Most federal agencies and an increasing number of state and local offices have made significant investments in communications services that run over government-owned or commercial fiber-optic networks. Fiber can carry much more data than traditional copper lines and at lower costs. Besides government operations, a growing part of the country's economy depends on the Internet and its fiber-based backbone - everything from online shopping and entertainment to banking and health care. But given its vital importance as a communications medium and general concerns about terrorist threats to the country's economic and critical infrastructure, just how secure are the country's fiber networks? Experts say fiber, like any network technology, is indeed vulnerable to a determined eavesdropper with the know-how and right equipment. That means agencies should safeguard sensitive data. From a broader, more systemic perspective, however, the country's fiber-optic infrastructure is more redundant and thus more resilient than it was a few years ago, reducing the chances that an attacker could cripple large segments of it, experts say. But localized problems stemming from physical damage to the infrastructure - intentional or not - still have the potential to affect its availability. Not a priority For an increasingly technology-dependent country, the security of fiber-optic networks is apparently low on the list of concerns for those whose job it is to worry about such threats. For example, in its recently published "Federal Plan for Cyber Security and Information Assurance," the National Science and Technology Council identified the Internet's Domain Name System, network routing protocols and a host of other process control systems most in need of security research and development. The report did not address fiber networks and other infrastructure issues. Meanwhile, the U.S. Cyber Consequences Unit (US-CCU), an independent research group that advises the Homeland Security Department, did not include the fiber infrastructure in a recent draft of a cybersecurity issues checklist it gave to DHS. That checklist identified measures at the enterprise or organizational level, said Scott Borg, director of the US-CCU. The unit will probably investigate fiber infrastructure security issues later, he said. With technology budgets tighter than ever, organizations may decide that fiber security is just not that pressing compared with other cybersecurity issues, said Bernard Skoch, executive vice president of Suss Consulting and a former principal director for network services at the Defense Information Systems Agency. "People in government are in a classic fight over funding and have to prioritize their needs," Skoch said. "In some ways, it takes a greater level of sophistication to say why something is not needed, and right now, I think there are a lot of people who have concluded that the fiber infrastructure mesh is well-enough protected." Hacking fiber Some experts say the notion that fiber networks are sufficiently secure may not be a well-informed conclusion. Tapping fiber without detection is difficult but certainly not impossible, they say. One of the classic assumptions about such networks is that it is inherently more secure than copper cable. A signal traveling over copper tends to leak outside the cable, so anyone with a sensitive scanner could pick up those signals and access the data. Because fiber uses various wavelengths of light rather than electrons to carry data, it does not routinely suffer from similar leakage. Stealing data in transit - between the two ends of the fiber - means someone has to physically break a fiber strand to tap it or somehow bend the fiber enough to induce light to exit the fiber. That is not an easy task, some experts say. Physically tapping into fiber means you will interrupt the data stream, which will alert a network operator, said Frank Dzubeck, president of Communications Network Architects, a network integrator. "To detect the light passively, you have to first strip away all of the shielding around the fiber and then put something in place to catch the light bouncing off the glass of the fiber strand," he said. "And then you have to determine what the data is that you are capturing. This is all involved specialty equipment. It's not something you can purchase on the open market." But Seth Page, chief executive officer of New York-based Oyster Optics, which makes intrusion-detection equipment, said he believes that the fiber infrastructure is vulnerable to hackers who can tap fiber with common maintenance tools that are available worldwide. "This same equipment with modifications can be used to capture 100 percent of the voice, video and data going across the network," Page said. "All you need to do is get access to the fiber loop serving a particular building." Hackers don't even need to get all of the data traveling on the fiber, he said. The packet headers reveal information about phone numbers, IP addresses and the fiber service provider. Even if an organization encrypts data and a hacker does not have the means to decrypt it, the packet headers would not be encrypted, he said. The hacker could save the rest of the data and attempt to decrypt it later. The equipment that can capture light from the fiber can also easily inject light into it, Page said. That would allow a hacker to modify or jumble the data going through the fiber, corrupting it or causing a denial-of-service attack on the network. Perhaps the biggest danger to fiber networks is the so-called backhoe effect, a decidedly low-tech danger. It happens when contractors or private landowners dig into the ground and inadvertently break fiber cables that telecommunications companies have laid. As recently as 2004, telecom facilities were still among the most likely to be affected by excavation work. The Common Ground Alliance, an industry organization aimed at limiting damage caused by such events, said telecom operations made up 27.5 percent of the reports it received about such accidents. "It's still probably the most significant threat," said M.E. "Mich" Kabay, associate professor of information assurance at Norwich University in Vermont. Nerve-wracking map Fiber's vulnerability to errant digging underscores the notion that deliberate tampering poses a real risk, Kabay said. "The telcos are so concerned about making sure people don't dig where their fiber-optic cables are," he said. "But on the other hand, if you were a terrorist, where would you then go to bring down all of the northeast corridor communications?" The potential chaos that such sabotage could cause was highlighted in 2003 when a doctoral thesis written by George Mason University graduate student Sean Gorman sparked widespread consternation in industry and government. Gorman used public sources to compile a map of all the major business and industrial sectors in the country and overlay a representation of the fiber infrastructure that connected them. With a single mouse click, anyone could see the location of communications choke points for vital sectors of the U.S. economy. The infrastructure's resiliency has improved in recent years, however, through an effort to re-engineer it into a hierarchical structure of fiber rings that mesh together, Dzubeck said. "Nothing is centralized in one spot anymore, so if you want to take out one of these [rings], you'd have to take out many, many sections at once," he said. "There are multiple paths communications can take through these rings, and if you do cut a cable, you are only cutting one small section." All of the fiber in place in the United States now is redundant because of this new configuration, said Ron Martin, vice president of service provider development for optical networking at Cisco Systems. "Every fiber now has an alternate path through which the data can be sent," Martin said. "If there is a fiber breakage or an equipment failure, the communication reroutes itself, causing maybe hundreds of milliseconds of disruption at most." IP design also enables this dynamic rerouting. IP breaks data streams into various packets that a network can route via different paths and then reassemble at the final destination. "We've not figured out a way to stop people [from] digging up our fiber with backhoes, so the key is having some way to allow customers to recover from those events," said Steven Parrott, a product development manager at Sprint. "With IP, if you lose a particular fiber path, it's very simple just to reroute the data." The bottom line for users is that there is minimal, if any, disruption in their communications, Parrott said. Despite continuing instances of fiber breakages, the Alliance for Telecommunications Industry Solutions reported that facility outages were at a record low in 2004, and it was one of the best years for network reliability. Nobody fixes leaks in a roof unless it's raining, said John Pescatore, vice president and research fellow at Gartner Research, who previously worked at the National Security Agency and the U.S. Secret Service. Without a smoking gun to indicate a threat or attack, most officials do not worry about fiber's security, Pescatore said. "People don't care." [...] _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue Jun 13 2006 - 05:11:49 PDT