Finding Cyber Threats on Submarine Networks at AFCEA Defensive Cyber Ops Symposium

Improving Cyber Intelligence Amidst Explosive Growth on International Fiber Optic Cables Calls for Adaptability, All-Optical Switching, Big Data Analytics, Automation, and Orchestration

By Mike Seidler, Product Manager, NetQuest Corporation, June 4th, 2018

Subsea cables that carry an overwhelming majority of the world’s Internet traffic come ashore on U.S. soil at various locations up and down our nation’s coastlines. Network traffic volume and transmission speeds are undergoing a period of explosive growth, making it infinitely more difficult for government officials to conduct surveillance missions on the networks in a search for imminent cyber threats.

Cyber leaders convening on the AFCEA Defensive Cyber Operations Symposium during the week of May 14 were on a mission to help U.S. Defense Department cyber agents and warriors evolve with emerging innovations and adopt cutting edge-tools and technologies. That’s a tremendously important mission considering that some agencies within the DOD have the legal obligation to conduct intelligence missions on these submarine networks.

Ultimately, those in charge of threat intelligence want to detect cyber threats and monitor traffic to determine where cyber terrorists are staging their attacks and how to recognize the signs of an attack. It was a frequent topic of discussion for NetQuest representatives attending the symposium as government agency representatives explored the scope of the challenges awaiting them in their role as signal interceptors.

That’s because the revolution occurring on the subsea cables shows no signs of leveling off soon:

• First, traffic volume is expanding by a compound annual growth rate of 40 percent according to Ciena Networks (reference: https://www.ciena.com/insights/articles/From-Land-to-Sea-to-Cloud.html).
• Second, innovation in optical signaling technology divides a single trans-continental cable into multiple higher-speed pipes.
• Third, operators are introducing transmission speed upgrades at alarming rates: from 10 Gigabits per second just a few years ago, to 100 Gbps-plus coherent technology now.
• Talk of 400 Gbps deployments is rising, and it will only be a matter of time before deployments ramp.

To compare the search for cyber threats on international transport networks to finding a needle in a haystack underestimates the enormity of the task. But help is on the way in the form of big data analytics, all-optical switching, network orchestration and automation. Attendees of Defensive Cyber Ops were focused on a few innovations in long-haul transport network access and monitoring that could improve intelligence gathering in the effort to counter cyber threats:

• Purpose-Built: Deploy mission–optimized access and monitoring hardware. Using off-the-shelf hardware repurposed for threat intelligence is no longer useful because it fails to provide continuous visibility across the rapidly expanding network.
• Adaptability: Keep up with constant state of evolution and expansion. Many optical signaling vendors are deploying proprietary technology to get ahead of the curve and offer the highest speeds. These companies are far ahead of industry standards so methods to monitor these networks must be flexible to adapt to any signaling technique in use.
• Big Data Analytics: New tools such as IPFIX and NetFlow employ the latest data gathering techniques and can be used to track traffic anomalies to determine where attacks are coming from and what patterns are developing, despite rapid expansion in volume and traffic speeds.
• All-Optical Switch: Combining purpose-built access and monitoring tools with all-optical switching can expand simultaneous visibility from dozens of fibers to thousands of fibers, which is critical considering this current phase of growth.
• Automation and Orchestration: Higher level tools and capabilities expand the power of virtualization across submarine networks, and coordinate the surveillance capabilities of individual tools to guarantee visibility around the clock, providing the highest granularity.

To find out more about access and monitoring of subsea and other networks, contact the experts at NetQuest Corporation: https://www.netquestcorp.com/about-us/contact-us/.

About the Author: Mike Seidler leads product management for NetQuest Corporation where he directs the development of the company’s automated intercept access and cyber intelligence solutions.