Recent data of cyber security facts have shown the extent of how much cybercrime is actually happening all the time across the world, where many forms of data are not thought about needing protection from hackers. Unfortunately, people buy and use their technology thinking that the relevant cybersecurity features have already been implemented for them. But this is simply not the case. For example, if you use your mobile phone primarily for your work, you should take the time to see how something like the Microsoft Intune mobile security application can help to ensure that your mobile is safe from hackers and that you can go about your business without being concerned about a breach. Though this is something that could be beneficial, there are still many things that make people and companies vulnerable to cybercrime. Undersea data cables form an often overlooked and very under-rated part of data transmission worldwide. In fact, about four hundred cables carry close to 99% of trans-oceanic data, making them a critical resource for the economies of the world. These cables act as pillars to the digital age we live in today, and what makes the situation interesting, is that this worldwide infrastructure rests solely in the hands of private corporations.
Today’s dynamic and complex geopolitical scenario make the safety and structural integrity of these cables a major security concern. Furthermore, it is no secret that data cables should only be fitted by professional data cable installers. However, negligible attention has been paid to the international legal framework in place to deal with damage or harm caused to these cables, which are the backbone of the world’s internet.
Threats to Undersea Cables
Threats to undersea cables can be linked to either physical or network attacks.
Physical damage to undersea cables is often caused by accident, due to careless fishing or anchors of ships. However, both historically and recently, physical damage to cables has been intentional in nature as well.
During the First World War, Britain succeeded in severing all but one of Germany’s telegraph lines. They tapped into the last one, and used it to intercept strategically vital communications. In retaliation, the Germans attacked British telegraph cable sites in the Pacific Ocean. The above incident highlights important loopholes in protection of cables, namely:
- Direct cutting;
- Tapping; and
- Targeting of landing sites.
More recently, it was estimated by Bangladesh that an intentional outage of cable lines caused a local telecommunication company losses amounting to about $1million. In 2013, Egyptian officials arrested scuba divers who were allegedly attempting to cut off a cable line off the port of Alexandria. The effects of damage to these cables are acute in nature, as is evident from the earthquake in Taiwan, which caused significant damage to a collection of cable lines. The disaster led to a major disruption of internet across Asia, and led to months of slow connectivity.
In today’s digital age, cables also face a genuine threat from virtual attacks. Submarine cables (which are very expensive) are managed and controlled by companies which often use commonplace network-management-software to control wavelengths of data. These systems allow controllers to monitor data traffic and also ensure supervisory control. Unfortunately, many of these management systems are linked to the internet because they are connected to remote operating centres across the world. This makes them vulnerable to attacks, as they use rudimentary systems such as Linux and Windows. In a paper published by the Harvard Kennedy School, Michael Sechrist argues that hackers could easily gain “administrative level access to a cable management system“. This would allow the hacker to view cable vulnerabilities, network and data flows, and enable him/her to detrimentally disrupt data traffic.
International Law on Damage to Submarine Cables
The first conclusive and tangible international action to protect these cables was the Convention on the Protection of Submarine Cables, signed in 1884. The treaty applies to all those cables which are outside the territorial waters of states and requires nations to incorporate the treaty provisions into domestic law. Article 2 states that “the breaking or injury of a submarine cables, done wilfully or through culpable negligence…shall be a punishable offense.” An important point to note is that Article 15 lays down that its provisions “shall in no wise [sic] affect the liberty of action of belligerents.” This makes the Convention inapplicable during wartime.
Marine law is also fundamental to the protection of undersea cables. The 1958 Geneva Conference addressed submarine cables in two documents, namely, Convention on the High Seas (High Seas Convention) and the Convention on the Continental Shelf. Article 27 of the High Seas Convention addresses damage to cables, but fails to clearly prohibit the intentional damage to them. It leaves the persecutory powers on signatories, by stating that the party should “take necessary legislative measures” to make breaking of cables a “punishable offense.”
The United Nations Convention on the Law of the Sea (UNCLOS), signed in 1982, superseded the Conventions signed in Geneva. The UNCLOS is a landmark treaty and has been fairly influential in the international sphere. UNCLOS addresses undersea cables in different chapters. Articles 113-115 of UNCLOS replicate the 1958 Geneva Conventions, and lay down that signatories must enact domestic legislation to penalise damage to cables by ships or persons belonging to their jurisdictions. UNCLOS also grants states the autonomy to undertake economic activities as per their discretion, in Exclusive Economic Zones (EEZs), which extend to 200 nautical miles beyond states’ territorial waters. Laying of cables within the EEZ is one of the multiple freedoms accorded to states that are parties to UNCLOS. Article 79 of UNCLOS allows states the freedom to lay cables on the continental shelf.
International Law on Cyber Attacks
It is indeed surprising that presently, no international treaty addresses cyber warfare operations, despite a United Nations (UN) sanctioned group concluding that international law and the UN Charter, both, are applicable to cyberspace.
The Tallinn Manual on the International Law Applicable to Cyber Warfare (the Manual) lays down provisions with relation to submarine cables. International law protection has been extended to submarine communication cables. The explanation to Rule 54 accords states sovereignty over submarine cables in their territorial waters, stating that “[T]hey generally are treated in the same fashion as cyber infrastructure located on land territory.” The Manual also states that protection of undersea cables has risen to a norm of customary international law and it would be in states’ best interests to protect the right of all states to lay cables. Also, the Manual makes it clear that it is inapplicable during wartime, by stating that it is “without prejudice to the rules applicable during armed conflict.”
It is pertinent to note that while cables are somewhat protected by international instruments, there exists a school of thought that advocates for the wartime protection of these cables, reasoning that these cables become legitimate targets during times of war, owing to their obvious importance.
*Saurav Roy and Lisa Mishra