The issue is probably availability. Assuming Huawei to be an adversary, if they have control of communications, they can decide to drop all packets (or slow or drop some, etc.). This would wreck plenty of havoc on communications.
It seems to me that the US-China conflict has already started as a slow but expanding series of limited engagements. Today these are economic and "cyber". However even if such a conflict were to go kinetic, it would likely be in a more limited sense - most likely at sea.
An example of what limited conflict looks like is the Sino-Indian war which was kept confined to a limited geographic area. Its not a forgone conclusion that a conflict has to become "total".
There's no way a threat to navies won't quickly jump to very serious warfare, of a kind that breaks open to involve lots more than just limited seaborne engagements.
An oceanic conflict in the Pacific is going to ruin air traffic, and with both air and sea lanes compromised, you see the beginnings of blockades and economic business as usual encounters entanglements all over.
If big expensive ships start sinking, and the projection of air power changes, everything else heats up very quickly, because replacing military fleets (and the sailors to match) is a slow process, and any major setback could prove permanent and lasting.
Don't expect a naval limited war to stay limited for long.
The most likely scenario would be one “freedom of navigation” cruise too many. In which case it would be a small number of vessels. It’s in neither countries interest to have all out warfare so it seems unlikely the skirmish would extend past the vessels involved.
Well that's all good for the cables connecting USA and China but what about cables elsewhere? I guess in such a situation you wouldn't want you opponent to have control of critical infrastructure.
We need less people thinking like military people in the world. Too many toy soldier fantasies result in leaders like George Bush jr fulfilling their fathers dreams.
I imagine within hours of a total war, space will become a highly militarized battlefield with kinetic and laser weapons knocking just about everything down as fast as it is put up.
Which would prevent any chance of restoring them or any space travel at all for many generations until we work out how to clear out billions of bits of rubbish flying around faster than bullets.
Elon's new constellation must be making for some fun plannig for those people. 60 new targets now, several hundred more new targets real soon now. I wonder if SpaceX and Blue Origin are launching payloads they're designed to shoot down their own payloads?
Possibly. It's not like the military-industrial complex is known for it's cost-effective solutions though...
Given the manoeuvring requirements for the orbiting explosives, and the requirement to launch them with enough plausible deniability for it not to be obvious "there's a bunch of commercial satellite killers!" - I wonder if they could build and launch 60 of them for less than SpaceX paid to get the first 60 Starlink birds in orbit?
GP means that cables connecting enemy territories would be cut by submarines, not just that cables connecting warring parties would be cut at landfall.
It seems wise for the US to ensure that they control major backbones and don't become dependent on critical backbone links owned by (potential) adversaries.
Similarly, it's understandable that the Chinese want to start building their own backbone infrastructure so they're cannot be cut off from the world if they end up in a conflict with the U.S.. From that perspective, it makes sense that Huawei would start laying these cables. It can be seen as a defensive move.
I've long been wondering whether the Chinese have subverted IP infrastructure hardware, which is all produced in China, often by Chinese companies like TP-Link. How much of that stuff has a kill switch in it that they can activate if a conflict with the West breaks out?
But if there is a kill switch in so many cheap devices then wouldn't someone would have found it by now? It's not like people aren't looking. It's not like these devices are super secure.
Perhaps the higher end, non-consumer facing, equipment might have it. But for the cheap tp-link devices I highly doubt it.
And also the the software that runs embedded in the mobile phone chips (not the phone, but the chips for stuff like GSM/3G etc). And that's why the fight for 5g is important.
All the more reason it's not in the cheap TP-Link routers but in the mobile phone chips which can't be examined so easily.
There are multiple usable open-source LTE handset software implementations. They work with a suitable SDR like e.g. a LimeSDR or similar.
AFAIK not even a single open-source UMTS software implementation works well enough for practical, day-to-day use.
More than one of the LTE implementations archived that reliability. They all guzzle power though, IIRC. But that's the easy part (offload ping detection and FEC (de-)coding to an FPGA).
Thanks. I've heard of srs before but failed to notice their ENB project.
> srsENB has been tested and validated with the following handsets:
LG Nexus 5 and 4
Motorola Moto G4 plus and G5
Huawei P9/P9lite, P10/P10lite, P20/P20lite
Huawei dongles: E3276 and E398
That's a very limited set of handsets. I wonder what's stopping them from adding support for more devices: Is it lack of contributors (no traction, lack of interest), or the cost of development (insanely difficult to reverse engineer, potential IP infringement etc), or limited and buggy functionality (doesn't work with certain carriers etc)?
But non of the actual mobile phones will use software over dedicated hardware, so I fail to see the relevance of dalore's comment: "And that's why the fight for 5g is important"
> But if there is a kill switch in so many cheap devices then wouldn't someone would have found it by now? It's not like people aren't looking. It's not like these devices are super secure.
Meltdown was only discovered last year, despite being a vulnerability in virtually all Intel CPUs made since 1995. I suspect there are substantially more eyeballs on Intel, too.
Try building Meltdown on purpose! Who will know? How do they defend design choices to those who can't know?
Nobody can afford this in breadth. Granted, you can manufacture a rigged batch and keep it secret. But you can't have a broad capability and expect it to remain secret for long.
I'm kind of skeptical that there's a real risk here too... seems like a simple enough matter to ensure stuff you're worried about security of stays on channels you control right? This doesn't seem like that big a challenge, it sounds like more of a defensive measure than a threat.
I guess they consider their own country to just be a large intranet, and the internet- the web between countries, is the thing they want neutral? Politics is not fun to deal with.
The concern is less about traffic interception and more about being able to sever / significantly undermine a country's ability to communicate during, for instance, time of war. This is also largely where the 5G infra concerns come from.
Few and big backbones are responsable for almost all traffic. Few and big CDNs serving most of the contents that are used by everybody. Even few apps are "essential" for daily life.
Big money was/is created when internet become business as usual: few and big corps taking the biggest share.
Big backbones are only needed for commercial traffic, like Netflix. If it comes to war, I think the first thing US government will do is it will force all ISPs to cut off private network connections in order to 1) save the bandwith 2) stop spreading of inconvenient news.
It's not just the cable plant but also the transport gear that are the add/drop points for their OSN/OTN. I feel like the article fails to expose this. When the first active element in an optical network is Huawei they can choose to siphon (or worse?) optical lambdas at will.
I'd generally agree with you but network position carries a weight and value. Being at the crux of a NAP has significant "free" upside meaning that I can easily DoS any downstream on the network and subjectively block, throttle, and generally impede others at will. I can also still easily manipulate critical services such as DNS, BGP and others as well as use my position for intelligence gathering and masquerading. Just because we shouldn't trust the network doesn't mean other services have the luxury of strong crypto.
Are you thinking of encryption or something? Because that doesn't prevent an eavesdropper knowing how much data was transferred, to and from whom, and when. That could all be sensitive information.
The Five Eyes governments have access to Layer 2 and 3 encryptors for site-to-site protection rated by their security services to be way more secure than most stuff out there. They also have ability to do constant transmission of packets to hide metadata. Only Defense organizations are allowed to buy them. They can buy and deploy them if concerned about untrusted intermediaries.
When they don't usually means something else is the problem.
That's incorrect and a different issue. I'll address it, too, though. The first are systems made to NSA's Type 1 abd TEMPEST certifications. They have requirements for RNG's, assuring implementations, failing safe, side channel mitigation, etc. NSA puts them through rigorous pentesting. If NSA cant hack it, then it gets approved to protect Defense assets. There's strong controls on handling the hardware and key systems. Feel free to try to buy NSA's Inline Media Encryptor or General Dynamics Type 1 encryptors. They'll tell you that you can't buy it. Go try. Ask them for a HAIPE implementation while you're at it. I hope you prove me wrong.
Far as export, I looked into that in 2014. I found that only a few things, like mass market and ecommerce, got reclassified. High-assurance systems (EAL6/7) they couldnt hack were still munitions. So were custom crypto and some other things. People got fooled: NSA reclassified just the stuff they'd be able to hack anyway. Big progress but not what people thought.
I don't know what current state of affairs is. I assume they've set it up where they can deny selectively if they feel the need to. So far, most "security" products are too insecure for them to need to do that.
If it were properly encrypted it might be negitible. But DNS for instance still isn't. And the BGP is completly broken. There was a case recently where someone used BGP to redirect users of myetherwallet to steal their coins. They failed to obtain a SSL certificate so the users could have noticed. But with a more sufisticated attacker I think the average user has no chance to detect such an attack.
Surely a few potential snooping countries have the capabilities to tap seabed fibre by now, and we'd be better served having carriers add encryption at the link level regardless of who laid the cable.
None of them are less important. All three need to be present in order for a system to be secure.
Especially when it comes to attacking infrastructure, removing the availability of operations on this infrastructure is a good attack vector. This can be done by, for example, creating a temporary ban on logging in. It can be done by reporting a hacking attempt from the legitimate IP address range.
Being "properly secured" isn't as simple as it seems because it's not a matter of simply securing against today's threats, but for those in the future, for as long as those communications need to remain secret.
It's possible, perhaps even likely that all communications would be recorded for decryption later when if / new techniques become available.
At a certain point you place trust in SSL certificate authorities. Couldn't a company that runs the infrastructure itself spoof IP addresses and man-in-the-middle everything?
What do you mean by that? Like a country redirects DNS resolution to their own controlled IP's and gets one of their CA's to issue duplicate certs? That could certainly happen and would be devastatingly effective until other people catch on.
Spoofing IP's alone isn't enough, but CA infrastructure is very much based on a trust that is weaker than we'd like to admit.
Huh? Are you kidding? Each cable bundle can transmit petabytes of data per second. Think of all the Netflix movies being watched in Japan and Australia transmitted over that cable. Why would anyone encrypt that? Furthermore, the hardware required to encrypt, even if feasible (and that’s unclear), would be astronomical in cost.
Plus, it’s not just about access. A malicious actor could always damage or destroy the cable, cutting off a primary channel of communications.
They're also almost always served via a local CDN node. A million Australians watching the latest Game of Thrones episodes probably means a couple dozen transfers of that file across the Pacific, not a million.
> If you're an ISP, Netflix will even send you (free!) servers for this.
startyourownisp.com
I think this might be a bit much for getting some freebies. It would be fun, though. Unfortunately, it would take me a lot of work in the place I'm at for this to make any sense at all.
Setting up an asymmetrical encryption channel can be hard (and expensive). But once it's set up it moves to a cheaper faster symmetrical encryption which rotates the keys. There are dedicated chips for this encryption that it barely takes any processing power at all.
Also note that would be the backbone encryption channels, but inside those people would be using https which is encryption further up the networking stack.
I don't understand this at all... if the communications across the cable are properly secured then it shouldn't matter what cables it runs across.