French fibre optic cables were targeted in an unusual attack

French optic fibre operators recently experienced an unusual coordinated attack on their networks, with multiple key locations being physically cut. What exactly happened to the network, why are networks a key target, and how will operators protect networks in the future?

French networks cables attacked

Recently, French network operators reported that multiple fibre optic cables had been cut in a coordinated attack by unknown individuals. The attackers were not only able to identify which cables were being used for internet traffic but ones that specifically handle the majority of traffic.

Each cable was cut within ten minutes of each other (suggesting a timed attack), and the attackers had targeted multiple points of the same cable separated by large distances. This type of attack makes it significantly more challenging to find breaks in the cable and repair them as a single break can be identified using signal tracers, but multiple breaks will only become apparent after the first break is fixed.

Those responsible for the attack remain unknown, but fortunately, the network operators were able to reroute traffic to other networks while repairs were made. It appears that the attack was designed to disrupt internet services going between Paris, Lyon, and Strasbourg, with the attack itself being executed under darkness at 4 AM. However, this is not the first time French network cables have been targeted by a coordinated attack. In 2020, network operators also experienced a similar attack with multiple cables targeted and cut by unknown individuals.

Why are networks a key target?

If one thing can be said about network infrastructure, it’s that they are essential to any modern nation. The internet used to be a place where information could be exchanged but wasn’t something to be relied on. For example, bills would be paid by direct debit, employee payments would be paid as cheques, and almost all groceries would be paid for in-store. Fast forward to 2022, and almost everything about modern life is done through the internet.

The switch over to internet-based services has made life extremely convenient; mobile apps can access bank accounts anywhere at any time, goods can be purchased and shipped without ever needing to leave home, and even complex infrastructure such as roads, rail, and electrical supplies can be controlled entirely from remote locations.

However, this reliance on internet infrastructure also makes it an ideal target for disrupting modern society. The use of £10 wire cutters on a few key cables can bring key areas to a grinding halt, especially if sites hosting cloud services are chosen. Once cut, emails cannot be sent, payments cannot be made, and communication is reduced to phone calls assuming that landlines and cellular networks are still operational. Furthermore, it should be noted that cellular towers also use fibre optic cables to connect to the internet. Thus, cutting hard-line cables can potentially bring down both cellular calls and the internet.

How can operators protect networks in the future?

The problem with modern network infrastructure is that it is not just vulnerable to physical attacks; cyberattacks can also disrupt the ability of ISPs and DSNs to service requests. As such, network operators have to protect their systems from multiple attack vectors, whether it is a large-scale DoS, physical cable cutting, or ransomware attacks on servers.

Regarding the protection of physical connections, there is very little that can be done. While cables are themselves reliable, the many hundreds of thousands of miles of cable mean that individual portions break frequently, and when they do, they require replacement. As such, large portions of the network need to be easily accessible by engineers, but doing so will make it easy for attackers to gain access.

If cables are buried and surrounded by concrete, then it would be entirely impractical for an attacker to remove the concrete and cut the cable, but this also means that repair jobs are also highly challenging and expensive. In the case of the French network cables, the junctions could have easily been surrounded by a metal cage or container with a lock that would make it practically impossible to open. Combined with an IoT sensor that detects the opening of the manhole, authorities could have detected unauthorised access and immediately sent police to the area.

Considering all of this, it makes more sense for operators to install far more cable than they will ever need with redundant systems that can handle additional traffic should an attack happen. Another alternative is for network operators to explore the use of directed radio beams (similar to “Tight beams” in the TV series The Expanse), whereby a line-of-sight beam between two towers allows for a dedicated high-bandwidth connection while having a low amount of dispersion.

Overall, the attack on French optic fibre cables demonstrates how the nature of attacks is changing, and we can expect such attacks to continue.