Is Your Cloud Being Tapped?
The Security Case For Dark Fiber Between The World's Data Centers
By Svante Jurnell
December 2, 2021
Today’s world runs on data that is being stored and processed in data centers around the world that were for the most part not even conceived of when the world’s current international fiber backbones were built. The need for bandwidth between these data centers is enormous, pushing the capacity of existing backbones to their limits and calling for ever more fiber to be deployed and lit.
However, the explosion in traffic volumes is not the only factor driving the need for more fiber. In this article, I'm going to discuss one of the drivers behind the need for more long-haul dark fiber between data centers which is not about the growing traffic volumes per se, but about the separate, equally pressing, need for enhanced security and integrity of the world's networks.
In other words, I would like to shift our attention away from bandwidth for a moment, and instead present some of the ways that the growing awareness, and well-founded concerns, about security-related issues are fueling demand for a greater volume of physical fiber strands on long-haul stretches than what can be accounted for by the sheer increase in traffic. I will also present some of the ways that my own company, Eastern Light, is thinking about these issues and how we are working with them in practice.
Eastern Light's focus on secure long-haul dark fiber links
Eastern Light is a Swedish independent company that builds, owns, and operates its own long-haul dark fiber infrastructure in northern Europe, for the express purpose of providing dark fiber connections end-to-end between major data centers in the region. Our speciality is to deliver fully-spliced fiber links all the way from a customer's equipment in one data center in one country the most efficient way to the customer's, or a cloud provider’s, equipment in another data center in another country. Our customers are mostly operators and hyperscalers, who install and operate their own active equipment on top of the dark fiber they purchase from us, but increasingly they are also other kinds of organizations with exceptional demands on their data networks. Most of our customers have massive capacity needs, and their reasons for demanding their own dedicated dark fiber, rather than lit capacity, are related to quality, performance, and cost-efficiency. However, we are seeing that the security aspect of controlling one's own fiber is increasingly coming to the forefront, and this aspect is significant for a much wider array of companies and organizations than those with the largest capacity needs.
Three security arguments for dark fiber
Most fundamentally, having your own dark fiber onto which you install your own active equipment of your own choosing allows you to have full control and insight into every piece of equipment that your traffic travels through. Aside from the benefits of quality and performance as well as commercial and operational independence, this is crucial in terms of cybersecurity, since it's the only way to ensure that your traffic doesn't pass through equipment that contains backdoors or that is compromised in any other way.
Secondly, modern state-of-the art encryption technologies – such as optical-layer encryption, which provides both the most secure, most practicable and most cost-efficient encryption solutions of today, as well as tomorrow's quantum encryption – require that one is in control of the physical transmission medium. In other words, one must have one's own dedicated dark fiber all the way between the end points.
A third reason to want to have one's own dark fiber on a certain stretch, rather than lit capacity, is that it gives you insight – in more or less detail, depending on who you're purchasing your fiber from – into the actual geographical position of the physical cable that carries your traffic. This is important in order to ensure full physical separation from other cables for redundancy reasons, but also in order to be able to identify instances where the cable may be vulnerable to unauthorized outside tampering, which I will expand upon in a moment.
Three ways for a cable owner to protect your fiber's integrity
Even as purchasers of dedicated dark fiber take full control of all of their own active equipment, it's still the job of the cable owner to minimize the risk for outside interference at the optical level, i.e., the risk of unauthorized tapping of the actual light somewhere along the length of the fiber. In this respect, all dark fiber links are not created equal, and at Eastern Light we have worked to address these issues in several different ways. Here I will briefly describe three of our approaches to managing this type of security risk, two of which serve to prevent tapping in the first place, and one which deals with how to detect tapping that is already ongoing or underway.