Actually, the underlying assumption of this paper is that major networks already have a large global backbone that need to interconnect in n-regions. The choice between Direct Circuits and Colo-based cross connects is discussed and documented with costs and tradeoffs. Surviving a major attack was not the focus of the paper...but...
If the major networks in questions are long-distance companies and local phone companies, then they are already interconnected in N places. For one reason or another, at the present time they are simply not running IP at those points. It is equivalent to having networks in the common facilities that choose not to interconnect.
When I did this research I asked ISPs how many Exchange Points they felt were needed in a region. Many said one was sufficient, that they were resilient across multiple exchange points and transit relationships, and preferred to engineer their own diversity separate from regional exchanges.
Very few ISPs in reality have any physical divercity.
A bunch said that two was the right number, each with different operating procedures, geographic locations, providers of fiber, etc. , as different as possible. Folks seemed unanimous about there not being more than two IXes in a region, that to do so would splinter the peering population.
Security is always considered a waste of money. It is nothing new. The reason for that is that it is impossible to see the benefits when there is no problem.
Fine - we both agree that no transport provider is entirely protected from physical tampering if its fiber travels through insecure passageways. Note that some transport capacity into an IX doesn't necessarily travel along the same path as the metro providers, particularly those IXes located outside a metro region. There are also a multitude of paths, proportional to the # of providers still around in the metro area, that provide alternative paths into the IX. Within an IX therefore is a concentration of alternative providers, and these alternative providers can be used as needed in the event of a path cut.
They are using the same paths to get into the buildings. If they are not using the same paths exactly, their paths are close enough to each other within N meters from the building.
2) It is faster to repair physical disruptions at fewer points, leveraging cutovers to alternative providers present in the collocation IX model, as opposed to the Direct Circuit model where provisioning additional capacities to many end points may take days or months.
This again is great in theory, unless you are talking about someone who is planning on taking out the IX not accidently, but deliberately. To illustrate this, one just needs to recall the infamous fiber cut in McLean in 1999 when a backhoe not just cut Worldcom and Level(3) circuits, but somehow let a cement truck to pour cement into Verizon's manhole that was used by Level(3) and Worldcom.
Terrorists in cement trucks?
No, but since that caused a multi-day outages for certain customers due to a single point of failure, I am sure someone can appreciate the outage that can be caused by detonating a hundred killograms of high explosives inside a collo facility.
Again, it seems more likely and more technically effective to attack internally than physically. Focus again here on the cost/benefit analysis from both the provider and disrupter perspective and you will see what I mean.
Easily accessible brute-force *always* wins. Any chain is not stronger than its weakest link and concentrated infrastructure was, is and always will be, the weakest link if one can mount an attack using bruce-force. Neither the data centers, nor COs nor exchange points that are vital so far had been designed in a way that they could withstand a direct physical attack even by an individual with a handgun, not to mention anyone carrying explosives. When that problem gets solved, we can concentrate on attracks against IP infrastructure. Alex