Backbone Infrastructure and Secrecy
NANOG's Sean Gorman is in the news: http://www.washingtonpost.com/wp-dyn/articles/A23689-2003Jul7.html I would find GIS like the one described *very* usefull in finding transport providers. If I could see who has what where, I would know who to go to for quotes. As it stands, most of this information is hard to get ahold of. Who, besides Sean, has maps like this? The state PUC? If so, is that information available to the public? Do you have to go thorugh a background check and/or sign an NDA? Or is it only the providers themselves that have the maps for this stuff? -Adam
On Tue, Jul 08, 2003 at 11:29:23AM -0400, Adam Kujawski wrote:
NANOG's Sean Gorman is in the news:
http://www.washingtonpost.com/wp-dyn/articles/A23689-2003Jul7.html
I would find GIS like the one described *very* usefull in finding transport providers. If I could see who has what where, I would know who to go to for quotes. As it stands, most of this information is hard to get ahold of.
Who, besides Sean, has maps like this? The state PUC? If so, is that information available to the public? Do you have to go thorugh a background check and/or sign an NDA? Or is it only the providers themselves that have the maps for this stuff?
This should be fairly easy to determine. Many of us know the fiber routes near our homes. They're sometimes nicely marked with a warning saying "danger buried fiber optic cables here, call miss dig" Here in ameritech land there are these nice white and orange poles that they stick up in the ground. Combine that with the data of the LERG and any highway, railway or other construction data from around the country in the past 10 years and you can easily determine the routes these cables are likely buried upon. One of the local villages had it on their agenda about how they were going to be a conduit for the internet and that one of the new long-distance telecom providers was going to put their repeater location in their down. I'm guessing that Sean did not have any access to anything other than what was publically available. If there is such paranoia about this, it's clearly possible to start a telecom build again as everyone makes their networks redundant and builds larger fences and perimiters around their sites. Security by obscurity is not viable for the long-term. - Jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Security by obscurity is not viable for the long-term.
Amen. This whole industry is littered with NDAs and such which only keep honest people honest. There is _nothing_ stopping a malicious individual (or group of acting collaboratively but independently) from getting hired to a subcontractor that does fiber digs/maintenance that does work for one or more telecom companies. They get access to all the maps they need (either from the subcontractor's internal resources or from the customer [telecom company]). They assemble the pretty little PDFs and then move on to the next contractor/company and continue. Lather, rinse, repeat. For extra fun, extend to other utilities. Or, borrowing from Wall Street (the movie), work for a janitorial service that cleans the offices of these guys. How many people _really_ lock their mapping stations at the end of each day and how long does it take to circumvent it? The PUCs and local governments are still the best source because all the digs have to be permitted and for existing DPW conduit, the DPW knows where everything is -- because they get paid for it. A customer recently started mounting all their telecom gear (MUXes, etc) behind bullet resistent/bomb resistent walls because they determined that since their hot-spare equipment was mounted near their live gear, that if someone took a gun (or similar) and shot up their telecom wall it would take longer to replace (acquire, resplice and reassemble) what was lost than if the fiber to the building (which already came in from several places) was cut. These are guys who already had telecom gear in several different parts of their building. You can easily extend this need to encasing all conduits and power generation gear in similarly protected surroundings. It only takes a natural disaster, power outage or fiber outage to really know what services are truly critical and which are just believed to be. Fortunately, the vast majority of commercially reasonable installations really never get tested that way. Deepak Jain AiNET
On Tue, 8 Jul 2003, Adam Kujawski wrote:
Who, besides Sean, has maps like this? The state PUC? If so, is that information available to the public? Do you have to go thorugh a background check and/or sign an NDA? Or is it only the providers themselves that have the maps for this stuff?
It sounds to me like the secret is more that 25 carriers all use the same fiber bundle, and told their customers otherwise ("we have dual entrances to 123 Anystreet, on our own fiber"). Is it really any secret where the telco hotels are (http://www.carrierhotels.com) or where the incubent's CO's are (your local account team will happily show you a map)? Yes, this stuff takes time to assemble. How long does it take to coordinate 4 simultaneous plane hijackings? This is yet another case of keeping incredibly useful information from the people who could most use it (I'm sure the financial industry really appreciated finding out how vulnerable they are) to defend themselves, and make their vendors and government accountable, while assuming that the Bad Guys are too stupid to figure out how to get the information themselves. So, instead, we will all continue to blindly buy "redundant" infrastructure that uses the same fiber bundles, because we don't have the information to make a more intelligent choice. Just makes it easier for a terrorist to do his job. Pete.
On Tue, 8 Jul 2003, Pete Kruckenberg wrote:
So, instead, we will all continue to blindly buy "redundant" infrastructure that uses the same fiber bundles, because we don't have the information to make a more intelligent choice. Just makes it easier for a terrorist to do his job.
All the "official" soviet maps of Moscow were filled with errors because someone thought it would keep invaders from figuring out how to drive through the city. Instead most tourists bought Moscow maps from the US Central Intelligence Agency, because they were more accurate than the soviet maps. The Automobile Association of America has long offered "triptiks" as a membership benefit. Tell AAA the starting and ending points of your trip, and they will create a customized map booklet of the entire route. Think how useful a AAA membership would be to a terrorist. I haven't seen Sean Gorman's maps so I don't know if he has really put together something unique, or its similar to the same types of maps other people create as we've built our networks. The interesting thing about many maps is how often they are incorrect, just like the soviet era maps of Moscow. Just because a map show fiber runs between two points doesn't mean either the fiber or the circuits actually follow the line on the map. Would you consider 50 mapping errors per trench mile good or bad? At an Underground Damage Prevention conference one of the speakers was explaining how to reduce the error rate. The second phase of frustration about network design is once you've managed to get a map, finding out the real world doesn't match the map. BTW, I'm still looking for decent network mapping software :-)
I can tell you that FREQUENTLY the maps dont match the reality of utility placement. Especially w.r.t. fiber paths. VERY few cable maps that are availaible accurately reflect splice points or interconnects between mutiple cables entering a vault. Without access to the specific GPS points and the described arcs that are the foundation of a true GIS representation of installed plant, the maps are useless for anything more specific than knowing whether you are close enough to a fiber route even bother seeing if you can jump onto it. At a power company that I worked at we had a huge GIS implementation going on. Every pole, conduit, and cable was entered into the system along with all of the "active" elements like transformers and the like. We had guys running around with GPS backpacks that received differential GPS coordinates and would walk the routes to enter the data with information about what they were standing next to. With all of that effort, we would find that the map overlays that represented the streets and homes were so inaccurate that frequently a pole would appear as if it was right in the middle of the of a major roadway. Thus began the process of cleaning up the city GIS implementation. It was much better than the maps we had but it wasn't perfect. Sometimes the data doesn't get quite the sanity checking that it should. Skill levels differ between mapmakers. Sean Donelan wrote:
On Tue, 8 Jul 2003, Pete Kruckenberg wrote:
So, instead, we will all continue to blindly buy "redundant" infrastructure that uses the same fiber bundles, because we don't have the information to make a more intelligent choice. Just makes it easier for a terrorist to do his job.
All the "official" soviet maps of Moscow were filled with errors because someone thought it would keep invaders from figuring out how to drive through the city. Instead most tourists bought Moscow maps from the US Central Intelligence Agency, because they were more accurate than the soviet maps.
The Automobile Association of America has long offered "triptiks" as a membership benefit. Tell AAA the starting and ending points of your trip, and they will create a customized map booklet of the entire route. Think how useful a AAA membership would be to a terrorist.
I haven't seen Sean Gorman's maps so I don't know if he has really put together something unique, or its similar to the same types of maps other people create as we've built our networks. The interesting thing about many maps is how often they are incorrect, just like the soviet era maps of Moscow. Just because a map show fiber runs between two points doesn't mean either the fiber or the circuits actually follow the line on the map. Would you consider 50 mapping errors per trench mile good or bad? At an Underground Damage Prevention conference one of the speakers was explaining how to reduce the error rate.
The second phase of frustration about network design is once you've managed to get a map, finding out the real world doesn't match the map.
BTW, I'm still looking for decent network mapping software :-)
Barn door, horse is already gone. I'm willing to stipulate that Sean may be a GIS wizard, and has compiled a very accurate listing of north american fiber routes. However, this is nothing new... US Transatlantic cable landings (mirrored from John Young's cryptome.org): http://colofinder.net/gallery/view_album.php?set_albumName=album90 US Transpacific cables: http://colofinder.net/gallery/view_album.php?set_albumName=album89 I doubt there are armed guards with body armor and AR-15s patrolling the beach in front of Oregon's cable blockhouses. I may be wrong. Photos, anybody? I'm sure you could sell the Australian government's equivalent of the NIPC or "Cyber Security Czar" on reasons why their nation is vulnerable to public fiber location knowledge. What would happen if Southern Cross and two or three high capacity cables to Singapore were cut simultaneously? Are we going to throw a burlap sack over 60 Hudson, the Westin Building, One Wilshire, or similar buildings and disavow knowledge of their existence? You can't hide major infrastructure. With the exception of Afghanistan and a few other areas, full color 1 meter resolution satellite imagery is commercially available for any locations between 70N and 70S latitude. (IKONOS, SPIN-2, etc). I am curious exactly how accurate Sean's maps are. Are his fiber routes listed in surveyor quality DGPS measurements, or is it more of a "Somewhere along the shoulder of I-94" type accuracy? At 11:29 AM 7/8/2003 -0400, you wrote:
NANOG's Sean Gorman is in the news:
http://www.washingtonpost.com/wp-dyn/articles/A23689-2003Jul7.html
I would find GIS like the one described *very* usefull in finding transport providers. If I could see who has what where, I would know who to go to for quotes. As it stands, most of this information is hard to get ahold of.
Who, besides Sean, has maps like this? The state PUC? If so, is that information available to the public? Do you have to go thorugh a background check and/or sign an NDA? Or is it only the providers themselves that have the maps for this stuff?
-Adam
In a message written on Tue, Jul 08, 2003 at 11:29:23AM -0400, Adam Kujawski wrote:
Who, besides Sean, has maps like this? The state PUC? If so, is that information available to the public? Do you have to go thorugh a background check and/or sign an NDA? Or is it only the providers themselves that have the maps for this stuff?
Most providers give you maps on their web sites, or, even if you show remote interest as a potential "customer" you can get some sort of glossy not under NDA. While not very detailed, these can lead you to the right locations to request blueprints from state agencies (departments of transportaion for cables along roads, PUC's, local permiting agencies), or give you likely addresses to call into 1-800-MISS-UTILITY or similar numbers. Indeed, in most areas a call to the utility locator is not necessary. I'm sure we've all seen driving down the road all the major providers clearly marked on the sidewalks from all sorts of normal utility/road maintenance. Long haul may not be clearly marked for 10's of miles on end, but in a sense it's easier to locate as it almost always follows some other well know infrastructure, like rail lines, roadways, gas pipelines, etc. So, the notion any of this is secret, or hard to find is bunk. Finding some specific bit (I want to know where the cable is at the corner of streets a & b) may be hard, but finding say, AT&T's cable at at least 5 places in a city probably takes 30 minutes of walking around looking at the ground. Even with the people who plan for dual failures 5-10 simultaneous cuts would probably take them down every time, and no one would pay attention to a group of grubby workers with a backhoe on a corner sitting around doing nothing. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
participants (8)
-
Adam Kujawski
-
Deepak Jain
-
Eric Kuhnke
-
Jared Mauch
-
Leo Bicknell
-
N. Richard Solis
-
Pete Kruckenberg
-
Sean Donelan