Booz Allen Commercial delivers advanced cyber defenses to the Fortune 500 and Global 2000. We are technical practitioners and cyber-focused management consultants with unparalleled experience – we know how cyber-attacks happen and how to defend against them.
Our strategy and technology consultants have empowered our international clients with the knowledge and experience they need to build their own local resources and capabilities.
In facing challenges of modernization, our Middle East and North Africa clients have complex requirements that benefit from our proven experience in guiding major programs and projects for governments and private-sector organizations. The services we offer in UAE, Qatar, Egypt, Turkey, Kuwait, Morocco, Jordan, and other regional countries build on our consulting legacy.
Our clients call upon us to work on their hardest problems—delivering effective health care, protecting warfighters and their families, keeping our national infrastructure secure, bringing into focus the traditional boundaries between consumer products and manufacturing as those boundaries blur.
Booz Allen was founded on the notion that we could help companies succeed by bringing them expert, candid advice and an outside perspective on their business. The analysis and perspective generated by that talent can be found in the case studies and thought leadership produced by our people.
Learn more about Booz Allen's diverse culture and environment of inclusion that fosters respect and opportunity for all employees.
We've come a long way delivering innovative solutions. But our next chapter is still being written.
Our 22,600 engineers, scientists, software developers, technologists, and consultants live to solve problems that matter. We’re proud of the diversity throughout our organization, from our most junior ranks to our board of directors and leadership team.
Booz Allen takes pride in a culture that encourages and rewards the many dimensions of leadership—innovative thinking, active collaboration, and personal service. We’re particularly proud of the diversity of our Leadership Team and Board of Directors, among the most diverse in corporate America today.
The bulk of the world’s Internet traffic is carried by a network of cables that lie on the ocean floor. Security officials around the globe recently expressed concerns that a cyberattack on these cables could result in catastrophic economic impacts. While these concerns may be overstated, there are some circumstances in which cable breaks could be particularly disruptive. Though companies can’t control the risk of attacks on undersea cables, there are steps that they can take to mitigate the potential business impacts.
Submarine cables make up the backbone of the global Internet infrastructure, carrying as much as 99 percent of international telecommunications data. In recent months, the security of these cables has been a major point of concern for Western officials.
On 11 June 2018, the U.S. Treasury Department announced the latest tranche of sanctions against Russian individuals and organizations. The sanctions included entities that support Russia's "underwater capabilities," citing concerns of Russian activity "tracking undersea communication cables." The sanctions follow December 2017 announcement that NATO would be re-establishing a command post to track Russian submarines, due in part to Russian activity around cables in the North Atlantic.
Australian intelligence officials have also been focusing on controlling undersea cables. On 13 June 2018, Australia finalized a deal to provide a submarine Internet connection to the Solomon Islands. The deal was initially awarded to Chinese firm Huawei, but was eventually given to an Australian firm due to diplomatic pressure and direct intervention by the head of the Australian Secret Intelligence Service (ASIS). The ASIS chief reportedly described Chinese ownership of a cable that would connect Australia's network infrastructure as an unacceptable cybersecurity risk. To prevent this situation, Australia agreed to cover as much as two-thirds of the construction costs for the cable using foreign aid funds.
One of the biggest fears with underwater internet security is the potential for massive denial of service (DoS) attacks. By severing the submarine cables, a threat actor could disrupt data throughput across a network. At least one senior U.K. military official has warned that attacks against submarine internet cables could "immediately and potentially catastrophically" impact the economy. But are these concerns warranted?
In most cases, the impacts of such an attack would be limited by redundant infrastructure. In fact, cable breaks are a relatively common occurrence—100 per year happen on average, and two-thirds of those are accidents caused by ships dragging their anchors. Though the disruption of individual cables is commonplace, there are two types of disruptions that could result in serious impacts:
Simultaneous Cable Breaks—One of the most disruptive incidents on record happened in 2006 when an earthquake simultaneously severed eight cables off the coast of Taiwan, resulting in the loss of 90 percent of the traffic between China, the United States, and Europe, and the complete disruption of access to several of the major U.S.-based webmail and Internet services by mainland China. The United States has similar areas in the Atlantic where many cables converge at a single point on the coast of New York, New Jersey, and Florida. A simultaneous break of multiple cables at these points could significantly affect routing within the network, though the effect on organizations located in the United States would be dampened by the ability to reroute traffic through cables in the Pacific and the fact that a major portion of the infrastructure used by American organizations is located in the United States.
Regional Points of Failure—Regions with limited connectivity may have a heightened exposure to single points of failure. In 2008, two Egyptian cables carrying 90 percent of internet traffic through the Suez Canal were severed. The break took out Internet access for 75 million people across North Africa, the Middle East, and South Asia. The outage affected half of the outbound capacity from Western India—a major hub of IT outsourcing—and 70 percent of Internet connectivity in Eygpt. Other regions may be similarly isolated. For example, all traffic between the United States and Brazil is routed through a single Brazilian city: Fortaleza.
While redundancy in the global network may blunt the impacts of attacks on undersea cables today, growth in undersea infrastructure could create more potential targets for nation-state actors in the future. For example, Microsoft's Project Natick is seeking to deploy full-scale undersea datacenters to provide cloud computing services to coastal communities. In June 2018, Microsoft successfully launched an undersea module containing 864 servers off the coast of Scotland, potentially paving the way for making the service commercially available. If undersea data centers become commonplace around the world, the capabilities honed by nation states to target submarine cables could be similarly deployed for destruction or espionage against other undersea infrastructure.
Private sector companies may not be able to reduce the risk of nation-state attacks on undersea cables, but they can factor these risks into decisions about if, and where, they choose to outsource their operations around the world. Operations in regions with less redundant infrastructure or with facilities that depend on smaller ISPs could be more at risk of disruption. And given the rise of IT outsourcing in the global economy, this could have an outsized impact on companies that rely on IT services based out in isolated locations.
Companies should consider doing an assessment with their network carriers to determine whether any of their core services are provided in regions that lack cable redundancy. If a cable fault disrupts Internet access in a region with limited connectivity—such as Pakistan—companies that rely on employees or workers in that region may have little recourse. Conducting an assessment in advance—and potentially leasing more fiber or getting another ISP as a backup—may allow for a much smoother transition to backup infrastructure than attempting to navigate a recovery during an outage.
1. " Treasury Sanctions Russian Federal Security Service Enablers," U.S. Department of the Treasure, 11 June 2018, accessed 27 June 2018, https://home.treasury.gov/news/press-releases/sm0410.
2. Michael Birnbaum, " Russian submarines are prowling around vital undersea cables. It’s making NATO nervous." The Washington Post, 22 December 2017, accessed 25 June 2018, hxxps://www.washingtonpost.com/world/europe/russian-submarines-are-prowling-around-vital-undersea-cables-its-making-nato-nervous/2017/12/22/d4c1f3da-e5d0-11e7-927a-e72eac1e73b6_story.html.
3. Matt Young, " How an Australian spy stopped China from growing internet influence South Pacific," News Limited, 13 June 2018, accessed 27 June 2018, https://www.news.com.au/technology/online/security/how-an-australian-spy-stopped-china-from-growing-internet-influence-south-pacific/news-story/4eb83151f54c66a50917a95096015666; Liam Fox, "Australia, Solomon Islands, PNG sign undersea cable deal amid criticism from China," ABC, 11 June 2018, accessed 19 July 2018, http://www.abc.net.au/news/2018-07-12/australia-solomon-islands-png-sign-undersea-cable-deal/9983102.
4. James Elton-Pym, "Australia to cement internet deal with Solomons as leaders meet in Canberra," SBS News, 13 June 2018, accessed 19 July 2018, https://www.sbs.com.au/news/australia-to-cement-internet-deal-with-solomons-as-leaders-meet-in-canberra.
5. " Russia a 'risk' to undersea cables, defence chief warns," BBC, 15 December 2017, accessed 26 June 2018, https://www.bbc.com/news/uk-42362500.
6. Alan Mauldin, " Cable Breakage: When and How Cables Go Down," Telegeography, 3 May 2017, accessed 27 June 2018, hxxps://blog.telegeography.com/what-happens-when-submarine-cables-break.
7. Winston Qiu, " Submarine Cables Cut after Taiwan Earthquake in Dec 2006," Submarine Cable Networks, 19 March 2011, https://www.submarinenetworks.com/news/cables-cut-after-taiwan-earthquake-2006.
8. "Submarine Cable Map," Telegeography, 26 June 2018, accessed 27 June 2018, https://www.submarinecablemap.com/#/.
9. Jonathan Hjembo, "Are Russian Submarines Attacking the Internet?" Telegeography, 16 November 2015, accessed 27 June 2018, https://blog.telegeography.com/can-russian-submarines-attack-submarine-cables.
10. " Of cables and conspiracies," The Economist, 7 February 2008, accessed 27 June 2018, https://www.economist.com/international/2008/02/07/of-cables-and-conspiracies.
11. Louise Matsakis, "What would really happen if Russia Attacked Undersea Internet Cables," Wired, 5 January 2018, https://www.wired.com/story/russia-undersea-internet-cables/.
12. John Roach, "Under the sea, Microsoft tests a datacenter that’s quick to deploy, could provide internet connectivity for years," Microsoft, 5 June 2018, accessed 27 June 2018, https://news.microsoft.com/features/under-the-sea-microsoft-tests-a-datacenter-thats-quick-to-deploy-could-provide-internet-connectivity-for-years/; "Project Natick," Microsoft, June 2018, accessed 27 June 2018, https://natick.research.microsoft.com/.
13. John Roach, "Under the sea, Microsoft tests a datacenter that’s quick to deploy, could provide internet connectivity for years," Microsoft, 5 June 2018, accessed 27 June 2018, https://news.microsoft.com/features/under-the-sea-microsoft-tests-a-datacenter-thats-quick-to-deploy-could-provide-internet-connectivity-for-years/; "Project Natick," Microsoft, June 2018, accessed 27 June 2018, https://natick.research.microsoft.com/.