Backbone Infrastructure and Secrecy

NANOG's Sean Gorman is in the news:

I would find GIS like the one described *very* usefull in finding transport
providers. If I could see who has what where, I would know who to go to for
quotes. As it stands, most of this information is hard to get ahold of.

Who, besides Sean, has maps like this? The state PUC? If so, is that
information available to the public? Do you have to go thorugh a background
check and/or sign an NDA? Or is it only the providers themselves that have the
maps for this stuff?


This should be fairly easy to determine. Many of us know
the fiber routes near our homes. They're sometimes nicely marked with
a warning saying "danger buried fiber optic cables here, call
miss dig"

  Here in ameritech land there are these nice white and orange poles
that they stick up in the ground. Combine that with the data of
the LERG and any highway, railway or other construction data from
around the country in the past 10 years and you can easily determine
the routes these cables are likely buried upon.

  One of the local villages had it on their agenda about how
they were going to be a conduit for the internet and that one of
the new long-distance telecom providers was going to put their
repeater location in their down.

  I'm guessing that Sean did not have any access to
anything other than what was publically available. If there is
such paranoia about this, it's clearly possible to start a telecom
build again as everyone makes their networks redundant and builds larger
fences and perimiters around their sites.

  Security by obscurity is not viable for the long-term.

  - Jared

It sounds to me like the secret is more that 25 carriers all
use the same fiber bundle, and told their customers
otherwise ("we have dual entrances to 123 Anystreet, on our
own fiber").

Is it really any secret where the telco hotels are
( or where the incubent's CO's
are (your local account team will happily show you a map)?

Yes, this stuff takes time to assemble. How long does it
take to coordinate 4 simultaneous plane hijackings?

This is yet another case of keeping incredibly useful
information from the people who could most use it (I'm sure
the financial industry really appreciated finding out how
vulnerable they are) to defend themselves, and make their
vendors and government accountable, while assuming that the
Bad Guys are too stupid to figure out how to get the
information themselves.

So, instead, we will all continue to blindly buy "redundant"
infrastructure that uses the same fiber bundles, because we
don't have the information to make a more intelligent
choice. Just makes it easier for a terrorist to do his job.


Barn door, horse is already gone.

I'm willing to stipulate that Sean may be a GIS wizard, and has compiled a very accurate listing of north american fiber routes. However, this is nothing new...

US Transatlantic cable landings (mirrored from John Young's

US Transpacific cables:

I doubt there are armed guards with body armor and AR-15s patrolling the beach in front of Oregon's cable blockhouses. I may be wrong. Photos, anybody?

I'm sure you could sell the Australian government's equivalent of the NIPC or "Cyber Security Czar" on reasons why their nation is vulnerable to public fiber location knowledge. What would happen if Southern Cross and two or three high capacity cables to Singapore were cut simultaneously?

Are we going to throw a burlap sack over 60 Hudson, the Westin Building, One Wilshire, or similar buildings and disavow knowledge of their existence? You can't hide major infrastructure. With the exception of Afghanistan and a few other areas, full color 1 meter resolution satellite imagery is commercially available for any locations between 70N and 70S latitude. (IKONOS, SPIN-2, etc).

I am curious exactly how accurate Sean's maps are. Are his fiber routes listed in surveyor quality DGPS measurements, or is it more of a "Somewhere along the shoulder of I-94" type accuracy?

  Security by obscurity is not viable for the long-term.

Amen. This whole industry is littered with NDAs and such which only keep
honest people honest. There is _nothing_ stopping a malicious individual (or
group of acting collaboratively but independently) from getting hired to a
subcontractor that does fiber digs/maintenance that does work for one or
more telecom companies. They get access to all the maps they need (either
from the subcontractor's internal resources or from the customer [telecom
company]). They assemble the pretty little PDFs and then move on to the next
contractor/company and continue. Lather, rinse, repeat. For extra fun,
extend to other utilities.

Or, borrowing from Wall Street (the movie), work for a janitorial service
that cleans the offices of these guys. How many people _really_ lock their
mapping stations at the end of each day and how long does it take to
circumvent it?

The PUCs and local governments are still the best source because all the
digs have to be permitted and for existing DPW conduit, the DPW knows where
everything is -- because they get paid for it.

A customer recently started mounting all their telecom gear (MUXes, etc)
behind bullet resistent/bomb resistent walls because they determined that
since their hot-spare equipment was mounted near their live gear, that if
someone took a gun (or similar) and shot up their telecom wall it would take
longer to replace (acquire, resplice and reassemble) what was lost than if
the fiber to the building (which already came in from several places) was
cut. These are guys who already had telecom gear in several different parts
of their building. You can easily extend this need to encasing all conduits
and power generation gear in similarly protected surroundings.

It only takes a natural disaster, power outage or fiber outage to really
know what services are truly critical and which are just believed to be.
Fortunately, the vast majority of commercially reasonable installations
really never get tested that way.

Deepak Jain

All the "official" soviet maps of Moscow were filled with errors
because someone thought it would keep invaders from figuring out
how to drive through the city. Instead most tourists bought
Moscow maps from the US Central Intelligence Agency, because they
were more accurate than the soviet maps.

The Automobile Association of America has long offered "triptiks" as
a membership benefit. Tell AAA the starting and ending points of
your trip, and they will create a customized map booklet of the entire
route. Think how useful a AAA membership would be to a terrorist.

I haven't seen Sean Gorman's maps so I don't know if he has really
put together something unique, or its similar to the same types of
maps other people create as we've built our networks. The
interesting thing about many maps is how often they are incorrect,
just like the soviet era maps of Moscow. Just because a map show fiber
runs between two points doesn't mean either the fiber or the circuits
actually follow the line on the map. Would you consider 50 mapping
errors per trench mile good or bad? At an Underground Damage Prevention
conference one of the speakers was explaining how to reduce the error

The second phase of frustration about network design is once you've
managed to get a map, finding out the real world doesn't match the map.

BTW, I'm still looking for decent network mapping software :slight_smile:

In a message written on Tue, Jul 08, 2003 at 11:29:23AM -0400, Adam Kujawski wrote:

Who, besides Sean, has maps like this? The state PUC? If so, is that
information available to the public? Do you have to go thorugh a background
check and/or sign an NDA? Or is it only the providers themselves that have the
maps for this stuff?

Most providers give you maps on their web sites, or, even if you
show remote interest as a potential "customer" you can get some
sort of glossy not under NDA. While not very detailed, these can
lead you to the right locations to request blueprints from state
agencies (departments of transportaion for cables along roads,
PUC's, local permiting agencies), or give you likely addresses to
call into 1-800-MISS-UTILITY or similar numbers.

Indeed, in most areas a call to the utility locator is not necessary.
I'm sure we've all seen driving down the road all the major providers
clearly marked on the sidewalks from all sorts of normal utility/road
maintenance. Long haul may not be clearly marked for 10's of miles
on end, but in a sense it's easier to locate as it almost always
follows some other well know infrastructure, like rail lines,
roadways, gas pipelines, etc.

So, the notion any of this is secret, or hard to find is bunk.
Finding some specific bit (I want to know where the cable is at the
corner of streets a & b) may be hard, but finding say, AT&T's cable
at at least 5 places in a city probably takes 30 minutes of walking
around looking at the ground. Even with the people who plan for
dual failures 5-10 simultaneous cuts would probably take them down
every time, and no one would pay attention to a group of grubby
workers with a backhoe on a corner sitting around doing nothing.

I can tell you that FREQUENTLY the maps dont match the reality of utility placement. Especially w.r.t. fiber paths. VERY few cable maps that are availaible accurately reflect splice points or interconnects between mutiple cables entering a vault. Without access to the specific GPS points and the described arcs that are the foundation of a true GIS representation of installed plant, the maps are useless for anything more specific than knowing whether you are close enough to a fiber route even bother seeing if you can jump onto it.

At a power company that I worked at we had a huge GIS implementation going on. Every pole, conduit, and cable was entered into the system along with all of the "active" elements like transformers and the like. We had guys running around with GPS backpacks that received differential GPS coordinates and would walk the routes to enter the data with information about what they were standing next to. With all of that effort, we would find that the map overlays that represented the streets and homes were so inaccurate that frequently a pole would appear as if it was right in the middle of the of a major roadway. Thus began the process of cleaning up the city GIS implementation. It was much better than the maps we had but it wasn't perfect. Sometimes the data doesn't get quite the sanity checking that it should. Skill levels differ between mapmakers.

Sean Donelan wrote: