Between Two Nerds: Global critical infrastructure
Hello everyone. This is Tom Uren. I'm here with the Grugq for another Between Two Nerds discussion. G'day Grugq, how are you? G'day Tom, fine and yourself? I'm good. This week's episode is brought to you by Airlock Digital.
I've got a conversation with David Cottingham, Airlock Digital's CEO and Peter Baussman, who's their CTO, out on the podcast stream this week. So be sure to catch that. So Grugq, I'm looking here at this news report about a Chinese research vessel that's been navigating around Australia and New Zealand and so it has submersibles, it drops submersibles and notionally, like I said, a research vessel, the leader of our opposition has said it could be collecting intelligence, including mapping submarine cables.
And of course people have got like the trail of where it's been. And the other theory is that it's mapping where Australian submarines might traverse in and out of bases. Well, I mean, it's probably going to be underwater where they do that, you know.
Right. So that brings up something you've been thinking about, which is critical international infrastructure. Yeah, so there's in the PhD program I'm in, there's one of the cohort was giving a talk recently on global critical infrastructure. His focus was on the exposure to like sabotage and stuff like that about actual physical infrastructure and how it's, you know.
It has a different risk profile from things inside of a border, because it's outside borders and so on. But the core idea I thought was very interesting. It's not just this sort of physical issue. I think that there is a lot of infrastructure that sort of falls into this global state.
It's sort of international, it's not just a critical national resource. So Facebook, in a way, is sort of this critical global infrastructure, right? Yes, it's a US thing, but it's used by governments all over the world. It is used as like a communications platform by... people who don't have other ways of connecting. So it's bigger than just Facebook as this US entity, right? And to me, that's very interesting because, for example, one of the things that came up during the invasion of Ukraine in February of 22 was that the initial cyber attack that sort of disrupted and took out all of this stuff.
It was intended to isolate the leadership and keep them from being able to organize effective resistance or to communicate with the population and sort of tell them what's going on, right? And so even though like government websites were down and government email was down Zelensky used Facebook to deliver video messages to the people. And that was, from my perspective at least, it was using this sort of like global infrastructure that was beyond the scope of what Russia could attack. Right, so I don't know that I think of Facebook as global infrastructure in the same way in the sense that it is like its servers are physically located somewhere. Probably, I'm assuming mostly in the US, but maybe in Europe as well.
think it probably has global caches everywhere just for latency. yeah, I was thinking that the problem with international infrastructure is that it's somewhere where it's hard to kind of defend. a submarine cable seems like a perfect example because although there's gotta be an owner somewhere, presumably on either end, but maybe not. Like Facebook owns cables all over the place, right? And Google and stuff like that.
that would be responsible for it. It's just that it's because of its physical location, it's hard to defend against things like sabotage or like this research ship who I guess there's not much difference between a research ship launching submersibles and a ship launching submersibles with scissors that can cut those things, right? Whereas Facebook that infrastructure wherever it is is located somewhere where you can't just have a ship turn up and accidentally drag a cable accidentally in air quotes. Our submersible was supposed to cut a different undersea cable.
It was supposed to be innocently cutting parts of the seafloor and accidentally your cable got in the way, right? right. Well, there is that story from the 50s, I think, and I love this story and it's that the Soviet Union was testing ICBMs and it was landing them on the Kamchatka Peninsula, which is on the far east of Russia. they had submarine cables that would run under the Sea of Okhotsk from the Kamchatka Peninsula to mainstream, mainland Russia, and then across west, presumably to Moscow. And they were transmitting the data, the test data from the ICBM launches on those cables.
And so the US would send submarines there and they would basically... put devices around the cables to tap the, like physically tap the cables. And they eventually got busted because the Russians, I don't know how they figured out that they were there, but they dragged up the tapping devices and it had, you know, property of US government on them. If found, please return to Washington, DC. Reward.
So I think that's... I just love that story. It's, I suppose, maybe slightly relevant to what we're talking about. So I have an irrelevant story on that. It's basically, so the people stationed in Kamchatka Peninsula, like the army.
Basically, they developed a dialect of Russian made up entirely of swears. Like, it's sort of like the thing that you would expect to happen is if you send a whole bunch of 18 year olds, 18 to 20 year olds to basically Siberia for years and just leave them alone, like they're going to develop a language made up entirely of swears. So like the joke one that I heard was a radio transmission which goes like, the fucker is stirring his dick in your tea.
So like the joke one that I heard was a radio transmission which goes like, the fucker is stirring his dick in your tea. So like the joke one that I heard was a radio transmission which goes like, the f****r is stirring his dick in your tea. which means a sonar plane is looking for submarines in your bay. Ha ha ha ha ha So I mean, I guess to bring it back on topic, it just points out that there's places that there's places that are physically remote that provide opportunities for adversaries to do things.
And Facebook doesn't seem to me to fall into that category. Although, like I take your point about it being used by governments all over the place. Right, so I think it might be worth bringing up a distinction then about, so there's this global international, there's a sort of global critical infrastructure where you've got stuff that is between states, like it's outside the border of any one state, and yet it is a critical part of how the world operates. And so, there's certain risks that come from these remote, openly accessible, assuming that you have a nuclear submarine with a moon pool. Anyone could. It could be literally anyone with a nuclear submarine and a dive team and whatever.
But. it to four or five or maybe a dozen states at most. Right.
But it's sort of openly accessible. And then there's this to use a completely. And then there's sort of this other classification of things, is the, as I'm calling it, this international critical infrastructure, which is, I guess, it's different in that it's nationally based, but it's critical internationally, I think, maybe.
nationally based, but it's critical internationally, I think, maybe. So you could say the internet itself would fall into that category, where it's an international resource that's critical, but it's not. based specifically, like it's not based internationally and that it's not outside of states.
It's within states, but yeah. So to go back to Facebook again, I think that what makes it different there is that it's a US company. if you have this sort of thought experiment where Facebook is like incorporated on say an island in the British channel that is sovereign and all its infrastructure is on floating barges in international waters. Okay, yep. as no single country kind of feels like Facebook belongs to them, then I think it would be international infrastructure that would be susceptible to the same kind of sabotage.
It's just that Facebook happens to be very associated with the US. And so in the Ukraine situation, if the Russians had physically attacked Facebook infrastructure, like that's just not something they would do. Right, sort of it's, yeah, it's under the US umbrella.
Yeah, I think so. Yeah, very much so. Okay, so I'll accept that, I still think that there's something to be said for this international aspect.
And I'm gonna now say that while I agree that there's this sort of US protection umbrella extended to it because the data centers are all over the place I do feel that even if it were attacked, it's sort of a internationally resilient infrastructure. There's a few companies that I think would do better against Russian attacks than pretty much all the countries. And I think that's sort of like Facebook, Google, And I think that's sort of like Facebook, Google, Microsoft, because they have experience and they get hacked by them all the time. So they must be improving.
somehow, you Yeah. So that to me, like they're kind of both associated with the US and under that umbrella, but they're also global in the sense that they have infrastructure everywhere. So that makes them quite resilient.
So I think that to me makes sense. I guess when I think of global critical infrastructure, it seems to me the problem is that it's vulnerable. And those companies don't feel to me very vulnerable. They are the opposite Yeah.
So I agree, but I think that the vulnerabilities are different. I think they do exist. So Facebook is probably not under threat from a Chinese research submersible with a pair of scissors. But they are under threat from if China decides to start doing lawfare and economic warfare against Facebook specifically, right? Because China has a lot of clout and it could start saying you know, anyone who's using Facebook is not allowed to use Chinese factories or, you know, just as arbitrary dumb things like maybe there's a tariff applied to people who Surely that would never happen.
But it's still vulnerable there's a single point of failure, which is Facebook or Meta, the company for a resource that's used by everyone internationally. Like, it's a critical element of government communication in a lot of places. Yeah. I guess what I'm thinking of is it's quite common for those services to be blocked in countries which are experiencing civil unrest. Typically civil unrest is where, when the, terrible government.
That's right. So, mean, I guess you have, that seems like a similar point but slightly different in that when I'm thinking about critical global infrastructure, I'm thinking about, mean, maybe you're just wrong. You're not thinking about what I'm thinking. Yeah, I think that, I think there's maybe, maybe we're getting caught up on the word infrastructure in that there is literal infrastructure, like hardware stuff, like there's physical things.
And then there's a sort of like conceptual infrastructure and that like as a system, there's infrastructure that supports that system. And Facebook is sort of infrastructure that supports a lot of systems. And so from the way I'm looking at it, that's a critical piece of infrastructure. Sort of like how Twitter used to be a critical piece of infrastructure. But it's sort of been destroyed in a way.
To me, that is an interesting thing, that there's these pieces of international infrastructure that are controlled by one company. but are international infrastructure that is so important to just the way that so many different places communicate and function and actually work. It seems to me like that is a uniquely interesting thing.
And it does expose certain vulnerabilities that you wouldn't get if you were running your own servers. And it does expose certain vulnerabilities that you wouldn't get if you were running your own servers. But on the other hand, it's not vulnerable in the same way that a submarine cable is.
But they're the exact same thing if you think about it, really. So I've noticed more and more talk about submarine cables and it seems like it's, that's because it's hard to know what to do. Like, so for example, with this research vessel, it's operating in international waters. It's not doing anything illegal. It's perfectly fine to send down submersibles. and so I think the, that problem gets a lot of attention because it seems somewhat intractable.
There's a lot of ocean. There's a lot of cable. You can't defend all of it at once. I guess the Facebook, those companies, there's someone who's clearly responsible for defending it.
And also they have the tools and ability to defend it themselves. Like if Facebook goes down for an hour. That's actually really big news because it happens so rarely. Whereas submarine cables get cut all the time. Like not the same submarine cable, but it happens all the time. so it's...
really accident prone. And so I think there's this difference between the two types that like I see where you're coming from in that people use them, their lack of, are they a free service? I guess they are a free service for governments that they do rely on. And especially in disaster zones, often you hear stories all the time of Facebook groups that are used to organize disaster response. Mm-hmm. Yeah, no, look, you raise an interesting point in that they're similar, but they're not the same.
There's this international infrastructure part of them, but then they diverge very rapidly in terms of who's responsible, being able to sue someone. They diverge very rapidly in terms of who is responsible. How do you deal with problems when they arise? how do you detect problems, who can actually defend it? Because I guess one of the critical aspects of Facebook is that it's not entirely submerged underneath the ocean. Just to get back to Ukraine, because you It's the perfect example for everything cyber. One of the things that they did was they moved all of their government infrastructure to Azure, to the cloud.
And again, to me, seems like that's a move to international infrastructure. You go from having a data center in Kiev with a bunch of servers that you maintain and use unlicensed copies of Windows and all that stuff. And then you move to something that's based in a data center in Belgium and Ireland and wherever. And it puts you outside of the bounds of what the Russians can attack. Yep. At least physically, right? right, right.
Although, I mean, to a degree I think that if you're going to be defending against Russia, you're probably better off having Microsoft deal with all of that. If you can get them to manage your Azure stuff and just leave it with them, that's probably a lot safer than. you know, trying to do it yourself. So I would say that that is, like, yeah, like it's a smart move overall.
Like just by moving to the cloud, you've moved outside of the scope of what Russia can attack. it does feel to me like one of those examples where the promises of cloud computing actually are, like, do make sense. Yeah, I would agree. Microsoft probably has a better defensive posture than the government of Ukraine. But that said, it still, I think, falls under the, like literally the US nuclear umbrella. And that the...
So what you're saying is that it's protected by a nuclear cloud. Exactly. Okay, so I've got a question for you. We've talked about companies like Microsoft, AWS, Google being global infrastructure in a sense, in that there's a whole lot of countries like states that are actually using them for some of their communications.
Now, if you had said that six months ago, I would have gone, yeah, of course. But now there's been this transatlantic breakdown in relationships. I'm not sure that countries really trust the US in the same way. They're not convinced that it's a reliable ally at this point. And so at the beginning of the Ukraine war, moving your government infrastructure to Azure seems like was a no brainer. Yeah.
I mean, it was at the time it was absolutely the right move, but. and then subsequently the US used the withdrew military support and intelligence support. And so it seems like, I'm sure Microsoft would not have wanted to, but it seems like there's potentially something the US government could have done to use that as leverage as Right And so are they still really global infrastructure anymore? Because I think, you know, six months ago, no question, you would have said, yes, that's something that we can rely on. It's under the US umbrella, protection umbrella.
If there's a state that wants to attack that infrastructure, they've got to deal with the US. Now it's not clear. yeah, now it's sort of under the... some of those things are still true. Yeah, they're true, but there's a sort of yes and I think. Like, yes and it's also a huge exposure to...
So what it becomes is you're basically, you've got the protection and shelter of the umbrella until the person holding the umbrella decides otherwise. And here's the hard part is I don't think there's viable alternatives. You can't go to the Amazon of Europe or the EU's Google.
They don't have alternatives. There's nothing else that has that scale and that capability. So if your biggest concern is Russian aggression, you're probably still better off living under a U.S.
protection racket than risking it on your own. But. Yeah, I think it depends on how you weigh those different risks. It's a hard, it's a very, hard decision to make, right? Like, particularly because it seems that the protection racket, part of it only shows up when you need it the most, when you're at your most vulnerable. So the one thing it gives you protection against is Russian aggression. But if Russian aggression is just going to expose you to coercion on the other side, you know, have you actually bought anything? This would be something that I would be very concerned about if I was Ukraine.
I'd be looking very closely at moving to basically renting a data center somewhere in Europe and running everything there rather than relying on the US. Right, mean they're still relying on Microsoft rather than relying on the US, so I think there is a quite a big distinction between the two. I guess, like Ukraine, it's already made its, it made its decision, right? And I think at this point, it's got to live with it. I'm wondering about countries like maybe Latvia, Estonia, who are close to the Russian border, maybe even Finland. They have time to think about it.
They're not making a decision right. Yeah, that's a good point. So I would have said six months ago, I would have really argued the corner of international critical infrastructure, that this stuff is safe because it is primarily international. Like, yeah, it's based in the US, but that just adds protection. Mm-hmm. Yep. that's just a bonus.
These days, don't think I could take that position. I would still argue there is an international infrastructure but I will concede that the national aspects, maybe it's a little bit less inter- than just national infrastructure that's being shared. Right, right. mean, yeah, I'm kind of thinking that the physical location is still a plus. Like if you're on Russia's border and there's a real invasion, having your government services hosted outside is a plus, right? And I guess in the past, having it be a US company was an unalloyed good. Now it comes with a few strings attached, but...
in the scheme of a physical invasion that still seems like a better place, right? Yeah, get, is international infrastructure a safe bet? So I still think, conceptually, I like the idea that there's these things outside of the scope of nations that we all rely on. But at the same time, I think that that very clear fantasy has been exposed a little bit for the fantasy that it is. Right. Yep.
Yep. It seems like we're moving to a world where there's really strong national interests and there is no player which you probably naively thought was sitting apart or separate from those interests. So there's Alibaba Cloud. It's like, that seems like a non-starter for most countries. I mean it seems pretty clear to me that the Europeans will try to develop their own indigenous infrastructure. You know they actually had a project to set up a Gmail? They wanted to make their own email system.
And after 10 years, they canceled the project. It took them 10 years to not make email. I would not hold my breath for them to not make a cloud. It's going to take them even longer to not do that.
So it feels like what we're dealing with is the intersection of two things that we've stopped believing in. So one of those things is that the US can be a reliable ally and would without that we always knew which side the US was on. That seems to have disappeared. And then the other fantasy that we used to believe in that was the cloud was this special place.
that would also do everything better. And we now, like over the last five or 10 years, know that that's no longer true. And so we're in this point of double disillusion where one of those things would make up for the other, perhaps. Right, if either one of them were true, they would balance out, they would cancel out the other one. But with both of them being false, it definitely crashes down to reality. So on that cheery note, thanks a lot, Tom.
Thanks, Grugq
2025-04-18 18:26
