If we didn’t know already, the COVID-19 pandemic has driven home the fact that data is the most important strategic asset of the 21st century. Never has the world depended more on digital data flows as when millions of workers and students switched to remote access and when online retail took the place of shuttered stores. As much as our digital interconnectedness is powering innovation, commerce, and interaction, it is also generating new risks and vulnerabilities. This is because the digital systems on which we all depend—the internet, cloud computing, 5G telecommunications infrastructure—are insecure by design, poorly regulated, prone to abuse, and vulnerable to attack. With billions of new devices and hundreds of millions of people newly connected each year, the so-called attack surface—the myriad ways in which we are exposed via connected devices and ubiquitous services—is expanding exponentially.
Understanding the geography of digitalization, including systemic vulnerabilities across public and private networks and dangerous weaknesses in supply chains, is more important than ever. Doing a better job to map the globe’s ever more pervasive digital networks—the satellites, submarine cables, and cell towers that distribute data and connect people and things to each another—can help identify systemic risks and ways to mitigate them. Our digital footprint in the physical world—from the rare-earth elements that power our electronic devices to the infrastructure that directs each bit and byte—leaves a cartographic impression that can be tracked and mapped on a highly granular scale.
It is easy to forget that the basis of our digital world is physical. The fiber-optic cables, batteries, circuits, and devices that drive digitalization are constituted of minerals. Copper, quartz, silicone, cobalt, lithium, and the rare-earth elements—a family of 17 metals—are used in virtually every electronic deviceon the planet. Yet most rare-earth production takes place in China, which controls well over 80 percent of the global supply, followed by the United States, Myanmar, and Australia. Against a backdrop of rising demand for these elements, China is trying to secure its dominance over the global supply chain, while other countries are increasingly recycling electronic waste and extracting base materials to reduce their dependence on others. Rising tensions with China have propelled efforts by the United States to shake-up China’s near-monopoly in rare earths and strengthen self-reliance.
Rare Earth Bottlenecks
Rare earth elements consist of 17 silvery-white heavy metals often found together. In the 1950s, global production was concentrated in Brazil, India, and South Africa. Today, China produces over 80 percent of the global supply. There are close to 800 reported rare earth mines and deposits, with most production occurring in places like Inner Mongolia and Western Australia.
SOURCE: U.S. GEOLOGICAL SURVEY
The risk of supply chain disruptions, including in the mining, processing, and shipping of rare earths, is very real. For example, China has imposed restrictions on its supplies in the past, including to Japan, which drove up global prices for a range of manufactured technologies. Japan has since expanded its strategic stockpile. Hacking and ransomware threats to production and processing facilities are also rising. Meanwhile, the mining of rare earths is wreaking ecological havoc. While rare earths are actually quite abundant, their extraction and separation are expensive and environmentally destructive. China has steadily expanded production both at home and in Africa, where it is less encumbered by environmental and labor regulations. Chinese-run mines have generated massive leaching pools of ammonium sulfate and ammonium chloride, contaminating water supplies and cropland.
Many of the systems powering the planet’s digital networks are not on Earth but in space. The first satellites were launched in the 1950s, and today there are over 6,000 of them orbiting the planet, of which more than 2,600 are operational. Some of them generate information on the weather or the Earth’s surface, while more than 1,000 communication satellites facilitate internet, cellular, television, and radio access. A host of satellite constellations in low Earth orbit are offering low-latency internet access from space.
Threats against satellites from nation-states, including the intentional disruption of their signals, are hardly new. Yet there are growing concernsabout the expansion of ground- and space-based capacities to spoof, jam, damage, and destroy satellite systems. China, Russia, and the United States are all moving rapidly toward the weaponization of space, mostly with the argument of deterring threats from rivals. Russia and China have tested several satellite-destroying systems—both ground-to-space ones and space-based ones known as “killer satellites.” Satellites are also surprisingly vulnerable to hacking. Meanwhile, satellite images are increasingly exposed to generative adversarial networks that manipulate remote sensing images. Deepfakes, extremely convincing false images and videos, are now a problem in outer space, too.
Digital infrastructure isn’t expanding just in the heavens above but also in the seas below. There are over 420 submarine cables transporting around 95 percent of cross-border data and voice traffic. The first undersea cable was laid in 1858 from Ireland to Canada, allowing users to share a few words an hour. By 1900, there were over 130,000 miles of cable stretching around the world. Fiber optics only appeared in 1988, and today there are more than 700,000 miles of cable transmitting close to 160 terabits per second. With the voracious data transmission needs of cloud computing, large tech companies are driving most new investment in submarine cables. Amazon, Facebook, Google, and Microsoft alone have invested over $20 billion in new cables over the past few years. One of Google’s latest, a submarine cable linking Europe and the United States called Dunant (named after Henry Dunant, the Swiss founder of the Red Cross and first recipient of the Nobel Peace Prize), can transmit a record-breaking 250 terabits per second.
Vulnerable Submarine Cables
There are at least 426 submarine cables in operation around the world transporting around 95 percent of cross-border data and voice traffic. Their total length is an estimated 1.3 million kilometers, ranging from the 130-kilometer CeltixConnect cable linking Britain and Ireland to the 20,000 kilometer Asia America Gateway cable.
The strategic importance of undersea cables and the operating stations connecting them to terrestrial networks cannot be overstated. They are one of several battlefronts in the ongoing information wars. They can be tapped to gain intelligence, snipped to slow communications, or implanted with backdoors to siphon raw data. China, Russia, and the United States each have the capability to sabotage cables with specially designed spy submarines, for example, a strategic vulnerability that is widely acknowledged among defense experts. There are very few manufacturers with the ability to lay such cables. Huawei Marine Networks, until recently a subsidiary of the Chinese telecommunications giant, has built or repaired almost a quarter of the world’s cables.
Cellphone towers are the nervous system of the digital world. They are also ubiquitous. Groups like OpenCellID have located over 36 million unique GSM cell towersglobally. Typically located in highly populated areas, these towers primarily receive and transmit voice and data from and to cellphones and other devices. Some are camouflaged as flagpoles, while others are mounted on buildings. Their density varies: 3G and 4G towers can be spaced between 30 and 90 miles apart, while 5G towers are often clustered more closely together, with distances varying between 800 and 1,000 feet.
Proliferating Cell Towers
The tens of millions of telecommunications towers documented by OpenCelliD are not evenly distributed. The brighter the cluster, the more towers. Fewer towers are observed in China because of reporting biases.
Despite our overwhelming reliance on them, cellular networks are virtually impossible to protect from hacking, and few carriers have the practical means to defend themselves. Most data traffic is unencrypted, and the systems that power the networks are unable to distinguish between legitimate and malicious commands. This is because the underlying protocol for most systems is outdated, which means systems can be easily breached. (The black market is rife with offers.) There are also devices that can simulate cell towers—known as IMSI catchers or Stingrays—that can ensnare unsuspecting users by intercepting or eavesdropping on calls.
These are the nodes that power communications around the world. First appearing during the 1940s, they are now critical to sustaining public and private cloud platforms, including those of Alibaba, Amazon, Facebook, Google, IBM, Microsoft, Oracle, and Twitter. A data center is essentially a dedicated space to house computer systems, including for telecommunications and data storage, much of it redundant. A large center can use as much electricity as a decent-sized city. Since the start of the internet boom in the late 1990s, data centers have exploded in number, as have their scale and environmental impact—including about 1 percent of global electricity use.
Today, there are millions of data centersaround the world, including more than 540 hyperscale centers with tens of thousands of computer racks. Range International Information Group in Langfang, China, is reportedly home to the largest center, spanning over 6.3 million square feet. The vast majority are in the United States, followed by China, Japan, and parts of Western Europe. Hackers are increasingly targeting data centers to hijack systems, pilfer accounts, and steal industrial secrets. One reason data centers are getting hacked is because they are often easy targets due to the fact that they are often poorly defended against digital malfeasance, the persistence of legacy systems that are easily breached, and the growing sophistication of cyber arsenals.
The COVID-19 pandemic and accompanying lockdowns accelerated the dependence of governments, businesses, and entire societies on digital technologies. Countries, states, and cities with adequate mobile networks, decent broadband, and digitally literate populations tended to fare better than those without them. Some societies are more digitally connected than others: There are still more than 3.7 billion people
without basic internet access. In the developed world, over 87 percent of the population
has direct access to the internet compared to just 47 percent in developing countries and 19 percent in the least developed nations.
In a digitally interdependent world, the ability to access telehealth, take classes online, or work remotely is not just critical to thrive but to survive. People who do not have robust broadband access are being left behind. In sub-Saharan Africa, for example, over 60 percent of the population still lacks access to 4G networks, with 2G the norm in rural areas. Ensuring affordable digital services for education, work, and health that are safe and resilient will be fundamental to weather crises, including future pandemics.
There are more than 4.6 billion active internet users today, up from roughly 4 billion in 2019. That means that around 60 percent of the world is connected to at least one device—and some of them to many more. According to industry experts, at least 93 million new phone users, 316 million new internet users, and 490 million new social media users went online between January 2020 and January 2021. Yet waves of hacking and malware attacks are a constant reminder that most governments, companies, and citizens are digitally exposed. The ransomware epidemic, alongside the colossal Solar Winds and Kaseya supply chain attacks, is not just threatening public infrastructure, government services, and financial institutions, but also the basic trust needed to sustain the digital economy.
The exposure of internet users to digital malfeasance involving their physical devices is far-reaching. In recent years, cyber-security researchers have detected compromises in over 100 million smart devices around the world. These kinds of gaps can expose corporate servers and IT systems, medical and financial data, and the control systems of factories and utilities. As the world rapidly moves toward the Internet of Things, where everything around us is always connected, these risks have only grown more serious. By 2025, there will be more than 32 billion wirelessly connected devices (up from 14 billion in 2021), most of them lacking even basic security features.
One way to more safely navigate a rapidly digitalizing world is by mapping it out in a way that is actionable—and quantifying what’s at risk. By illuminating the interdependencies and vulnerabilities across physical and digital infrastructures and supply chains, maps can help governments, businesses, and civil societies bolster their defenses. In a world where digital devices are easily infiltrated, manipulated, and weaponized, awareness is essential. It is only by better understanding the risk that we can more readily reduce it.