If we didn't already know, the COVID-19 pandemic made clear the fact that data is the most important strategic asset of the 21st century. Never has the world been more dependent on digital data flows than when millions of workers and students switched to remote access and online commerce replaced closed shops. As much as our digital networking drives innovation, trade and interaction, it also generates new risks and weaknesses. This is because the digital systems we all depend on – the internet, cloud computing, 5G telecommunications infrastructure – are inherently insecure, poorly regulated, prone to abuse, and vulnerable to attack. With billions of new devices and hundreds of millions of people reconnected every year, the so-called attack surface – the myriad opportunities we are exposed to via connected devices and ubiquitous services – is growing exponentially.
Understanding the geography of digitization, including systemic vulnerabilities in public and private networks and dangerous weaknesses in supply chains, is more important than ever. Doing a better job mapping the world's increasingly pervasive digital networks – satellites, undersea cables, and cell towers that distribute data and connect people and things – can help identify systemic risks and identify ways to contain them. Our digital footprint in the physical world – from the rare earth elements that power our electronic devices to the infrastructure that controls every bit and byte – leaves a cartographic imprint that can be tracked and mapped on a highly granular scale.
It is easy to forget that the basis of our digital world is physical. The fiber optic cables, batteries, circuitry, and devices that drive digitization are made of minerals. Copper, quartz, silicon, cobalt, lithium and the rare earth elements – a family of 17 metals – are used in virtually every electronic device in the world. However, rare earth production takes place in China, which controls well over 80 percent of global supply, followed by the United States, Myanmar and Australia. As the demand for these elements grows, China seeks to maintain its hegemony in the global supply chain while other countries increasingly recycle electronic waste and extract raw materials to reduce their dependence on others. Rising tensions with China have fueled US efforts to shake China's near-monopoly on rare earths and strengthen self-reliance.
Shortages in rare earths
Rare earths consist of 17 silvery-white heavy metals that are often found together. In the 1950s, global production was concentrated in Brazil, India, and South Africa. Today, China produces over 80 percent of the world's supply. There are nearly 800 reported rare earth mines and deposits, with most of the production taking place in places like Inner Mongolia and Western Australia.
The risk of supply chain disruptions, including when mining, processing and shipping rare earths, is very real. For example, China has historically restricted its supplies, including to Japan, which has driven global prices up for a number of technologies it manufactures. Japan has since expanded its strategic supply. The threats posed by hacking and ransomware to manufacturing and processing facilities are also increasing. Meanwhile, the mining of rare earths is wreaking havoc on the environment. Rare earths are abundant, but their extraction and separation is expensive and harmful to the environment. China has steadily expanded production both domestically and in Africa, where it is less burdened by environmental and labor regulations. China-operated mines have created huge pools of ammonium sulfate and ammonium chloride contaminating water supplies and farmland.
Many of the systems that power the planet's digital networks are not on earth but in space. The first satellites were launched in the 1950s and today more than 6,000 of them orbit the planet, of which more than 2,600 are operational. Some of them generate information about the weather or the surface of the earth, while more than 1,000 communication satellites provide access to the Internet, cellular communications, television and radio. A variety of satellite constellations in low earth orbit provide low latency Internet access from space.
Threats to nation-state satellites, including deliberately disrupting their signals, are hardly new. Nonetheless, there is growing concern about expanding ground and space-based capacities to counterfeit, block, damage and destroy satellite systems. China, Russia, and the United States are all moving swiftly towards arming space, mainly on the grounds of deterring rival threats. Russia and China have tested several satellite-wrecking systems – both ground-based and space-based systems known as "killer satellites". Satellites are also surprisingly vulnerable to hackers. In the meantime, satellite images are increasingly exposed to generative opposing networks that manipulate remote sensing images. Deepfakes, extremely convincing false images and videos are now also a problem in space.
The digital infrastructure is not only spreading up in the sky, but also down in the sea. Over 420 submarine cables transport around 95 percent of cross-border data and voice traffic. The first submarine cable was laid from Ireland to Canada in 1858 and allowed users to share a few words an hour. By 1900, there were over 130,000 miles of cable around the world. Fiber optics didn't appear until 1988, and today there are more than 700,000 miles of cable carrying nearly 160 terabits per second. Given the insatiable data transfer needs of cloud computing, large tech companies are driving the majority of new investments in submarine cables. Amazon, Facebook, Google and Microsoft alone have invested over 20 billion US dollars in new cables in recent years. Dunant (named after Henry Dunant, the Swiss founder of the Red Cross and first winner of the Nobel Peace Prize), can transmit a record-breaking 250 terabits per second.
Vulnerable underwater cables
At least 426 submarine cables are in use worldwide, transporting around 95 percent of cross-border data and voice traffic. Their total length is estimated at 1.3 million kilometers and ranges from 130 km of CeltixConnect cable connecting Great Britain and Ireland to 20,000 km of Asia America Gateway cable.
The strategic importance of submarine cables and the operating stations that connect them to terrestrial networks cannot be overstated. They are one of several fronts in the ongoing information wars. They can be tapped to get information, laced to slow communications, or implanted with backdoors to suck out raw data. China, Russia, and the United States are each able to sabotage cables using specially designed espionage submarines, a strategic vulnerability widely recognized among defense experts. There are very few manufacturers who can run such cables. Huawei Marine Networks, until recently a subsidiary of the Chinese telecommunications giant, has built or repaired nearly a quarter of the world's cables.
Cell phone masts are the nervous system of the digital world. They are ubiquitous too. Groups like OpenCellID have located over 36 million unique GSM cell towers worldwide. Typically located in densely populated areas, these towers primarily receive and transmit voice and data to and from cell phones and other devices. Some are camouflaged as flagpoles, others are mounted on buildings. Their density varies: 3G and 4G towers can be anywhere from 50 to 90 miles apart, while 5G towers are often closer together, with distances varying between 800 and 1,000 feet.
Proliferating cell towers
The tens of millions of telecommunications masts documented by OpenCelliD are not evenly distributed. The lighter the cluster, the more towers. Fewer towers are observed in China due to reporting errors.
Despite our overwhelming dependence on them, protecting cellular networks from hacking is virtually impossible, and few cellular operators have the practical means to defend themselves. Most traffic is unencrypted, and the systems that power the networks cannot distinguish between legitimate and malicious commands. This is because the underlying protocol is out of date for most systems, which means systems can easily be breached. (The black market is full of offers.) There are also devices that can simulate cell towers – so-called IMSI catchers or stingrays – that can ensnare unsuspecting users by intercepting or eavesdropping on calls.
These are the nodes that power communications around the world. They first appeared in the 1940s and are now critical to sustaining public and private cloud platforms, including those from Alibaba, Amazon, Facebook, Google, IBM, Microsoft, Oracle, and Twitter. A data center is essentially a dedicated space to house computer systems, including telecommunications and data storage, much of which is redundant. A large center can use as much electricity as a medium-sized city. Since the Internet boom began in the late 1990s, the number of data centers has exploded, as has their size and environmental impact – including around 1 percent of global electricity consumption.
Today there are millions of data centers worldwide, including more than 540 hyperscale centers with tens of thousands of computer racks. Range International Information Group in Langfang, China reportedly hosts the largest center, covering over 6.3 million square feet. The vast majority are in the United States, followed by China, Japan, and parts of Western Europe. Hackers are increasingly targeting data centers to hijack systems, steal accounts, and steal trade secrets. One reason data centers are hacked is because they are often easy targets as they are often poorly protected against digital misconduct, the persistence of legacy systems that can be easily breached, and the increasing sophistication of cyber arsenals.
The COVID-19 pandemic and the associated lockdowns have accelerated the dependence of governments, companies and entire societies on digital technologies. Countries, states, and cities with adequate cellular networks, decent broadband, and a digitally literate population tended to do better than those without them. Some societies are more digitally networked than others: There are still over 3.7 billion people without basic internet access. In developed countries, over 87 percent of the population has direct access to the Internet, compared to only 47 percent in developing countries and 19 percent in the least developed countries.
In a digitally interdependent world, being able to access telemedicine, take online courses, or work remotely is critical not only to thriving but also to survival. People who don't have robust broadband access are left behind. In sub-Saharan Africa, for example, over 60 percent of the population still does not have access to 4G networks; in rural areas, 2G is the norm. Ensuring affordable digital education, work and health services that are safe and resilient will be fundamental to managing crises, including future pandemics.
There are more than 4.6 billion active internet users today, up from around 4 billion in 2019. That means around 60 percent of the world is connected to at least one device – and some of them to much more. According to industry experts, at least 93 million new phone users, 316 million new internet users and 490 million new social media users went online between January 2020 and January 2021. Still, waves of hacking and malware attacks are a constant reminder that most governments, businesses and citizens are digitally exposed. In addition to the colossal attacks on the Solar Winds and Kaseya supply chain, the ransomware epidemic threatens not only public infrastructure, government services and financial institutions, but also the basic trust required to sustain the digital economy.
The threat posed to Internet users by digital misconduct with their physical devices is far-reaching. In the past few years, cybersecurity researchers have discovered compromises in over 100 million smart devices around the world. Such holes can expose corporate servers and IT systems, medical and financial data, and the control systems of factories and utilities. As the world moves rapidly towards the Internet of Things, where everything around us is always connected, these risks have only become more serious. There will be more than 32 billion wirelessly connected devices by 2025 (up from 14 billion in 2021), most of which don't even have basic security features.
One way to more confidently navigate a rapidly digitizing world is to map it in a workable way and quantify what is at risk. By highlighting the interactions and weaknesses in physical and digital infrastructures and supply chains, maps can help governments, businesses and civil societies to strengthen their defenses. In a world where digital devices can be easily infiltrated, tampered with, and armed with weapons, awareness is essential. Only when we understand the risk better can we reduce it more easily.