Solar Storm Attacks on the Internet

Solar Storm Attacks on the Internet

The Internet is vulnerable to attacks, hardware failures, software bugs. But it can also be vulnerable to the actions of the Sun, as the study "Solar superstorm: planning for an Internet apocalypse" shows which, despite a catchy title, is a serious and detailed analysis of the risks that the Internet will run with the current increase in the violence of the Sun.

The Sun shines on us and sometimes gives us sunburn. But it also has another effect, that caused by solar storms, including coronal mass ejections. During these storms, the Sun ejects a large quantity of particles whose arrival on Earth causes various electromagnetic phenomena, in particular the generation of induced currents in the conductors. The cables that connect computer network equipment, such as the Internet, can therefore be disturbed or even damaged. The best known of these storms is the Carrington Event, which occurred at a time when electricity was a novelty in little use and the main network was the telegraph. Coronal mass ejections are very directional and, if they do not occur in the direction of the Earth, the consequences are minimal (as for example for the eruption of July 2012).

Solar activity, and these storms, follow cycles. The best known is the 11-year cycle, and we are currently in cycle 25. But there are other cycles, with a longer period, such as the Gleissberg cycle. As luck would have it, the expansion of the Internet coincided with a minimum of most of these cycles, thus relatively low solar activity. But things are changing, solar activity is increasing, and a high intensity storm seriously disrupting the Internet (and other technical constructions) is a real possibility in the next few years. A storm with the size of Carrington's would have far greater consequences today.

For instance, if the optical fibers are not conductive, the repeater power cable that runs along them is, and therefore an optical fiber can be disabled by a solar storm.

The article "Solar superstorm: planning for an Internet apocalypse" seeks to quantify the risk and to study how to limit it. One of its angles of attack is to look at the geographical distribution of network equipment. Indeed, the consequences of the solar storm are more intense at high latitudes, therefore near the poles. On the other hand, the longer a conductor, the greater the induced current. Transoceanic submarine cables are therefore the most vulnerable. The author therefore delved into the data and looked at where there was the most risk. A copy of the data is available online, except for those it didn't have permission to, like ITU data. For example, CAIDA publishes some very useful information about routers.

Here is a summary of the article:

  • The transatlantic submarine cables are very concentrated in a small number of points on the east coast of the United States (the transpacifics are better distributed), and too far in the north, which increases the risks. In the event of an intense solar storm, all these cables would be put out of order, only those leaving from Florida, at a lower latitude, would be spared (and they do not go to Europe, so the connectivity between Europe and the United States would probably be discontinued).
  • Remembering that storms mostly affects high latitudes; the author calculates that Alaska will lose all of its submarine connectivity, but Hawaii would be relatively untouched.
  • Fun fact, in the event of an intense storm, the UK would lose connectivity with North America but not with Europe; a reverse Brexit.
  • Shorter terrestrial cables will be significantly less affected.
  • What about data centers? The tendency being to put them more and more in the North, to facilitate their cooling, in particular in the context of global warming, they could also be affected.
  • What about the root DNS servers? The author thought about it too and considers that, given their very varied distribution on the surface of the globe, they will probably not all be affected at the same time.

In the current state of science, we do not know how to predict solar storms, only to determine probabilities. We cannot therefore prepare well in advance. However, in a solar storm, as the ejected coronal mass travels slower than light, the storm is seen for hours, or even days, before it feels its effects.

There exist alarm services used, for example, by aviation. This is the case with the Presto service of SIDC. A typical warning (dated October 11, 2021) says:

A halo coronal mass ejection has been observed in the available SOHO / LASCO coronagraph imagery at 07:24 on Oct 9. This halo coronal mass ejection is associate with the M1.6-class flare peaking at 06:38 UTC on the same day in the Catania sunspots group 58 (NOAA AR-2882), which was located on the central meridian. The projected speed was measured 692 km/s by the software package CACTus. The true speed has been estimated around 950 km/s. The transit time to Earth is estimated to take about 62 hours, ant the arrival to Earth time would be on Oct 12, around 01:00 UTC.

In this case, the ejected mass (CME = Coronal Mass Ejection) will indeed arrive on Earth but we have a little advance to prepare.

What to do when I receive the warning? Cutting the power can help but is not enough, the danger coming from the power induced by the reception on Earth of the ejected coronal mass. The author recommends working on diversity, with more cables, and better distributed. Redundancy (and the absence of SPOF) remains the best defense.

Get started with 100,000 free lookups: sign up