Altnets want tougher punishments for attacks on physical infrastructure

This is the main thrust of a letter sent by UK fibre altnets Ogi and Vorboss to Michelle Donelan, the Secretary of State who heads up the Department for Science, Innovation and Technology (DSIT).

Ogi, Vorboss and the dozen or so other altnets that have signed the letter are understandably concerned about the recent spate of attacks on physical infrastructure, and want the government to do something about it.

"Fibre optic networks are the critical digital backbone underpinning our economy. Our homes, businesses, hospitals, financial institutions, public services and more, are connected through fixed fibre assets," the letter says. "Any malicious disruption to these services poses significant risks to both public safety and economic activity."

The letter cites some recent ISPreview reports chronicling acts of vandalism against various altnets.

Wales-based Ogi called in the police after its network was targeted, leaving customers in Pembroke Dock without connectivity over a weekend in January. Pine Media's network in Sheffield was similarly attacked last month, affecting around 200 customers. Late last year, vandals also attacked Netomnia's network in Liverpool and MS3's network in Hull.

Putting aside the effect these attacks have on end users, they also don't do altnets' finances any favours either. Some of them are stretched fairly thin thanks to the current economic climate, and the last thing they need is the expense of having to rebuild bits of their networks.

Indeed, Orgi and Vorboss indulged in some doom-mongering, warning that if attacks persist, "private companies investing in full fibre infrastructure may withdraw, financial institutions could lose faith and cease investing in the sector, and communities could find themselves left behind in the digital age once again."

Enough is enough, say Ogi and Vorboss. They want intentional damage to fibre infrastructure to be categorised as a criminal offence distinct from ordinary criminal damage, and the severity of penalties to reflect the potential risks to life caused by outages.

"We propose that perpetrators of such acts face the threat of lengthy prison terms and appropriate fines," the letter said. "By asking for such severe consequences, we hope to deter individuals from engaging in activities that puts lives at risk and compromises the connectivity that we all increasingly rely on."

A DSIT spokesperson said in a statement to Telecoms.com that the UK has "one of the toughest telecoms security regimes in the world and we continue to work closely with relevant organisations to identify risks and ensure the security and resilience of our telecoms network infrastructure."

While the UK does indeed have the Telecommunications (Security) Act 2021, its focus is heavily on cyber attacks and so-called high-risk (i.e. Chinese) vendors. The responsibility for physically protecting networks from gangs of criminals who go around chopping up cables falls on telcos.

"We have engaged with providers and relevant authorities to understand these concerns and identify whether there is support government can provide to safeguard networks and ensure that services can operate without disruption," said DSIT's spokesperson. "Any case of suspected criminal damage to telecoms infrastructure should be reported to the police to investigate."

On a related note, Ogi, Vorboss et al also took the opportunity to bring up the issue of whereabouts compliance – the practice of informing Openreach when and where a fibre builder accesses the incumbent's physical infrastructure so that if something goes wrong there is a paper trail.

As previously reported, some altnets seem to be better at compliance than others, and there is also an argument that Openreach's data-gathering on whereabouts is flawed. Either way, improvements are needed, argue Ogi and Vorboss, so that it is easier to identify unauthorised access to infrastructure.

While this is a valid point, Openreach is currently working with altnets to improve whereabouts compliance reporting, and has set a deadline of 1 April to come up with something better. It would probably be more constructive to wait and see if anything emerges from this process before lobbying the government about it.

Back to the main point of the letter though, and the call for tougher punishment for vandalism is understandable. It is also another potential sign that the finances of the UK's myriad fibre builders – who were encouraged into the market by the government – are under significant strain.

UPDATE - 09:00, 11/3/24: We received the following statement from Katie Milligan, chief commercial officer at Openreach:

"As the largest network in the UK with the highest regulated service standards to uphold, nobody suffers more from poor ‘whereabouts’ compliance than Openreach and no-one’s keener to improve it.

“We’re continuing to work closely with the industry and Ofcom to make sure that work is recorded properly and completed safely and securely. We’ve been doing this in a very collaborative way and, whilst we do have options for stricter enforcement if that’s needed, we’d prefer not to have to enforce contractual penalties. Right now, no company using our network is 100% compliant, so everyone has work to do to improve.

“It’s also important to emphasise that compliance isn’t a silver bullet to prevent damage and security issues. It can help of course, but it doesn’t account for malicious acts or provide conclusive proof of causes."