In 2025, the U.S. Department of Homeland Security announced grant funding of over $100 million to mitigate risks in cybersecurity. Some of these measures include planning and exercises, hiring experts in the community, and improving services. While these digital safeguards are necessary to protect high-level information, the physical infrastructure housing this data is often overlooked, remaining under-protected and vulnerable.
The digital networks Americans use every day ultimately depend on physical infrastructure, data centers, and cables in the ground and sea. Fiber optic cables are one reason for the increasing linear mileage of buried utility and service lines, now comprising around 50 million miles in total length in the United States. Digital security is only as strong as the infrastructure that supports it. Focusing on the digital layer while neglecting the physical layer leaves an exploitable blind spot.
Fiber communicates digital data through pulses of light. These pass through long strands within a cable made from silica glass rather than copper or other wiring. While the bandwidth and speed are considerably greater, it is not without its own vulnerabilities. Through passive wiretapping, also known as “fiber tapping,” malicious actors can monitor and/or record data while avoiding detection. This makes it difficult to detect when a breach has occurred and when counter measures need to be taken. If fiber operators do not know when there has been a breach, sensitive data can continue leaking and posing significant risks to individuals, governments, and organizations. One of the primary ways of avoiding detection is through using a passive optical splitter, which divides the light signal into multiple beams, allowing the data stream to be copied without interrupting traffic.
While most traffic today is encrypted, interception allows for receiving communication metadata, traffic volume, timing patterns, and network relationships. In the hands of a malicious and motivated actor, the intelligence value of such data can be extremely high. Sophisticated actors are far more likely to target government networks and other major institutions than neighborhood fiber cables. Successful interception in such instances could carry substantial national security risks.
These fiber cables transmit enormous volumes of data, with single strands carrying up to tens of terabytes of data per second. They run along roadsides, subsea, and alongside major terrestrial routes. By gaining physical access to these chokepoints, large amounts of classified and sensitive data pertaining to national communications can be leaked and leveraged. Although the Defense Information Services Agency (DISA) utilizes Defense Information Systems Network (DISN) to provide a medium for secure military communications, shared fiber infrastructure still contains ample governmental and other sensitive communications. While the sensitive data is almost always encrypted, the metadata and traffic analysis can still reveal confidential operational information.
For example, during times of crises, the metadata and traffic analysis leaked can show whether certain parties have a direct relationship, the size and frequency of their communications, and the geographic routing of those communications. The network relationships can help interceptors infer major business transactions and notice key intermediaries, otherwise known as “link analysis.” The interception of timing patterns can show response times during incidents and coordinated activity across institutions. Through large surges, actors can also infer when major emergencies, negotiations, or other critical events are occurring.
One of the more well-known instances of this is the “Pentagon Pizza Index,” which posits that pizza sales at the Pentagon and near other governmental buildings increase dramatically before international crises. The tracker’s data is available publicly. While the content of these encrypted messages remains protected, the patterns create serious vulnerabilities. As encryption tools improve, malicious actors may also be collecting and storing metadata or communication patterns with hopes that they can decrypt it with time, also known as “Harvest Now, Decrypt Later.” Beyond these harms, the sabotage risk can discourage communication across these channels for fear of leaking. Traffic analysis of this kind has been used in intelligence operations in the past, as the patterns can reveal sensitive behavior even without having access to the underlying content.
With passive means of data collection and low detection potential, there must be proven ways to protect the very fiber infrastructure itself. It is not feasible to have security stations or cameras to cover tens of thousands of miles, so to achieve security and resilience, industry and government must think creatively about the problem.
Distributed fiber optic sensing (DFOS) provides one potential solution. Unlike traditional telecommunication fiber cables sending data as light pulses, DFOS analyzes how the light scatters back along the fiber cable. In other words, it isn’t about the information being transmitted, but how the environment acts on the cable while light moves through an individual strand. Subtle changes in light backscatter can be measured to detect vibration, strain, temperature, and more. Through detection and notification, the data holders and interested parties can take action to rectify the disruption instead of leaking data for a potentially indefinite period of time. The DFOS can alert users to digging near cable routes, vault access, cable manipulation, and perimeter intrusions. The presence of DFOS does not completely inhibit cyber intrusions, but it provides physical-layer intelligence. DFOS can be used through utilizing “dark fiber,” or unused strands of existing fiber cable infrastructure. Alternatively a separate sensing fiber can also be installed parallel to the telecom infrastructure, which is typically seen in monitoring pipelines, railways, and border patrol to provide the highest sensing performance.
While digital security has been maturing rapidly to counteract increased risks, the physical-layer protections have lagged behind and pose potential for interception and sabotage. As efforts continue in strengthening our national digital infrastructure, we need to accordingly monitor the physical layer of digital infrastructure as a means of national resilience.
Written by Lilly Petruzzi, AI and Data Policy Fellow
The Alliance for Innovation and Infrastructure (Aii) is an independent, national research and educational organization working to advance innovation across industry and public policy. The only nationwide public policy think tank dedicated to infrastructure, Aii explores the intersection of economics, law, and public policy in the areas of climate, damage prevention, eminent domain, energy, infrastructure, innovation, technology, and transportation.