Fiber networks bring unprecedented speed and bandwidth dimensions to today’s electronically-connected world. However, these technological advances also expose data to a wide range of network threats including hackers and corporate/foreign espionage, to name a few. Corporate and government network owners must increasingly mitigate threats of data hijacking on public, private, and secure networks.
One significant threat to data on optical communication networks is fiber tapping. Once someone accesses fibers in a cable or transition/splice point, they can attenuate them by physically bending the fiber strand—and removing and capturing only a small percentage of light can mean significant data theft. The impact on network performance is often negligible and may not disrupt data transmission, so operators may never even be aware of the crime.
National Security Agency (NSA) document NSTISSI
No.7003 guides protecting wireline and optical fiber
protective distribution systems (PDS) to transmit
unencrypted, classified national security information
(NSI). According to the NSA, operators should
implement PDS in three ways:
• Hardened carrier: physical protection (locked enclosure, cable in concrete, etc.)
• Alarmed carrier: protection by monitoring and alarm system
• Continuously viewed carrier: staff monitoring of cable
As an alarmed carrier solution, the ONMSi is widely selected and deployed because it:
• Accurately detects the physical location of fiber taps in less than one minute
• Is sufficiently simple for non-fiber experts to operate it
ONMSi is an integrated solution that combines the optical monitoring capabilities and performance of an optical time domain reflectometer (OTDR) with a multi-port optical switch and various levels of control software.
While the OTDR is typically used for fiber construction, acceptance, and troubleshooting, it is also very effective as a fiber-monitoring tool. It provides a dynamic view of each fiber link and can look at events that affect a link with a location reference to each one. This includes monitoring small changes in attenuation along a fiber at different optical wavelengths. This makes it a viable solution for fiber-tapping surveillance, as the OTDR can monitor a fiber at a bend-sensitive wavelength that is away from the transmission region. This ensures transmission is not impacted while monitoring any relative loss changes along the fiber route.
Using an optical switch further enables monitoring multiple fibers from the same OTDR. Comparing each fiber monitor trace to an original reference trace reveals small, relative changes in loss along the fiber. Alarm levels can then be set based on pre-defined loss levels.
THE ONMSi SYSTEMHardware
• Monitor probe
• Rack-mountable remote testing frame and controller
• OTDR monitoring optics
• Optical switch for mult-fiber monitoring
• Central controller with server
• Access for multiple system users
• LAN - and web-enablement for multiple probe management
• Geospatial mapping to translate an OTDR location to physical reference locations
• SNPM/XML integration with other systems (network operations/security systems)
• Advanced data analysis and reporting
• Alarming and notification (e-mail/txt/LAN)
ONMSi protects networks from fiber tapping with a number of advanced capabilities:
• Continuous monitoring enables threat identification within minutes of incursion, minimizing reaction time
• Sensitive optics ensure that even the smallest loss changes are detected
• Scalability permits flexible deployment expansion as threat risks evolve
• Geospatial mapping software enables more accurate and faster threat response
• Remote location monitoring reveals threats that are difficult to reach by physical inspection
With the proliferation of data moved to electronic storage in recent years, data security concerns are now part of our daily lives. Fiber tapping to hijack private and government data is increasing as a threat as fiber deployments increase, and even the most sophisticated
and secure networks are at risk.
Viavi Solutions™ has shipped hundreds of OMNSi systems globally to network operators, owners, and government agencies with many used specifically for security monitoring. Its speed of detection, accuracy of location, ease of operation, and 15-year history in deployment are why it is a trusted solution for this critical application.