By Tony Grayson, President & GM of Northstar Enterprise + Defense | Former U.S. Navy Nuclear Submarine Commander | Stockdale Award Recipient | Veterans Chair, Infrastructure Masons

Published: December 9, 2025 | Updated: January 6, 2026 | Verified: January 6, 2026

TL;DR:

The internet's physical layer is catastrophically vulnerable. While we've spent billions securing data centers with biometric scanners and armed guards, the fiber paths connecting them run through shared manholes where a single thermite charge could sever "redundant" connections. Tony Grayson, who spent 20 years operating in environments where physical infrastructure determines mission success, explains why data center security is essentially an illusion and what it means for the $9 trillion in daily global trade that depends on internet connectivity.

In 30 Seconds:

Tony Grayson has managed billion-dollar infrastructure portfolios at Oracle, AWS, and Meta. The operational reality? We build $100 million facilities with 2N power redundancy, then connect them via shared physical pathways vulnerable to low-tech sabotage. Submarine cables carrying 99% of intercontinental traffic take 40 days to repair—if a ship is available. The Baltic Sea cable cuts, Guam chokepoint, and Ashburn concentration aren't isolated risks. They're capability demonstrations. The question isn't whether a coordinated attack could disconnect the digital economy. It's when.

COMMANDER'S INTENT: THE PHYSICAL LAYER MATTERS

The Mission: Expose the critical gap between data center security theater and actual infrastructure resilience.

The Reality: Tony Grayson spent 20 years in the submarine force where physical infrastructure determines whether you complete the mission or become a casualty. The same principles apply to digital infrastructure: the most sophisticated cybersecurity is worthless if someone can sever your physical connectivity with a cutting wheel.

The Tactical Takeaway: Stop treating data center security as a perimeter problem. Tony Grayson's rule from submarine operations: if you can't protect the supply lines, you can't protect the castle. Audit your actual physical fiber paths—not the diagram, the manholes. If your "redundant" routes converge in the same conduit, you have one path, not two.

The Illusion of Data Center Security

There is a dirty secret the data center industry doesn’t like to discuss: all the biometric scanners, mantrap doors, armed guards, and compliance certifications in the world can’t protect you from the vulnerabilities that actually matter.

I’ve spent my career building, operating, and leading infrastructure at the world’s largest scale...from commanding nuclear submarines to managing hyperscale data centers. I’ve managed billion-dollar infrastructure portfolios and led large teams. Based on that operational reality, I can tell you something that should keep infrastructure executives up at night: Data center security is essentially an illusion.

"In the submarine force, we had a saying: hope is not a strategy. You either have physical control of your supply lines, or you don't. The data center industry has convinced itself that logical redundancy is equivalent to physical redundancy. It doesn't.""

— Tony Grayson, former nuclear submarine commander and SVP Oracle Infrastructure

The industry has spent billions fortifying the "castles" (the facilities) while leaving the "roads" (the physical infrastructure) leading to them utterly exposed. We have focused on cybersecurity and access control, overlooking the fragility of the physical layer.

Physical Infrastructure Vulnerability: Why Redundancy is a Myth

Why is Northern Virginia (Ashburn) a single point of failure? The industry often cites that 70% of global internet traffic flows through Ashburn. While analysts at TeleGeography estimate the real number is closer to 25% of North American capacity and 13% globally, the concentration risk remains terrifying.

The vulnerability isn't just in the data halls; it is in the fiber-conduit convergence underground.

The Manhole Vulnerability

The Short Answer: While network diagrams show redundancy, physical fiber paths often converge in the same underground conduits, meaning a single physical attack can sever all "redundant" connections.

Most executives believe their network architecture diagram shows redundant connectivity because it shows two distinct lines. In reality, the fiber connecting the world’s data centers often runs through the same physical manholes.

"I've walked the conduit routes in Northern Virginia. What I saw would terrify any infrastructure executive who actually understood the implications. Your network diagram shows two paths. The physical reality is one trench, one manhole, one point of failure." — Tony Grayson. former SVP Oracle, AWS, Meta

Why does critical infrastructure converge in the same place?

• Economics: Running fiber through existing conduits is significantly cheaper than trenching new routes.

  
  

• Permitting: Collocating with other carriers reduces bureaucratic headaches.

  
  

• Speed: Adding capacity to established pathways is faster than pioneering new ones.

  
  

Every decision made economic sense in isolation, but together they created a single point of failure masquerading as redundant infrastructure.

When the Glass Melts

We build $100 million facilities with 2N power and N+1 cooling redundancy, yet we connect them via shared physical pathways vulnerable to low-tech sabotage.

• The Threat: It doesn't require a sophisticated cyber-attack. A state actor with access to those manholes could destroy connectivity with a small incendiary device or thermite charge.

  
  

• The Result: In minutes, thousands of fiber strands turn to slag.

  
  

All the redundant paths your network architect promised you? They often converge in the same conduit runs and the same manholes. If the glass melts, the redundancy on your diagram effectively equals zero.

"On a submarine, we understood that redundancy only counts if the backup systems are physically separated. Two reactor coolant pumps in the same compartment aren't redundant if a single torpedo can take out both. The same principle applies to fiber infrastructure—and the industry has ignored it for decades." — Tony Grayson, ex-SVP Oracle, AWS, Meta

Cascading Failures: The Economic Impact of a US-EAST-1 Outage

When AWS US-EAST-1 experienced an outage last October, it didn’t just affect Northern Virginia. Snapchat, Roblox, Fortnite, Ring, and Reddit all faltered globally.

If we game this out to a coordinated physical attack on the fiber interconnections, the internet doesn't fail cleanly....it fails in unpredictable, cascading ways:

• Immediate: Major cloud applications hosted in AWS, Azure, and Google Cloud’s eastern regions become unreachable.

  
  

• Minutes Later: DNS resolution failures cascade globally as authentication systems and CDN origins go dark.

  
  

• Economic Impact: The $9 trillion in daily global trade that depends on internet connectivity grinds to a halt.

  
  

The Guam Chokepoint: Our Western Vulnerability

In the submarine force, we looked for choke points. In digital infrastructure, we call them "aggregation risks." Real resilience isn't just about software redundancy; it’s about solving the physical fragility of the network. If we lose the link, the cloud evaporates. This is why we need distributed compute at the edge—so the mission continues even if the cable is cut.

If Ashburn represents America’s eastern vulnerability, Guam represents our western one (and it’s arguably worse). Guam has become a critical nexus; trans-Pacific cables like SEA-US, Echo, Bifrost, and Apricot all route through this 210-square-mile island.

As I have written about regarding infrastructure resilience, geopolitical tensions have accelerated this concentration. As the US government blocks connections to Hong Kong, the industry has shifted routes to the Philippine Sea, making Guam the single gateway between the US mainland and Asia. A coordinated attack on that single island (or an orchestrated fiber cut) could isolate the U.S. from its largest trading partners.

The Subsea Reality: Cables Under Attack

Ninety-nine percent of intercontinental internet traffic moves through submarine cables, some no thicker than a garden hose. These cables are being cut with increasing frequency:

• Baltic Sea (2023-2024): Nine submarine cables were cut, including Finnish-German and Lithuanian-Swedish links. German Defense Minister Boris Pistorius called it sabotage.

  
  

• Taiwan (2023): Cables connecting Taiwan to the Matsu Islands were cut 12 times in a single year.

  
  

• The Threat Vector: Chinese researchers have even filed patent applications for devices designed specifically to sever submarine cables.

"Forty days to repair a single cable—assuming a ship is available. There are 60 repair vessels for the entire planet. In a coordinated attack, we're not talking about days of downtime. We're talking about months. The global economy would be unrecognizable." - Tony Grayson, Former Submarine Commander.

The Logistics Gap: 40-Day Repair Times for Submarine Cables

Perhaps most concerning is that we can’t fix cables fast enough. The median time to repair a damaged submarine cable is 40 days.

There are only around 60 cable-repair ships worldwide, and demand is rapidly outpacing capacity.

• Red Sea Cuts (2024): Four cables were cut, disrupting 70% of data traffic between Europe and Asia.

  
  

• Vietnam: Lost all five international cables last year; restoration took nearly eight months due to permitting delays and vessel scarcity.

  
  

In a coordinated attack scenario, you aren’t looking at days of downtime. You are looking at months.

The Insider Threat: Minimum Wage Guards vs. National Security

Finally, we must address the "human firewall." Data centers love to showcase their security theater: biometric readers and vehicle barriers. But here is the economic reality:

• The Wage Gap: The average security guard protecting these billion-dollar assets earns $19-23 per hour.

  
  

• The Turnover: The security industry sees a 50.8% annual turnover rate.

  
  

As I discussed in my article on Systems Leadership, true reliability requires aligning human incentives with mission-criticality. When a guard making $40,000 a year is offered $100,000 to look the other way for ten minutes, the economics of bribery heavily favor the attacker. That biometric reader is only as reliable as the underpaid guard watching the mantrap.

The Wake-Up Call

We are living through a moment when the physical fragility of our digital infrastructure is being systematically tested. The Baltic Sea incidents and Red Sea disruptions aren’t isolated events; they are capability demonstrations.

Data center security is essential, but it is not sufficient. Until we address the physical infrastructure vulnerability that exists outside our facility walls, we are building elaborate fortifications around assets that can be disconnected from the world with a simple thermite charge or a few minutes on a cutting wheel or torch.

Frequently Asked Questions: Physical Infrastructure Vulnerability

How much internet traffic actually flows through Ashburn, Virginia?

While the commonly cited figure is 70% of global traffic, analysis by TeleGeography puts it closer to 25% of North American capacity and 13% of global capacity. Even at these levels, the concentration represents a massive single point of failure. Loudoun County alone supports nearly 6 GW of operating and under-construction data centers—more than any other U.S. county. The region became the "Data Center Capital of the World" because MAE-East, one of the first large internet peering exchanges, was relocated there in 1998.

Why do redundant fiber paths often fail together?

Because of conduit convergence. While the network may logically show two distinct paths on a diagram, physical fiber cables often run through the same manholes and trenches to reduce construction and permitting costs. Economics drive colocation: running fiber through existing conduits is significantly cheaper than trenching new routes. The result is a single point of failure masquerading as redundant infrastructure. A single physical attack—even a low-tech thermite charge—can sever all "redundant" connections when they share the same underground pathway.

How vulnerable are submarine internet cables to sabotage?

Extremely vulnerable. Since 2022, about ten subsea cables have been cut in the Baltic Sea region alone, with seven cuts occurring between November 2024 and January 2025. Notable incidents include the C-Lion1 cable between Finland and Germany (November 2024, Germany's Defense Minister called it sabotage), the BCS East-West Interlink (November 2024), and four Estlink cables on Christmas Day 2024. Around Taiwan, cables were cut 12 times in a single year. Chinese researchers have even filed patent applications for devices specifically designed to sever submarine cables. 99% of intercontinental internet traffic travels through these cables, some no thicker than a garden hose.

How long does it take to repair a cut submarine cable?

The median repair time is 40 days, assuming a repair ship is available. There are only approximately 60 cable-repair vessels worldwide, and demand is rapidly outpacing capacity. In a coordinated attack scenario, you aren't looking at days of downtime—you're looking at months. Vietnam lost all five international cables and restoration took nearly eight months due to permitting delays and vessel scarcity. The 2024 Red Sea cable cuts disrupted 70% of data traffic between Europe and Asia. Insikt Group assesses that without significant expansion of repair vessels, median restoration times will push beyond 40 days.

What happened during the October 2025 AWS US-EAST-1 outage?

On October 20, 2025, a DNS resolution failure affecting DynamoDB triggered a cascade of failures across AWS's US-EAST-1 region (Northern Virginia) lasting approximately 15 hours. The outage affected 14+ AWS services, including EC2, DynamoDB, Lambda, and S3. Major consumer applications, including Snapchat (375 million daily users), Fortnite, Roblox, Ring doorbells, McDonald's mobile orders, and United Airlines booking systems, went down. Even the British government's tax website became inaccessible. Estimates suggest global businesses lost $75 million per hour during the disruption. This was the third major US-EAST-1 outage since 2021.

What is the Guam chokepoint and why does it matter?

Guam has become a critical nexus for trans-Pacific submarine cables—SEA-US, Echo, Bifrost, and Apricot all route through this 210-square-mile island. As geopolitical tensions have blocked connections to Hong Kong, the industry has shifted routes to the Philippine Sea, making Guam the single gateway between the U.S. mainland and Asia. If Ashburn represents America's eastern vulnerability, Guam represents the western one—and it's arguably worse. A coordinated attack on that single island, or an orchestrated fiber cut, could isolate the U.S. from its largest trading partners.

What is a cascading infrastructure failure?

A cascading failure occurs when a problem in one service causes failures in dependent services, which then cause failures in services that depend on them—creating a chain reaction. In the October 2025 AWS outage, a DNS issue affected DynamoDB, which underpins more than 100 other AWS services. The failure rippled through the ecosystem: Network Load Balancer monitoring failed → Load balancers couldn't route traffic → DynamoDB endpoints became unreachable → Lambda, S3, and other services failed → Even services in other AWS regions experienced failures due to control plane dependencies in US-EAST-1.

Who is suspected in the Baltic Sea cable sabotage incidents?

Multiple vessels linked to Russia and China are under investigation. The Chinese cargo ship Yi Peng 3 is suspected in the November 2024 C-Lion1 and BCS East-West Interlink cuts—it departed from the Russian port of Ust-Luga and maritime tracking placed it at the exact time and location of the damage. The Russian oil tanker Eagle S, believed to be part of Russia's "shadow fleet," was detained by Finland after the December 2024 Estlink cuts—investigators found Russian and Turkish language keyboards, sensor devices, and evidence the anchor was dragged 62 miles. German Defense Minister Boris Pistorius stated "no one believes these cables were cut accidentally."

Why is data center security considered an illusion?

The industry has spent billions fortifying the "castles" (data center facilities) with biometric scanners, mantrap doors, armed guards, and compliance certifications—while leaving the "roads" (physical fiber infrastructure) leading to them utterly exposed. We build $100 million facilities with 2N power redundancy and N+1 cooling, yet connect them via shared physical pathways vulnerable to low-tech sabotage. It doesn't require a sophisticated cyberattack: a state actor with access to the right manholes could destroy connectivity with a small incendiary device. The security theater at the perimeter means nothing when the fiber can be cut miles away.

How much global internet traffic goes through submarine cables?

99% of intercontinental internet traffic moves through submarine cables. These cables are the physical backbone of the global internet, not satellites. Approximately 150-200 underwater cable damage incidents happen per year worldwide—about three cable repairs per week—mostly from anchoring and fishing. However, the recent cluster of Baltic Sea incidents and the pattern of cuts near Taiwan suggest deliberate targeting. The vulnerability is amplified by route concentration: a few cables serving entire regions means limited redundancy for countries dependent on single cable systems.

What is the insider threat to data center security?

Data centers showcase security theater—biometric readers and vehicle barriers—but face a fundamental economic reality. The average security guard protecting billion-dollar infrastructure assets earns $19-23 per hour. The security industry sees a 50.8% annual turnover rate. When a guard making $40,000 a year is offered $100,000 to look the other way for ten minutes, the economics of bribery heavily favor the attacker. That biometric reader is only as reliable as the underpaid guard watching the mantrap. Insider threats pose substantial risk in both physical and cybersecurity realms.

What economic impact could a coordinated infrastructure attack cause?

The $9 trillion in daily global trade that depends on internet connectivity could grind to a halt. If we game out a coordinated physical attack on fiber interconnections, immediately, major cloud applications become unreachable. Minutes later, DNS resolution failures cascade globally as authentication systems and CDN origins go dark. The October 2025 AWS outage alone cost an estimated $75 million per hour. A physical attack on Ashburn's fiber convergence points or Guam's submarine cable landing stations wouldn't just take down one region—it would trigger unpredictable cascading failures across the global internet economy. As the World Economic Forum warns, escalating geopolitical tensions pose significant risks to critical infrastructure.

INTERNAL LINKS TO OTHER BLOGS

1. As I discussed in We Are All Submariners Now: Tactical Edge Computing, the lessons from submarine operations apply directly to infrastructure resilience.

   
   

2. The concentration risk in Ashburn mirrors the AI infrastructure concentration I've written about—single points of failure masquerading as distributed systems.

   
   

3. This cascading failure pattern is exactly what I warned about in The 3-Year Tenant in a 30-Year Building—infrastructure decisions made for short-term economics create long-term systemic risk.

   
   

4. The human element of infrastructure security connects directly to the leadership principles I outlined in The Great Lie: The Illusion of Control in Leadership—you can't control outcomes, only systems.

   
   

5. For my analysis of how distributed, modular infrastructure can address these vulnerabilities, see Why Modular Data Centers Are the Future.

   
   

EXTERNAL SOURCE LINKS

1. TeleGeography

2. Loudoun County alone supports nearly 6 GW

3. about ten subsea cables have been cut

4. C-Lion1 cable between Finland and Germany

5. Estlink cables on Christmas Day 2024

6. a DNS resolution failure

7. Estimates suggest global businesses lost $75 million per hour

8. Insikt Group assesses

9. Yi Peng 3 is suspected

10. German Defense Minister Boris Pistorius stated

11. Approximately 150-200 underwater cable damage incidents

12. Insider threats

13. security theater

14. World Economic Forum warns

15. cascading failure

____________________________________

Tony Grayson is a recognized Top 10 Data Center Influencer, a successful entrepreneur, and the President & General Manager of Northstar Enterprise + Defense.

A former U.S. Navy Submarine Commander and recipient of the prestigious VADM Stockdale Award, Tony is a leading authority on the convergence of nuclear energy, AI infrastructure, and national defense. His career is defined by building at scale: he led global infrastructure strategy as a Senior Vice President for AWS, Meta, and Oracle before founding and selling a top-10 modular data center company.

Today, he leads strategy and execution for critical defense programs and AI infrastructure, building AI factories and cloud regions that survive contact with reality.