Since I began my research into tapping fiber optics one question has been asked more than any other:
"How can this type of attack be prevented?"
Though some solutions are cheaper than others, some have their benefits and others have their workarounds as well. Keep this in mind as you read this post.
Bend Insensitive Cable
Bend Insensitive Cable (BI Cable) is probably the easiest and cheapest way to prevent someone from tapping your fiber lines (using conventional means (the government almost certainly has other technologies to extract such data)). BI Cable was created to guide light lost while being bent at tight angles back into the core of the cable. This is accomplished with another layer of glass between the fiber core and the cladding. The exterior of the cable retains the look of a standard fiber optic cable.
I am actively researching means of defeating BI Cable.
Several companies offer a system that provides physical security for fiber optic lines. These systems employ the use of single-mode fiber optic cables and send a constant light down the cables. The setup requires deployment of the single-mode cables adjacent to the fibers to be protected. The purpose here is to detect that constant light being sent and if anything acts upon the cable (bend, movement, breakage), the system will see that the amount of light that was sent was not the same that was received and prompt further investigation.
Optical Time Domain Reflectometer
Optical Time Domain Reflectometer (OTDRs) can be used to detect tapping by analyzing the locations a fiber cable passes through. An OTDR replicates the function of an actual fiber system, by transmitting and receiving data on an active fiber line. The difference being that the receiving side is measuring for splice loss, length, and can be used to find faults in the line. The OTDR in our case would measure the strength of the fiber transmission before a location, and after a location and determine if something is in between the two causing the signal loss. Keep in mind, the Clip-On Coupler causes very little signal loss, but this device is designed to detect such minute losses.
This is truly the best way to defeat any and all tapping. By having all of the data being transmitted through your fiber lines encrypted, you are able to guarantee that even if someone is eavesdropping, the data they steal will be completely useless to them. Several companies produce solutions to fiber optic encryption, but just keep in mind the pros and cons to layer two vs. layer three encryption.
Obviously there are multiple methods to detect and thwart fiber optic tapping. Choosing the right one for you is another consideration altogether. Of course, there are many other techniques than those listed here, but I feel the above are the most common and/or most easily implemented. Feel free to chime in with your thoughts!