Undersea cables, Understated Risk

Rahul Bhatia 

Rahul Bhatia is a Security Studies Masters student at UCL and former writer for the Durham History in Politics Journal and Foreign Affairs Society. Email: Uctqrkb@ucl.ac.uk

99% of global internet traffic runs through undersea cables, creating a new target for plausibly deniable provocations 

The recent severing of undersea internet cables in the Baltic Sea, allegedly by a Russian ‘ghost’ vessel, presents an uncomfortable new reality for those concerned with national defence. Accidental or otherwise, given how integral these cables are to the functioning of any modern state and the vulnerable zones through which these cables pass, what steps, if any, can countries take to mitigate the associated risks? 

Cold cuts 

Submarine fibre-optic cables are the essential hardware behind global connectivity. In recent times, the biggest threat posed to them was by curious sea life, nibbling and dislodging them. Recently though, they have been recognised as key chokepoints for international trade and basic state functionality. Their location in international waters leaves them vulnerable to attack, as there is little effective oversight of policing given the difficulties of operating  patrols on the high seas. Moreover, their passing of regional information concentrated into a single bundle of cables has long been an asset. Not only is it an extremely efficient way to transfer information; for intelligence gathering, tapping into these cables provides an enormous amount of data to domestic intelligence services, or agencies with overseas bases at strategic crossroads. Pioneered by GCHQ in collaboration with British telecoms companies, tapping into fibre-optic cables is a difficult feat, and is successfully used by the British cyber intelligence agency to monitor for counterterrorism [1]. This technology is even alleged to have intercepted communications between Al Qaeda and Taliban operatives during the hunt for Bin Laden via a British listening station in Seeb, Oman [2][3]. Now though, the vulnerabilities of these informational chokepoints are more pressing than the benefits.  

First came the threat. Houthi rebels in Yemen began posting on Telegram in early 2024 about how many of these cables pass through the Bab el Mandeb Strait, in areas where the Iran-backed militia had already attacked ships it deemed to be assisting Israel in the conflict in Gaza [4].

Then came action. A key cable in the strait was  severed, collateral damage from a Houthi attack on the British owned Rubymar freighter [5]. Whether this act was intentional or not, it is an advanced endeavour that they have not yet repeated.  

The recent development alleging a Russian-linked vessel cutting two cables in the Baltics, running Finland-Germany and Lithuania-Sweden respectively, underscores the legitimisation of the cables as soft targets in an era of increasingly global destabilisation. They offer plausible deniability to offenders and just enough inconvenience to victims that gauging an adequate response is extremely difficult, whilst patrolling and protecting them is even harder. 

Troubled waters ahead 

A chilling precedent has been set for others to follow. The South China Sea looks to be a particularly vulnerable theatre given the actors, the stakes and the potential areas to strike. Given disputes between China and almost every other country that fringes the body of water, there are many potential victims. The Philippines and Taiwan look particularly vulnerable [6]. A sprawling web of undersea infrastructure passes close to both countries heading to China, Japan, Singapore, critical US military  infrastructure in Guam and the US mainland itself [7]. If any one of these cables were to be severed, both countries would be severely crippled. Furthermore if cables were severed in conjunction with a military assault, either on the Filipino outlying islands that China claims are within its maritime borders, or as part of an assault on Taiwan, both countries capacity to respond without reliable internet to connect with military allies and keep critical infrastructure alive. The results could be devastating. 

The increase in cyber-warfare strategies as a means of signalling strategic escalation that does not  result in declarations of war presents another scenario in which cables become a liability. Take high-profile ransomware cases in recent times. The 2021 Colonial Pipeline hacking saw oil services across the entire eastern United States disrupted through the hacking of a single piece of critical infrastructure, affecting not just the lives of millions of Americans, but also disrupting the operations of critical  government departments including the Department of Defence for nearly a week. Perpetrated by Russian-government backed private hacking groups, they were almost impossible to counter, prosecute or circumvent, forcing the US government to accept the failure and pay the ransom of 75 Bitcoin [8]. These types of attacks are increasingly frequent and have the flexibility of being perpetrated by a hostile state or through third-parties, making it extremely difficult to know who to blame, who to prosecute and how to respond. With many hostile states increasing their cyber capabilities in recent years, including Russia, Iran, China and North Korea by proxy, it's entirely possible this critical infrastructure could be similarly targeted by hackers for information or financial gain [9]. Given how cables transmit most information carried on the internet, attacks could target anything from mass personal data; critical infrastructure like hospitals and patient data; governmental departments, services and records and much more. As cyber-warfare capacity grows and the attraction of using a third party for tacit escalation increases in a multipolar, increasingly unstable global order, the likelihood of these attacks continues to increase. 

Untangling the mess

Finding viable solutions given global dependence on cable infrastructure looks both difficult and costly. The only other major format of informational trafficking is via satellite. But despite recent developments including Elon Musk's 7000 strong Starlink constellation, this still only accounts for around 0.37% of traffic. Scaling that up would require enormous investment and clog the night sky with machinery wheezing at thousands of miles an hour. Risks of damage by ‘space junk’ would increase exponentially and the difficulties associated with repairing and patrolling submarine cables would be similarly replicated in space. The most significant limitation though is cost. Submarine cables cost approximately $30,000-$50,000 p/km; in 2018, SpaceX estimated a cost of $10bn for the planned 12,000 strong, excluding tens of millions per rocket launch to put the satellites in orbit [10][11].

Maritime law is also extremely complex, crimes are rarely observed first-hand and the complexities of international Laws of the Sea can conflict in disputes. Moreover, tracking the true owners of ships is a tricky business, as seen by the mass-seizure of luxury yachts after the outbreak of war in Ukraine. Commercial vessels are frequently flagged under tax-friendly flags such as Panama, Malta, the Bahamas, Hong Kong, the Marshall Islands and others [12]. These nations offer similarly privacy-friendly corporate structures that allow owners to conceal their true identity. Ships could be flagged in Panama, owned by trusts in Pacific Islands and registered in Liberia. Owners may not be operating the ships, who may be registered in yet more countries [13]. The difficulties associated with penetrating such complex structures across multiple jurisdictions can make demonstrating the true owner of a potential cable-cutter extremely difficult, even though the offenders may be clear in practice. 

Look then to Finland, as one often does, for a robust and no-nonsense approach to the Cook Islands-flagged, Russian-linked cable-cutter posing as a commercial vessel - the Eagle S - in the Baltic. The ship was seized by the Finnish coast guard in a dramatic raid on the 27th December, along with the Honduran flagged Swiftsea Rider, who belonged to the same ‘ownership cluster’ as the Eagle S, which is registered in the UAE and sanctioned by the UK for Russia ties (note the complexity already) [14]. Dragged ashore and raided, vast amounts of ‘spying equipment’, along with sixty incriminating documents and twenty-four strong Georgian and Indian crew were all seized [15]. The crew remains under investigation in Finland, yet may not face trial as Helsinki has no jurisdiction, since the offence took place outside its territorial waters [16]. This demonstrates how a swift response, catching the criminals withdrawing the anchor red-handedly, can provide a stern response to respect the crucial cables. Yet it is not a silver bullet towards prosecution and ultimately deterrence from such action. Similarly, a Chinese ship, the Yi Peng 3, accused of cutting Scandinavian telecoms lines while departing a Russian port in November 2024, was permitted to sail off into the sunset after Chinese authorities refused to cooperate [17]. 

The vulnerabilities of undersea cables is therefore an apparent, yet somewhat inescapable reality of modern infrastructure. As the International order increasingly splits into two camps, large scale escalation becomes increasingly risky. Consequently, small-scale, deniable actions like clipping subsea cables are likely to become semi-legitimate targets in a destabilising world. Impossible to fully replace, patrol or protect, undersea cables are increasingly looking like a soft target in the future of warfare. Whether by hacking, cutting or just listening, the sheer volume of information passing through makes them rich targets for intelligence gatherers and disruptors alike. The most strident danger would be if cables were tampered with in conjunction with a military assault. Given the actions of the Yi Peng 3, the number of critical cables in the area and Xi Jinping’s increasingly firm rhetoric among his neighbours, Taiwan and those fringing the South China Sea should take note and watch carefully. 

Works cited: 

[1] MacAskill, E, et al (2013). ‘GCHQ taps fibre-optic cables for secret access to world's communications’,  The Guardian, [Online] Accessed 19th Jan 2025,  https://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa?utm_source=chatgpt.com

[2] Cochrane, P (2021), ‘Red Sea cables: How UK and US spy agencies listen to the Middle East’, Middle East Eye,  [Online] Accessed 19th Jan 2025, https://www.middleeasteye.net/news/red-sea-cables-how-us-uk-spy-agencies-listen-middle-east

[3] Fitsanakis, J (2014), ‘Location of UK’s ‘above top-secret’ Middle East spy base revealed’, IntelNews, [Online] Accessed 19th Jan 2025, https://intelnews.org/2014/06/04/01-1490/

[4] Salhani, J (2024), ‘Why are people blaming Yemen’s Houthis for cutting the Red Sea cables?’, Al Jazeera, [Online] Accessed 19th Jan 2025, https://www.aljazeera.com/news/2024/3/6/why-are-people-blaming-the-houthis-for-cutting-the-red-sea-cables

[5] Martin, N (2024), ‘Houthi attacks in Red Sea threaten internet infrastructure’, DW News, [Online] Accessed 19th Jan 2025, https://www.dw.com/en/houthi-attacks-in-red-sea-threaten-internet-infrastructure/a-68470988#:~:text=The recent attack on the,now become a regular target?&text=A new threat has emerged,world," the official added.

[6] Council on Foreign Relations (2024), ‘Territorial Disputes in the South China Sea’. [Online] Accessed 19th Jan 2025, https://www.cfr.org/global-conflict-tracker/conflict/territorial-disputes-south-china-sea

[7] Telegeography (n.d.), Submarine Cable Map,  [Online] Accessed 19th Jan 2025, https://www.submarinecablemap.com/

[8] Kerner, S. (2022). Colonial Pipeline hack explained: Everything you need to know. [online] TechTarget. [Online] Accessed 19th Jan 2025,: https://www.techtarget.com/whatis/feature/Colonial-Pipeline-hack-explained-Everything-you-need-to-know.

[9] Cybersecurity and Infrastructure Security Agency CISA. (n.d.). ‘#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities’,  CISA. [Online] Accessed 19th Jan 2025, https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-040a.

[10] Yahoo Finance (2023), ‘Subsea Power Cables: The Future of Global Energy Transport’, YahooFinance, [Online] Accessed 19th Jan 2025, https://finance.yahoo.com/news/subsea-power-cables-future-global-210000822.html?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAGSCtRhKn5SPL6U555QIEXhhlK-089w9b_N0gl6mX8aXm0XV9e54eO-yTSMiu8IMuAhI9rQX4lg4Jf5FRjNj454E8pNxs6rtWEOq_A5Dem0T6kDppJSCvXszFhWK9_KTt08bfJJanp2UWC0ukdcpNYXtOPxni1aFYj4h88RfjGUj

[11] Mukherjee, S & Laudette, CL (2021), ‘Musk says may need $30 bln to keep Starlink in orbit’, Reuters, [Online] Accessed 19th Jan 2025, https://www.reuters.com/business/aerospace-defense/musk-sees-starlink-winning-500000-customers-next-12-months-2021-06-29/

[12] Fleck, A (2023), ‘Flags of Convenience Dominate Maritime Freight’ Statista, [Online] Accessed 19th Jan 2025, https://www.statista.com/chart/29086/flags-of-convenience/

[13] Brennen, D (2025), ‘Baltic Sea undersea 'sabotage' sets stage for escalating NATO-Russia contest’, ABC News, [Online] Accessed 19th Jan 2025, https://abcnews.go.com/International/baltic-sea-undersea-sabotage-sets-stage-escalating-nato/story?id=117594533

[14] Bockmann, MW (2024), ‘Russia-linked cable-cutting tanker seized by Finland ‘was loaded with spying equipment’, Lloyds List, [Online] Accessed 19th Jan 2025, https://www.lloydslist.com/LL1151955/Russia-linked-cable-cutting-tanker-seized-by-Finland-was-loaded-with-spying-equipment

[15] Kauranen, A (2025), ‘Baltic Sea sabotage crew were poised to cut more cables when caught, Finland Says’, Reuters, [Online] Accessed 19th Jan 2025, https://www.reuters.com/world/europe/oil-tanker-sabotage-crew-were-poised-cut-more-cables-when-caught-finland-says-2025-01-13/#:~:text=The captain of the ship,Sign up here.

[16] Reuters, (2025), ‘Tanker seized by Finland over ripped cables won't face cargo sanctions probe’, Reuters, [Online] Accessed 19th Jan 2025, https://www.reuters.com/world/europe/finnish-customs-will-not-pursue-criminal-investigation-eagle-s-crew-2025-01-16/

[17] The Economist (2025), ‘Finland’s seizure of a tanker shows how to fight Russian sabotage’, The Economist, [Online] Accessed 19th Jan 2025, https://www.economist.com/leaders/2025/01/01/finlands-seizure-of-a-tanker-shows-how-to-fight-russian-sabotage