EXPERT Q&A — Reports of damage to undersea cables across the world are on the rise, with suspected foul play in many of these incidents. These cables are crucial conduits for communications, financial transactions, Internet traffic and even intelligence, making them prime targets of gray zone tactics, from suspected Russian sabotage of Baltic Sea cables to alleged Chinese severing of cables in the Taiwan Strait. The Federal Communications Commission voted last Thursday to update U.S. rules on subsea cable development, aiming to streamline construction and better protect this critical undersea infrastructure.
The Cipher Brief spoke with Rear Admiral (Ret.) Mike Studeman, who served as Commander of the Office of Naval Intelligence, about what he says is an ongoing assault on undersea cables — including “outside-in” attacks like sabotage and “inside-out” attacks from embedded exploits — and how the U.S. and its allies can better defend the cables they rely on. Our conversation has been edited for length and clarity.
The Cipher Brief: What is the perceived danger that we're talking about here that the Congress is perhaps seeking to address?
RADM Studeman: It's very clear that the adversaries of the United States, the Chinas and the Russias of the world, are very keen on trying to get leverage in various ways against the United States and the West through critical infrastructure. The subsea cables are just one element of critical infrastructure.
But frankly, the statistics would blow people's minds. Ninety-nine percent of our Internet traffic goes through the undersea environment. When you think about the capacity of those cables, it's terabytes of information versus gigabytes of information through satellites. So essentially, when you go through satellites, it's like drinking a glass of water in terms of the amount of data throughput you get. But undersea cables, it's like trying to drink a large swimming pool worth of data. So we're highly dependent on those. $22 trillion of financial transactions are processed through undersea cables every day. We also have our defense, our national security, our intelligence riding those cables like everybody else with their streaming videos and emails and all the rest. So the threat there is significant, just like it would be on land-based sites with people trying to get into your communications, manipulate them, outright disrupt them through severing and cutting.
The Cipher Brief: The implication of the request made by the House would appear that this is less of a concern about the severing and cutting of cables, but more that Chinese companies, particularly the maintenance and repair companies, may be getting access to these cables,and then doing what? Is it tapping? What are we talking about here?
RADM Studeman: There's the outside-in and then the inside-out threats and it's worth bifurcating it in the beginning. So if you're talking about the six sea cables that were more than likely purposely cut by Russia and China since November 2024 in the Baltics and the Taiwan Strait, it shows you what can happen. Now there are natural ways cables get cut; 150 to 200 times each year cables are damaged by underwater volcanoes, dredging, fishing vessels accidentally dragging their anchors. But these are more purposeful nation state threats that we're seeing that are emerging. So there's no doubt about the outside-in, which means we got to track suspicious vessels.
But the inside out threat is just as significant and we need to be mindful of it. There's a lot of different equipment that can be at the terminal landing sites in between the subsea segments from optical repeaters to other junction points on sea cables that could potentially have malware in them that could perform a variety of functions when directed. So part of it is about espionage and the ability to shunt information into a place where Chinese and Russian intelligence can go through it, even if it's encrypted. They're hoping that later on with decryption capabilities they are working on that they could end up having all this data that they can back cast and decrypt to learn all sorts of secrets. So there's the shunting and the access to data. And there's also the ability to potentially exploit and disrupt from the inside with whatever functionality exists anywhere along the full length of those cables.
Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.
The Cipher Brief: How easy is it to say, we're not going to use those repair companies because they're associated with China, and we're just going to pivot and do it ourselves or figure out some other way? Is that something that can be changed on a dime? How hard is that?
RADM Studeman: We'll have to ask Microsoft, Google, Meta, and some other companies that question because the extent to which they're dependent and whether or not they have alternate ways of providing those services is really known better to them. But the report that got this going in the first place was that Microsoft was using Chinese companies to be involved in some of the maintenance work here.
I think we're doing the right thing. I think that there are alternate companies that can in fact provide these services and we need to get really wise about this and then hold the companies accountable to the national security requirements, which are legitimate, that we need them to be cooperative in to be safer and frankly more resilient because our adversaries wouldn't hesitate to use some of these exploitation techniques in the future. We can't be naive about this.
The Cipher Brief: Is there any evidence to your knowledge that this is more than a concern at the moment? In other words, any evidence that China has gotten into that big data fire hose that comes into this country or anywhere else for nefarious purposes?
RADM Studeman: I think it's 100% safe to say that the Chinese have been grabbing big data from all forms of communication that traverse the earth, including a substantial amount of U.S. and allied data that they have sitting there, which has been examined by their intelligence services, and could in the future, if encryption is broken, depending on what level it is, potentially also be something that they can analyze and go through. This is not some kind of theoretical threat. This is trying to stop something that's underway.
The Cipher Brief: And other than getting American or non-Chinese entities to do that work at the bottom of the ocean floor on the maintenance and repair side, is there anything else that you think ought to be done to address the threat?
RADM Studeman: I do think that when it comes to the manufacture of some of these cables that they're going, and discussions already exist about this, to put sensors of various types on there. There are normal anomalies and then other anomalies that could indicate that somebody's up to no good. There's signal distortions, there could be latency delays, there could be some anomalies after work is done in a certain segment of your cables. All those things deserve to have more sensors and therefore more analysis and more awareness because then you will know how to act appropriately to nip something in the bud, ideally, or to stop it soon after you detect it. But many cables are essentially dumb cables; they don't have enough of that sensing capability. So the newer ones should incorporate that technology that exists today. It's not hard, although it drives up the expense a little bit.
When it comes to the inside-out too, I do think that there are probably some software types and analytics that you could run against the data that the sensors provide. There's a different kind of tailored, maybe agentic AI which could be focused in this area too, to make sure you're not chasing your tail with false alarms. Trying to distinguish something that's truly, legitimately a concern versus something environmental or endemic to the running of the cable system altogether.
And then of course, you've already talked about steps to take with regard to identifying suspicious vessels that may be operating over these cables that may be up to no good. How do you deter that or how do you respond to that?
I also think that in terms of some of the resiliency efforts, we're gonna need to have more essentially underwater flyers, underwater drones. If you think about the Chinese and the Russian deep sea programs that have intent to go after cables, you need to examine them to make sure there's not a box that's been laid on top of them. Having some regular patrols, the Baltic states are currently doing that at the sort of air and surface level. And they're thinking about the desire for the undersea. We need to have more essentially drone flyers that are cheap, that can fly over the most critical cables out there. That to me is also where the future is going with all of these dangers that exist.
Opinions expressed are those of the interviewee and do not represent the views or opinions of The Cipher Brief.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
