EXPERT Q&A — There is increasing focus on the vulnerability of undersea cables — a critical infrastructure which is key to much of global communications. They have been damaged in various hotspots around the world, with some incidents pointing to nefarious actors. Another threat beyond physical damage is the potential for intrusions and tapping, especially when it comes to U.S.-linked cables and China. Central to this issue is the dominance of Chinese companies in making, maintaining or repairing the cables linked to the U.S. In July, the chairs of three House committees wrote to the CEOs of Google, Meta, Microsoft, and Amazon to report on how exposed cables are to China in this way.
The Cipher Brief spoke with Beth Sanner, former Deputy Director of National Intelligence at ODNI, to assess the Chinese threat to undersea cables and why it is so challenging for the U.S. to mitigate the risk. Our conversation has been edited for length and clarity.
The Cipher Brief: What is the worry here? What's the kind of nightmare scenario? Why is the Congress asking the tech companies to report back on these things?
Sanner: So much of our communications flows through these cables, including encrypted classified information. There is a lot of stuff that is important. Not all of it is classified, of course — just everyday materials from financial transactions or people's connections to the internet. So there are obviously multiple reasons why we should consider undersea cables as part of U.S. critical infrastructure. But that critical infrastructure, unlike most of what we talk about, isn't only in the United States. In fact, all of this is outside the United States, and not even all of that connects directly to the United States. The vulnerability is so global because we are sending financial transactions between the United States and Singapore, for example, or even for China.
The Cipher Brief: There's no shortage of issues where the same concerns apply in terms of China having a hand in areas of our lives that involve data capture and data collection. Here, it's very hard to see how A, one would know exactly where that Chinese hand is, and B, let's say one of these companies comes back and says, well, we think that maybe a Chinese entity does some maintenance work. I imagine it's pretty hard to suddenly shift gears for Meta or Google or the other companies to say, okay, we'll just suddenly have another maintenance company that isn't Chinese.
Sanner: Right, so let's break that down a little bit. First, the way that information flows over these lines, it's very hard to restrict where things go. The messaging traffic tends to go on the lines that have the least amount of resistance and the most efficiency. So, your data can be going almost anywhere.
And we know that the FCC is going to be meeting in August and considering, and I would wager that they are going to, banning any Chinese equipment in cables that connect to the United States. (Editor’s Note: On August 7, 2025 the FCC banned the use of equipment and services from Chinese companies on its “Covered List” and other agencies’ lists of entities deemed national security threats on any future undersea cables connecting to the U.S.)
That suggests to me that there might be a problem that we don't know about. Is there the use of Chinese components even inside the cables connecting to the United States? I can tell you all cables connecting to U.S. military installations around the world, that I know of, though there could be exceptions, I think are handled by the American company called Subcom, which is owned by Cerberus, which Steve Feinberg, the now Deputy Secretary of Defense, was the co-CEO of until very recently.
But we just heard that Microsoft, in their cloud computing, with the U.S. DOD is using Chinese engineers for part of the maintenance of the cloud. And so it makes you wonder, I suppose it's possible that people are doing stupid things like using pieces like switching devices. Those switching devices direct the transmission of the light, or they could shut it down. What if those components, just like components that we recently heard were embedded in solar panels in the grid in Texas, are transmitting back or somehow controlled by China? I don't know, this is beyond my engineering capability, but I would say that we might have a problem there.
And then the third problem I would say is that this idea of the repairs, because most cables that are cut are accidentally cut. But if we rely on China for repairs, then something can be inserted in that process to tap that particular cable. And that can go on then indefinitely.
The Cipher Brief: We were just talking about some of the reporting that some of the big think tanks have done, CSIS in particular, that suggests that whereas Chinese companies and entities are not the market leaders when it comes to the construction of these cables that are reaching U.S. shores, they have a big chunk of the market, two companies in particular, when it comes to repair work.
Back to the first question, from your intelligence community background, how worrisome is that?
Sanner: Well, that is the ability to insert a tap automatically. That's how it is done. So, any time a Chinese ship repair operation is happening by the company that's a subsidiary of Huawei or the other company, all of these companies report back to Beijing and certainly can be not even compelled, just told to do that mission. So I consider that an absolutely high risk.
Now, my understanding is that Cerberus and Subcom are beginning a fleet of repair ships. They have two ships in this fleet of cable repair ships, according to one article that I read in Reuters. That's all I know is open source, of course. And so I think the United States understands this weakness. But my understanding, too, is that those Chinese ships have repaired 25% of the cables that have been cut. So again, our information can be on lines that are outside of our ecosystem. And I will say that, in terms of the overarching issue here, this is a private sector endeavor, right? There are no government owned cable lines. Not really. This is a private sector deal. And so this is where public private partnership needs to work.
Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.
The Cipher Brief: Your point about American companies now getting involved in the repair work, the House committee that looks at China and national security issues has been so aggressive in everything from TikTok to all these other things. Undersea cables have been around for a while. You would think it would not have taken this long to do what you just said, which is have American companies go out and do this if they're so worried about it. Any thoughts as to why?
Sanner: Somebody's got to pay for the contract to have it because I think we've just counted on the private sector to do this.
The Cipher Brief: And then the other question, are we at a stage now with this sort of thing that if the company has any ties to Beijing that one has to be worried about it?
Sanner: I do think that it's true that anything that's connected to China is bad. We know that China's inside our critical infrastructure in the United States, right? And they are there to pre-position themselves in case of war, or maybe even as a preemptive thing to prevent us from interfering in, for example, a Taiwan invasion.
So I would think that undersea cables are no different when it comes to the United States, but I think we have a broader issue of the potential of a concerted effort to cut cables around the world because there's very little we can do to prevent that except in very defined geographic areas. So NATO last year set up a working group focused on undersea cables and the protection of them. And they're working on developing systems like AI systems and remote sensing in order to monitor what's going on and also to use that sensing to track the particular ships that they think are problematic, either from the gray tankers or these cargo ships that they know are problematic. We would need to replicate that in the Pacific. And who is going to do that? We don't have a NATO in the Pacific.
And so I think that that is a real challenge for us down the line. We can't just think of this as a geographic problem that begins and ends with what connects to the United States. I keep seeing this. It's like, well, we don't care what happens in Ukraine or we don't care what happens, we're here in America. That just does not work anymore. Our geography is wonderful and it protects us from some things, but when it comes to cyber and space and undersea cables, communications, that is not enough. So we have to think globally.
Opinions expressed are those of the interviewee and do not represent the views or opinions of The Cipher Brief.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
