EXPERT INTERVIEW — Deep in the Baltic Sea, two undersea fiber-optic telecommunications cables — linking Finland to Germany and Sweden to Lithuania — were severed this week. Several European governments said that Russia’s escalating hybrid activities against NATO and EU countries were likely to blame – a charge Moscow denies. “It is quite absurd to continue to blame Russia for everything without any reason,” Kremlin spokesman Dmitry Peskov said. A day later, Swedish police said their probe was focused on a Chinese-registered cargo ship, identified as the Yi Peng 3, and the Danish navy has since stopped the vessel as part of the ongoing investigation.
Undersea cables constitute a vast and unseen backbone of global communications, and security officials are increasingly worried that they are at risk.
There are more than 600 active or planned submarine cables running over 800,000 miles across the world’s oceans. They can lie as deep as 5 miles beneath the surface, and they carry 99 percent of the world’s data, from financial transactions and internet connections to military communications and satellite coordination. They are as critical a piece of infrastructure as exists anywhere on the planet.
The severing of the Baltic cables is the latest in a series of incidents involving either accidental damage or deliberate sabotage – and sometimes it’s hard to know which it is. The U.N. estimates between 150-200 incidents of undersea cable damage each year, and while most involve fishing and shipping accidents, a recent CSIS report found that “the scale and exposure of undersea infrastructure also make it an easy target for saboteurs operating in the gray zone of deniable attacks short of war.”
And when sabotage is suspected, Moscow and Beijing have often been viewed as the likely culprits.
This week’s cable cuts bore striking resemblance to the October 2023 damage done to the Balticconnector natural gas pipeline and a submarine communications cable linking Sweden and Estonia. Finnish authorities said then that a Chinese cargo ship, the NewNew Polar Bear, has struck the telecom and gas lines with its anchor. In August 2024, a Chinese internal investigation found the ship was to blame for the damage, but insisted it was an accident.
In April 2023, Taiwan said two submarine internet cables leading to its outlying island of Matsu had been severed, causing widespread internet outages. Taiwan blamed two Chinese vessels for the cut, and the ruling party in Taipei said it has documented 27 incidents since 2018 of Chinese vessels damaging undersea cables serving the island, and accused Beijing of “gray-zone aggression.” Just last week, an Irish naval vessel escorted a Russian surveillance ship, the Yantar, out of the Irish Sea, where it was seen near the site of critical energy pipelines and internet cables.
How serious is the risk to the global network of undersea cables? And what can be done to mitigate that risk?
The Cipher Brief turned to Nick Thompson, a former CIA paramilitary officer and Naval Special Warfare Development Group operator, to discuss the threat. Thompson says that recent global events have amplified the undersea risks. “The current geopolitical landscape,” Thompson said, “is throwing gasoline onto something that's already been simmering.”
Thompson spoke with Cipher Brief writer Ethan Masucol about the nature of the global undersea cable network, Russian and Chinese subsea capabilities, the role of the private sector in the undersea domain, and how the U.S. can better protect this critical and sprawling infrastructure.
This conversation has been edited for length and clarity.
Masucol: Why are these undersea cables so important? Why should we be talking about them and the undersea domain?
Thompson: You're talking, on a daily basis, about trillions of dollars of financial transactions. You're talking about military communications, you're talking about the internet.
In addition to those cables, then you've also got undersea infrastructure [like] gas and oil and power. You've got sensor networks, which is more government and intelligence infrastructure.
And then there's also undersea seabed warfare. Think of wrecks, debris fields. When the North Koreans shoot a missile over Japan, it lands in the water. A F-35 goes into the water, there's a lot of interest in that. And there was a very famous CIA mission [in which] they brought up a Russian sub.
All those areas, which covers quite a bit, make up the critical world of subsea espionage [and] collection. And really the cables are the backbone of the global economy and communications network.
Masucol: How extensive is the undersea cable network?
Thompson: It’s a truly global network. We’re talking hundreds of thousands of miles of cable laid all over the world, connecting every continent, all countries. The cables are more cost effective, reliable and efficient than satellites. With the technology advances in fiber, we can lay these cables and instantly connect at very quick speeds, pass large amounts of data, very reliably. You don't think about them in your daily life maybe, but they are probably how we are talking today on the phone and how we're sending emails and how we're streaming services.
Masucol: And these cables have been laid down for decades, right?
Thompson: They've been laid down for a long time, but as the world becomes more connected, there have been more [undersea cables], especially looking at Africa, Southeast Asia, the developing world.
What's been interesting in the last decade or so is what we're seeing with the sabotage. We're seeing entire locations lose internet service. We're seeing very sensitive data sets in the subsea. We're seeing very suspicious activity from known state actors hovering around cables, and then the effects happen. That’s why I think it’s probably so prevalent in the news right now.
Looking for a way to get ahead of the week in cyber and tech? Sign up for the Cyber Initiatives Group Sunday newsletter to quickly get up to speed on the biggest cyber and tech headlines and be ready for the week ahead. Sign up today.
Masucol: Do you think that the geopolitical environment today is making the threat to subsea infrastructure worse?
Thompson: The current geopolitical landscape is throwing gasoline onto something that's already been simmering. Traditionally, it's the combination of clandestine and covert activity. They share some similarities, but they're different. Clandestine subsea operations are meant to stay that way. Some of these operations, like [attacks against] Nord Stream 2 or the internet, those are covert actions, but the effect is obvious. What we're seeing is capable countries that have this technology, conducting their own covert action across the globe on these cables. And so yes, I think it's only heating up, but traditionally, even the last five years and beyond, it's been clandestine activity, mainly related to espionage.
Masucol: Can you break down the capabilities of adversaries to target undersea cables and other infrastructure?
Thompson: I'll start with the Russians because they've invested a ton of money and time and infrastructure and talent into this. What we’ve seen is the Russians are very overt, and we catch them all the time, all around the world. And they say, it wasn't us. Their Main Directorate of Deep Sea Research, a well-known organization called GUGI, is primarily based out of St. Petersburg, but they also run a covert base in Olenya Guba [in the Arctic] . What they're running is really their deep-sea espionage program. It’s very capable. It's got a host of different platforms.
The main model, broadly speaking, is a mothership, a big submarine, one of the biggest in the world now. That big mothership submarine is carrying a smaller submarine, which might have manipulator arms, it might be able to sit on the seabed floor. It could even launch other vessels like ROVs (remotely operated vehicles) or even AAVs (amphibious assault vehicles). It could do a ton of espionage work in the form of tapping cables, or installing hydrophone sensors to try to pick up activity.
On the sea surface, everyone talks about the Yantar motor vessel. Those kinds of vessels are operating surveys and scientific research trying to create some kind of deniability to the Russian government. These vessels on the surface, sometimes they turn on their (Automatic Identification System) AIS, their international corresponders, and sometimes they don't. They’re loitering and their cover for action for where they're at in the world is very suspect. You’ll see them hovering over cables. You’ll see them zigzag. So what they're really doing is casing, essentially using sonar to get a nice picture of what's below, casing the environment. And then potentially they could deploy an AUV (autonomous underwater vehicle) or an ROV off that vessel. That's a quick rundown of the Russian model. It's the most mature. It started a long, long time ago.
If we look at the Chinese model, that's everything from vessels doing very similar activity, but then also very deeply involved in the undersea cable game. What the Chinese are focusing on is a couple of different things: their Digital Silk Road, supporting their Belt and Road Initiative, and then something almost like the Chinese Underwater Great Wall, which is probably focused on sensors and AUVs and ROVs to try to detect American submarine activity or clandestine, covert activity that's being directed against them.
Masucol: Could you talk more about the Digital Silk Road? Is that Chinese companies trying to lay their own undersea cables?
Thompson: It’s really interesting because the undersea cable game is really dominated by very few companies: SubCom, an American company; there's a Japanese company; and there's a French company now. There's another company called HMN Technologies, a Chinese company, formerly known as Huawei Marine. They are rapidly scaling to provide undersea cables. This company has also pivoted very well into the repair services. A lot of these undersea cables are damaged through accidents, whether it's fishing or it's an anchor or just seafloor activity. What's interesting is that even today, HMN Technologies is repairing cables overseas that are owned by some of the most well-known, profitable American tech companies. In addition to HMN Technologies, the Chinese company SB Submarine Systems is also a major player in the undersea cable repair space.
When these cables get damaged, we need an American company. We need to have assets that can get onsite that can double check the integrity of the cables. We should always be running penetration tests. What we're going to have to see is an investment of actual infrastructure – vessels and people. And if you look at it from a budgetary standpoint, a couple of million dollars, tens of millions of dollars, maybe low hundreds of millions of dollars are nothing compared to the companies [that are affected by the damage], that are hitting trillion-dollar valuations.
Masucol: What is the U.S. government’s role in protecting cables and other subsea infrastructure?
Thompson: I think the government is taking it very seriously. Do I think that fits into the U.S. Coast Guard and the Navy’s operational mandate? Probably not. We have tons of requirements and a huge world. I think the government does understand. However, it is very costly. I think private industry is the fastest option to take this head on. Some of these companies understand it.
My pitch would be to not wait until something catastrophic happens. Just because something's working now doesn't mean it's going to continue to work. I think the U.S. government gets it, understands it, but I think it's something that requires immediate attention that can't be put off any longer.
In terms of priorities, if the communications piece cuts out, even if it is encrypted, your naval special warfare troop commanders, your theater commanders, your Pentagon, your National Security Council people, if they can't communicate with each other, that's obviously a huge deal. And if something like [war over] Taiwan kicked off, or some kind of other aggressive action, the first moments of that game are going to be critical and probably decide who's on the back foot immediately.
We need resilient communications and intelligent routing. If the cables go out or they get severed or they get turned off, how's that data going to be rerouted? Satellites could [serve as] redundant comms. Cables go out, now we're pushing the satellites. Or we're pushing to localized networks that can still push the data to the right people that need it.
Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? Watch The Cipher Brief’s interview with CIA Director Bill Burns as he talks about The Middle East, Russia, China and the thing that keeps him up at night. Become a Cipher Brief YouTube Subscriber today.
Masucol: You have mentioned autonomous vehicles. What role does that technology play in the subsea domain going forward?
Thompson: I think the autonomous systems are going to play a really big role in the subsurface battle space moving forward. And that is autonomous vehicles that have endurance, anywhere from four to 10 days for smaller units, up to months. With the autonomous vehicles, there's a lot of different missions that they could do. But if you look at an extra-large vessel that can do an ISR (intelligence, surveillance, and reconnaissance) mission right now, what else can do that? Well, it's a submarine, so that's expensive. They have other missions, and frankly, it's more provocative. If an autonomous system is doing something, doing an ISR mission, EW (electronic warfare), or a cyber mission, that's a lot less provocative. It's a lot safer and it's a lot cheaper. We're going to see that the manned assets are never going to go away, but I think we're going to see rapid development and deployment of the autonomous systems and the ROVs.
Masucol: How confident are you that we can prevent, defend against and maybe bounce back from attacks on subsea infrastructure?
Thompson: I'm not going to give you an “it depends” answer, but we have capability too. The Russians, the Chinese, they're aggressive. They have no problem with lethal activity. Let’s respect their capabilities but not remain scared of them. Reestablishing deterrence is the game we're in. They do something, then there needs to be a message, and they need to understand that there's going to be a price to pay.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief.
