Submarine cables, the backbone of the global economy and telecommunications, are operating in an increasingly risky environment and are prone to geopolitical, physical, and cyber threats, including nation-state sabotage and spying, intelligence company Recorded Future says.
Fiber-optic submarine cables on the ocean floor transmit an estimated 99% of all intercontinental internet traffic and communications, including roughly $10 trillion of financial transactions daily and sensitive government and military communication, making them attractive targets for intelligence collection and sabotage.
The number of undersea cables has doubled over the past decade, reaching an estimated 529 cable systems in operation today, and their capacity is likely to increase, to meet the growing number of users and devices requiring internet connectivity.
When it comes to risks these cables are exposed to, intentional attacks are the most damaging, compared to accidental damage from ship anchors or fishing vessels.
In terms of intentional sabotage and spying, state-sponsored groups should be regarded as the greatest threat to submarine cables, especially with an increasing number of Chinese-owned companies operating cables, and with Russia interested in mapping the submarine cable system, very “likely for potential sabotage or disruption”, Recorded Future’s report (PDF) points out.
“Major geopolitical developments, specifically Russia’s war against Ukraine, China’s increasing coercive actions toward, and preparations for, a potential forceful unification with Taiwan, as well as the deepening rift between Beijing and Washington, will very likely be key drivers of the near-term risk environment,” Recorded Future notes.
According to the company, the main threat from China comes in the form of its ability to control digital flows, given its more prominent role as an owner/operator in the industry, which allows it to dictate the location of new cables, “creating new opportunities for intelligence collection through the landing stations it controls”.
Russia, on the other hand, represents a threat to the physical security of submarine cables, especially those in the North Sea region. Cutting a submarine cable would lead to disruptions and, if the damage is dealt in deepwater, the impact would be greater, as it would take longer to repair. State-sponsored threat actors, Recorded Future notes, have the resources required to identify and sever a cable in deep water.
“While much less frequent, intentional damage or sabotage represents a unique threat vector, since the timing of an attack and target can disproportionately affect the countries and companies that rely on that cable system,” Recorded Future points out.
Another important issue, the company notes, is the increasing role that hyperscalers such as Amazon, Google, Meta, and Microsoft are taking in the development and ownership of the global cable network, which raises concerns over market monopolies and digital sovereignty.
Located at shore and designed to connect the submarine cable with terrestrial networks, landing stations also represent an attractive target for intelligence collection, as they may lack heightened security protections, are easier to access than deep underwater cables, and house network management equipment and power feeds.
“It is likely that only a select few countries are capable of tapping into submarine cables in deepwater locations, where their activities are less likely to be detected. Landing stations therefore present a more readily accessible option. [They] can serve as intelligence collection points by their owners, on behalf of their country or for the benefit of a foreign government, through the insertion of monitoring equipment or backdoor software,” Recorded Future notes.
The use of remote network management systems for the monitoring and control of infrastructure may also represent a weak point that state-sponsored adversaries, ransomware groups, and other threat actors are likely to exploit.
“State actors seeking an espionage edge will almost certainly target the entire submarine cable ecosystem for intelligence collection: landing station infrastructure, the submarine cables themselves, third-party providers, and the hardware and software that knits it all together. Separately, Russia will almost certainly increase its overt and covert mapping of submarine cables, and likely engage in targeted sabotage on land and underwater,” Recorded Future states.
Related: Critical Infrastructure Organizations Urged to Identify Risky Communications Equipment
Related: UK Warns of Russian Hackers Targeting Critical Infrastructure
Related: Microsoft: Iranian Hackers Moved From Recon to Targeting US Critical Infrastructure
