Threats to Undersea Cables and Landing Stations Highlighted by Recent Incidents
Severity: High (Score: 72.5)
Sources: protect.checkpoint.com, Cepa, Lbc, apnews.com, www.csis.org
Published: · Updated:
Keywords: cables, cable, beneath, natos, radars, unaddressed, threats
Summary
Undersea telecommunication cables, crucial for global internet and financial transactions, face increasing threats. Notably, incidents in November 2024 involved the BCS East-West Interlink and C-Lion 1 cables, suspected to be sabotaged by a Chinese ship. European officials are concerned about hybrid threats from Russia and China, with investigations ongoing. Additionally, cable landing stations, critical for connecting undersea cables to national networks, are vulnerable to both physical and cyber attacks. Since late 2023, at least 11 undersea cables and pipelines have been damaged in the Baltic Sea, raising alarms about coordinated attacks. NATO has responded by expanding maritime patrols, but experts warn that landing stations require similar security enhancements. The resilience of networks has so far prevented a systemic internet collapse, but the risks remain significant. Key Points: • Undersea cables carry 99% of transoceanic digital communications and are vulnerable to sabotage. • Investigations link incidents to potential hybrid threats from state actors, particularly Russia and China. • Cable landing stations are critical yet often overlooked targets that require enhanced security measures.
Detailed Analysis
**Impact** The disruption of undersea cables affected transoceanic digital communications and financial transactions worth $10 trillion daily, primarily impacting European countries including Sweden, Lithuania, Finland, and Germany. Eleven undersea cables and pipelines in the Baltic Sea have been damaged since late 2023, causing network congestion and rerouting but no systemic internet collapse. Cable landing stations, which aggregate multiple cable systems, pose a risk of broader outages if compromised, affecting sectors reliant on international internet traffic, including telecommunications and financial services. **Technical Details** Physical sabotage involving cable cutting was reported on November 17-18, 2024, targeting BCS East-West Interlink and C-Lion 1 cables, with suspicion on a Chinese vessel with a Russian captain. Threat actors likely possess advanced maritime capabilities such as nuclear-powered submarines and oceanographic surveillance ships. Attacks on cable landing stations include physical and cyber components, targeting power supplies, operational technology, and remote network management systems (RNMS). No specific malware, CVEs, or IOCs were disclosed in the reports. **Recommended Response** Prioritize enhanced physical security and access controls at cable landing stations, including perimeter defenses and reliable backup power systems. Expand maritime patrols and seabed monitoring to detect suspicious vessels near critical infrastructure. Strengthen cyber defenses for RNMS and operational technology to prevent unauthorized access and malware intrusion. Monitor for unusual network traffic rerouting and power failures at landing stations as potential indicators of attack.
Source articles (6)
- Beneath Natos Radars Unaddressed Threats Subsea Cables — www.csis.org · 2026-05-18
Undersea telecommunication cables form the foundation of the global internet and communication networks, carrying 99% of transoceanic digital communications and $10 trillion dollars in financial trans… - Nato France Russia Baltic Cables Ships Damage 764964a275530915c2cc5af1125ec125 — apnews.com · 2026-05-18
ABOARD A FRENCH NAVY FLIGHT OVER THE BALTIC SEA (AP) — With its powerful camera , the French Navy surveillance plane scouring the Baltic Sea zoomed in on a cargo ship plowing the waters below — closer… - PA Consulting — protect.checkpoint.com · 2026-05-20
In today’s evolving defence and security ecosystem, the scale of threats and opportunities – from the climate emergency to the role of the space domain – demand more than conventional approaches. A co… - Putin's shadow fleet could cripple Britain from beneath the North Sea — Lbc · 2026-05-20
Britain’s critical energy and communications infrastructure in the North Sea is exposed to possible sabotage by “shadow fleet” vessels. Writing exclusively for LBC Opinion , Patrick Cronin, a defence… - Britain is dangerously exposed in the North Sea, and Putin's shadow fleet knows it — Lbc · 2026-05-20
In November 2024, two submarine cables were severed in the Baltic Sea within hours of each other. A month later, the Estlink 2 power cable between Finland and Estonia went out of service for seven mon… - Cable Danger: Look Beyond the Sea to the Shore — Cepa · 2026-05-18
At 3:00 a.m., operators at a cable landing station lose visibility. Minutes later, backup generators fail. Traffic reroutes, creating congestion. What initially looks like a cyber incident quickly bec…
Timeline
- 2023-12-01 — At least 11 cables damaged in Baltic Sea: European officials report multiple incidents involving undersea cables and pipelines, suspected to be hybrid attacks.
- 2024-11-17 — BCS East-West Interlink cable stops working: The cable connecting Sweden to Lithuania ceased operations, suspected to be sabotage. Investigations are ongoing.
- 2024-11-18 — C-Lion 1 cable cut: The cable connecting Finland to Germany was severed, further raising concerns about security in the Baltic Sea.
- Recent — NATO expands maritime patrols: In response to increased threats, NATO has intensified monitoring of suspicious vessels near critical infrastructure.
Related entities
- Malware (Attack Type)
- Supply Chain Attack (Attack Type)
- Baltic Sentry (Campaign)
- China (Country)
- Egypt (Country)
- Finland (Country)
- Germany (Country)
- Lithuania (Country)
- Russia (Country)
- Sweden (Country)
- United States (Country)
- Energy (Industry)
- Telecommunications (Industry)
- 764964a275530915c2cc5af1125ec125 (Md5)
- Linux (Platform)
- Windows (Platform)