Beneath the world’s oceans, roughly 500 fibre-optic cables carry 99% of intercontinental internet traffic across 1.6 million kilometres of seabed. Every financial transaction, every diplomatic cable, every video call runs through them.
Since 2022, ten Baltic Sea cables have been cut, seven within a single 60-day window. The perpetrators exploit shallow waters, flag-of-convenience vessels, and a legal framework drafted when telegraphs were cutting-edge. The gap between how well we can detect these attacks and how rarely anyone is held accountable is the fault line that defines this emerging theatre of infrastructure warfare.
This series maps the entire landscape: who is attacking, how they do it, what technology exists to stop them, which institutions are mobilising, and why, despite all of the above, no saboteur has yet faced justice. From the Baltic’s unique exposure to seabed sabotage to the attribution and prosecution gap that leaves perpetrators unpunished, each article in this series examines a distinct dimension of the same strategic crisis.
In This Series
Why the Baltic Sea Has Become the Epicentre of Undersea Cable Sabotage. The geography, infrastructure density, and jurisdictional patchwork that make the Baltic the world’s most exposed cable corridor.
Shadow Fleets and Deep-Sea Submersibles: How Russia and China Target Undersea Cables. The two distinct threat models: Russia’s deniable anchor-drag campaign and China’s purpose-built submersible capability.
How Distributed Acoustic Sensing and Seabed Surveillance Protect Undersea Cables. The detection technology, repair logistics, and redundancy architecture that form the defence.
NATO’s Baltic Sentry and the Global Race to Secure Undersea Infrastructure. The institutional mobilisation and the strategic debates shaping cable governance.
Why Undersea Cable Saboteurs Almost Never Face Justice. The attribution gap, the resilience dilemma, and the legal architecture that makes prosecution structurally improbable.
Why are undersea cables being systematically targeted now?
Undersea cables have always been vulnerable to accidental damage from anchors and trawling. Roughly 150 such incidents occur annually, and they have since the first telegraph cables were laid. What changed after 2022 is intent.
Russia’s full-scale invasion of Ukraine triggered a strategic pivot to grey-zone operations against European infrastructure. The goal: target assets below the threshold of armed conflict where NATO’s Article 5 does not clearly apply. Cables are attractive in this calculus. They are essential, unarmed, and governed by a legal framework from 1982 that places enforcement responsibility with flag states, many of which are flag-of-convenience registries with neither the capacity nor the incentive to act.
The Nord Stream pipeline sabotage in September 2022 served as proof of concept that deep-seabed infrastructure is reachable. As one analysis put it, the attack provided “a complete playbook for damaging submarine cables.” Russia had already spent a decade mapping critical infrastructure in the North and Baltic Seas, according to a 2023 Swedish Television investigation. The ships, the routes, the methods: the reconnaissance was done before the shooting started.
Cables are different from other infrastructure in ways that make them ideal grey-zone targets. Physically, they are armoured fibre roughly the diameter of a garden hose, laid unprotected across much of the seabed. They are privately owned and commercially operated, which means no government guards them. And until recently, they were unmonitored in real time. Unlike a power plant or a data centre, there is no perimeter fence and no obvious moment of attack. A cable simply goes dark, and the operator runs an OTDR trace to find the break. The Baltic’s unique exposure to seabed sabotage is a function of geography as much as policy.
The legal framework compounds the vulnerability. Under UNCLOS Articles 113 to 115, enforcement responsibility falls to the flag state of the offending vessel. When that flag is the Cook Islands, Panama, or Tanzania, enforcement is absent in practice. Between January 2024 and July 2025, roughly 44 incidents of cable damage were recorded globally. The baseline of 150 annual faults, mostly from fishing and anchoring accidents, provides cover for the ones that are not accidents at all.
For the full geographic and infrastructure context, read why the Baltic Sea has become the epicentre of undersea cable sabotage.
Why is the Baltic Sea specifically so vulnerable to cable sabotage?
The Baltic Sea is the world’s most exposed cable corridor, and the numbers tell the story: average depth of 55 metres, over 35 cables connecting the bordering countries, 4,000 ships passing through daily, and only three narrow access points through the Danish Straits.
Shallow water is the primary reason anchor-drag attacks work here. An attack in the 4,000-metre-deep Atlantic requires specialised equipment. In the Baltic, a standard commercial anchor and chain are sufficient. The narrow exclusive economic zones force cables into predictable paths through choke points like the Gulf of Finland, where Russian territorial waters sit within tens of kilometres of NATO members’ coastlines. Finland and Sweden’s NATO accession turned the Baltic into what analysts call a “NATO Lake”, with nine of ten bordering countries now alliance members. The cables that connect NATO allies run through water Russia can reach from its home ports. This intersection of geography and infrastructure density is what makes the Baltic uniquely vulnerable.
The timeline of incidents is stark. Ten subsea cables have been cut since 2022, with seven occurring between November 2024 and January 2025. The damaged systems include C-Lion1 (Finland to Germany), BCS East-West Interlink (Lithuania to Sweden), EstLink 2 (the Finland-Estonia power cable), and Balticonnector (the Estonia-Finland gas pipeline). Power cables, gas pipelines, and data cables share the Baltic seabed in corridors sometimes less than a kilometre wide. A single anchor drag can, and has, damaged multiple infrastructure types simultaneously.
Most incidents occur in EEZs, where coastal states have limited enforcement authority over foreign-flagged vessels. Proximity to Russian ports (St. Petersburg, Kaliningrad) means suspect vessels are within hours of a safe harbour. The Red Sea chokepoint at Bab el-Mandeb demonstrates that Baltic vulnerability is not unique. It is the most advanced instance of a global pattern where geography, infrastructure density, and jurisdictional ambiguity create the conditions for sabotage.
Cable landing stations are the attack surface that gets least attention. A single station can terminate multiple cables. Physical security is typically the responsibility of the cable owner, not the state. They are known, fixed, unhardened locations, often in publicly accessible coastal areas. A single station can sever multiple systems at once, and attacking one requires less sophistication than a seabed operation while potentially causing more disruption.
Read the full analysis in why the Baltic Sea has become the epicentre of undersea cable sabotage.
What is Russia’s shadow fleet and how is it used for undersea infrastructure sabotage?
Russia’s shadow fleet is an estimated 600 to 1,600 ageing tankers registered under flags of convenience (Cook Islands, Panama, Liberia) with ownership chains obscured through shell companies. The fleet’s primary purpose is sanctions evasion: transporting Russian crude above the $60 per barrel price cap using Western insurance and shipping services. Around 60% of Russia’s seaborne oil exports use this network.
But the shadow fleet has a dual-use capability. “Russia is transforming the shadow fleet from a system for evading sanctions into an instrument of hybrid warfare,” according to researchers at the German Institute for International and Security Affairs. The operational characteristics that serve sanctions evasion also serve sabotage: poor maintenance makes AIS failure and anchor incidents plausible, flag-of-convenience registration creates jurisdictional fog, and frequent name and ownership changes defeat tracking. The shadow fleet and deep-sea submersible threat represents two distinct operational models converging on the same target set.
The signature method is the anchor-drag attack. A vessel approaches a cable corridor, deactivates its AIS transponder, deploys or extends its anchor, and steams across the corridor. The anchor tears through cables on the seabed, often damaging multiple systems in a single pass. The Baltic’s 55-metre average depth means a standard anchor reaches the seabed easily. The method maintains enough ambiguity about intent to frustrate prosecution because anchors do drag accidentally and AIS transponders do malfunction on poorly maintained vessels.
The Eagle S incident in December 2024 is the most thoroughly documented case. A Cook Islands-flagged tanker linked to Russia’s shadow fleet dragged its anchor across the Gulf of Finland for what investigators estimate was 56 nautical miles, damaging EstLink 2 and four further subsea cables. Finnish authorities seized the vessel. The captain was reportedly instructed via radio to destroy evidence, specifically charts depicting local subsea cable routes. The case was dismissed on jurisdictional grounds: the Helsinki Court interpreted UNCLOS such that jurisdiction lay only with the flag state (Cook Islands) or crew nationality, not Finland.
The Fitburg investigation illustrates the evidence-gathering burden even when suspects are identified. The vessel’s ownership was characteristically opaque: built in Romania, previously named Finex and Volmeborg, owned by a Turkish firm, sailing between Russia and Israel, crewed by Georgians and Kazakhs. Finnish intelligence (Supo) took 19 months from the November 2024 incident to reach a referral stage in June 2026.
There is a more sophisticated track operating in parallel. Russia’s GUGI (Main Directorate of Deep-Sea Research) operates specialised vessels like the Yantar, equipped with deep-sea submersibles capable of accessing cables at depth. In May 2025, Russia deployed an Su-35 fighter jet to overfly a shadow-fleet tanker to deter an Estonian interception attempt, demonstrating willingness to escalate militarily in defence of the fleet’s operations.
Read the full threat actor analysis in how Russia and China target undersea cables.
What is China’s role in undersea cable threats and how does it differ from Russia’s approach?
China’s undersea cable threat profile is different from Russia’s. Where Russia relies on deniable, low-tech anchor-drag attacks through a distributed civilian fleet, China has developed purpose-built deep-sea cable-cutting submersibles, patented by PLA-linked research institutions and field-tested at extreme depths. The two threat models that define undersea cable warfare require fundamentally different defensive postures.
In April 2026, China tested a deep-sea cable-cutting device from the research vessel Haiyang Dizhi 2 at 3,500 metres. The device uses a six-inch diamond-coated grinding wheel spinning at 1,600 RPM, capable of breaching reinforced sheaths at 4,000 metres. This is not a prototype. The PLA Navy’s Institute of Communication Application patented a deep-sea optical cable shear and retrieval device as early as 2013. The PLA Naval University of Engineering patented a cable-retrieval system in 2022 that severs and secures both ends of cut cables simultaneously. This is a decade-plus technology development programme, not a recent improvisation.
The primary theatre is the Taiwan Strait, not the Baltic. Taiwan connects to the global network through just 24 undersea cables: 14 international and 10 domestic. The Matsu Islands incident in February 2023 saw Chinese ships sever two cables, resulting in a 50-day digital blackout for 14,000 residents. In early 2025, Chinese-operated ships dragged their anchors across cables connecting Taiwan. Taiwan sentenced the Chinese captain of the Hongtai 58 to three years in prison, the first time Taiwanese authorities have imposed serious criminal penalties for cable damage. But that prosecution was within territorial waters, not international waters, and is the exception that proves the rule.
The contrast with Russia’s Baltic model is instructive. Russia uses distributed, deniable, low-tech methods for persistent harassment. China is developing centralised, attributable, high-tech capability for a military contingency. Cable sabotage fits into China’s “Three Warfares” strategy: psychological, media, and legal warfare aimed at undermining Taiwan’s will to resist. As Ray Powell, director of Stanford’s Sea Light project, observes: “The entire gray zone is about maintaining just enough deniability that even though the evidence overwhelmingly points to the perpetrator, affected nations cannot definitively prove intent.”
The two theatres are not separate. Chinese-flagged vessels have appeared in Baltic incidents: the Newnew Polar Bear was linked to the October 2023 Balticonnector damage, and the Yi Peng 3 was detained by Denmark in November 2024. The Hudson Institute notes that “the coordinated nature of these incidents, with Chinese vessels targeting European undersea assets in exchange for Russian assistance near Taiwan, suggests that the two regimes are sharing tactics, intelligence, and operational assets.”
Read the comparative analysis in how Russia and China target undersea cables.
How does Distributed Acoustic Sensing turn a fibre optic cable into a seabed monitoring sensor?
Distributed Acoustic Sensing (DAS) transforms existing fibre-optic cable infrastructure into a continuous seabed listening grid. The technology sends laser pulses down unused “dark” fibre strands and analyses the Rayleigh backscatter: microscopic light reflections perturbed by acoustic events like an anchor dragging or a vessel propeller. A 100-kilometre cable becomes 10,000 virtual sensors, each 10 metres long, polling at least 1,000 times per second. This is the foundation of DAS and seabed-to-space surveillance, the most significant technology advance in cable protection.
The operating principle is straightforward. A device called an interrogator sends coherent laser pulses down the fibre. Microscopic impurities in the glass create Rayleigh backscatter. Acoustic sources generate strain waves that perturb the backscatter pattern. Analysis of the perturbation reveals the nature, location, and timing of the acoustic event. The technology can detect vessel trajectory, speed, and depth, with speed estimation errors consistently below 1%.
The strategic advantage is that DAS requires no new seabed hardware. It uses fibre already in place. A single interrogator unit, costing approximately $200,000 or more, can monitor tens of kilometres of cable. SOSUS, the Cold War-era US Navy seabed hydrophone array, proved that persistent undersea monitoring had strategic value. DAS delivers that capability through commercial fibre rather than military hardware.
Finland deployed DAS operationally in June 2026 through telecom operator Elisa, in cooperation with the Finnish Border Guard and Finnish Navy. It is the first real-time cable-protection application of a technology that previously existed only in research and trial contexts. “The protection of undersea infrastructure is a nationally important task,” said Jouni Petrow, Elisa’s Director of New Business. “The recent cable breaks in mind, we have built a solution that provides an early warning of an approaching threat.”
The operational significance is real. Real-time detection means authorities can be alerted while a vessel is still in the cable corridor, creating the possibility of interdiction rather than post-incident investigation. The UK’s STFC Hartree Centre has worked with Indeximate to apply machine learning to DAS data for real-time vessel detection, distinguishing vessel acoustic patterns from environmental noise.
DAS provides the acoustic detection layer. Identification requires integration with AIS tracking, satellite imagery, and surface radar: a seabed-to-space architecture where each layer depends on the others. That integration is what the next section on redundancy builds toward.
Read the full technology explainer in how DAS and seabed surveillance protect undersea cables.
How does cable routing redundancy protect against disruption — and what are its limits?
Route bifurcation (building two or more physically separated cable paths between endpoints) means a single cut does not isolate connectivity. Traffic reroutes automatically via BGP and SDN, and users typically notice nothing. When two Baltic cables were damaged in November 2024, RIPE NCC, Cloudflare, and Kentik all recorded minimal impact on regional internet traffic.
This has been the cable industry’s primary resilience strategy for decades, and it works well for random failures. But the model was designed for accidental damage from anchors, trawling, and earthquakes, not for an adversary who studies cable routes and targets the convergence points. The limits are structural, and the detection and resilience technology now being deployed addresses some but not all of them.
First, cost. Each additional route is a multi-hundred-million-dollar investment.
Second, geography. Narrow corridors force convergence. In the Gulf of Finland, all Finland-Estonia cables share the same narrow path regardless of how many routes exist. Physical separation is not possible when the sea forces cables together. The Bab el-Mandeb chokepoint in the Red Sea creates the same dynamic in a different theatre: geography overrides engineering.
Third, landing station convergence. Bifurcated routes that terminate at the same shore facility create the same single-point failure that redundancy was designed to eliminate. An attacker who knows the landing station locations (they are public information) can achieve with one strike what route diversity was meant to prevent.
The ownership dimension complicates the resilience picture. Hyperscalers (Google, Meta, Microsoft, Amazon) now own or co-own more than 50% of intercontinental cable capacity. Their share of transatlantic capacity has expanded from roughly 10% in 2014 to approximately 90% by 2024. In 2024, hyperscalers accounted for 71% of international capacity used by EU member states. Infrastructure owned by traditional European operators now represents roughly 2% of total transatlantic capacity.
Hyperscalers build redundancy for commercial continuity, and their networks are resilient by design. But their routing decisions optimise for their own traffic, not national resilience. A government concerned with strategic connectivity may have different redundancy requirements than a commercial operator, and the two do not always align.
The global cable repair fleet is itself a bottleneck. Approximately 62 to 75 cable ships exist worldwide. Of 62 vessels tracked, 19 are contracted for maintenance, 26 for installation, and 16 switch between both. None are owned by governments. The global median repair time is approximately 40 days. In favourable Baltic conditions, the full process requires at least 14 days. A single repair vessel can cost over €50 million, and the commercial repair market operates with narrow profit margins: vessels are maintained for routine fault rates, not surge capacity.
Read the full resilience analysis in how DAS and seabed surveillance protect undersea cables.
What is NATO’s Baltic Sentry operation and how does it compare with the EU’s approach?
NATO’s Baltic Sentry, launched in January 2025, is the alliance’s first operation specifically tasked with undersea infrastructure protection. It deploys frigates from multiple member states, P-8 Poseidon and Atlantique 2 maritime patrol aircraft, and 20-plus uncrewed surface vessels conducting persistent surveillance in the Baltic. Task Force X-Baltic (TFX-Baltic), NATO’s experimental unit for uncrewed seabed monitoring, uses USVs and UUVs to extend surveillance coverage beyond what crewed vessels can sustain. Eight Baltic NATO states plus France, the Netherlands, and the US participate. This is the institutional response to seabed warfare that the threat landscape demands.
The operational concept is presence-based deterrence: visible NATO patrols that raise the risk calculus for would-be saboteurs. NATO reports a significant reduction in malicious sabotage between January 2025 and January 2026, with response times dropping from 17 hours to one hour. “Baltic Sentry demonstrates that Allies have the political will and operational capabilities to sustain a collective defence capability,” said Lt. Cmdr. Tim Pietrack of NATO Allied Maritime Command. “We’ve seen 12 boardings under national authorities by allied nations in the past year.”
Several complementary initiatives operate alongside Baltic Sentry. Nordic Warden, under the UK-led Joint Expeditionary Force, focuses on intelligence fusion, data sharing, and AI-enabled vessel tracking rather than operational patrol presence. Baltic Sentry provides the visible deterrent; Nordic Warden provides the intelligence architecture that tells the deterrent where to look. Gotland Sentry is Sweden’s unilateral cable-protection patrol.
The EU takes a different approach. Its Cable Security Toolbox and Action Plan (February 2026) introduced a €347 million subsea infrastructure initiative, the largest EU-level investment to date. The plan operates through regulatory authority and economic levers: vulnerability assessments, repair-capacity coordination, sanctions mechanisms, and diplomatic pressure. The EU’s €20 million Rapid Repair Pilot represents roughly 5.7% of the overall initiative, focused on pre-positioning modular repair equipment in regional ports.
The difference is institutional. NATO operates in the security domain through military means: patrol, deter, interdict. The EU operates in the regulatory and economic domain through civilian means: coordinate, invest, sanction. Neither framework alone is sufficient. NATO can patrol but not regulate. The EU can coordinate but not patrol. Their coordination in practice, across different member-state compositions, decision-making timelines, and legal authorities, remains largely untested.
The US Strategic Subsea Cables Act of 2026 provides the American parallel to the EU’s regulatory approach. It requires the President to impose sanctions against individuals who intentionally damage subsea cables, establishes an interagency committee, mandates threat information sharing with private operators, and requires at least ten dedicated State Department staff for cable diplomacy.
Read the full institutional analysis in NATO’s Baltic Sentry and the global race to secure undersea infrastructure.
Military deterrence vs. legal accountability — which response to cable sabotage has more evidence of effectiveness?
Neither approach has demonstrated effectiveness, but for different reasons. The comparison sits at the heart of the institutional response to seabed warfare that NATO and the EU are racing to build.
Military deterrence through presence-based patrols is proactive. Assets operate in real time, and Baltic Sentry has reduced response times from 17 hours to one hour. NATO reports fewer incidents since the operation launched. But attacks continued after January 2025: the Fitburg incident occurred in December 2025, well into Baltic Sentry’s deployment. The challenge is that presence-based deterrence in a grey-zone context suffers from an ambiguity problem: what exactly are you deterring when the attack is designed to be deniable? The attacker can always claim accident, and the deterrent signal is correspondingly weakened.
Legal accountability is reactive, following the attack, and has produced zero convictions for undersea cable sabotage globally. The Eagle S case, the most thoroughly documented incident with the vessel seized in the act, was dismissed on jurisdictional grounds. The Chinese Yi Peng 3, suspected of cutting two Baltic cables in 2024, was released after brief detention by a NATO member state. This is precisely the attribution and prosecution gap that undermines the entire deterrence architecture.
The problem is not that investigators cannot identify suspects. It is that the gap between intelligence-level certainty and criminal-standard proof is wide, and the UNCLOS framework places enforcement responsibility with flag-of-convenience states that have no incentive to act. “Criminal prosecutions, constrained by jurisdictional and evidentiary hurdles, seem poorly suited to effectively deter future actions or even impose meaningful costs on those responsible,” one legal analysis concluded. “If states rely solely on criminal prosecutions, their success is questionable and failure will embolden further hybrid threat actors.”
Military deterrence at least operates proactively. Legal accountability is structurally reactive, and the reaction, when it comes, has been consistently insufficient. The honest assessment is that neither approach has built a convincing evidence base, and the attackers appear to understand this. Why attribution fails so consistently is the next question.
Read the full comparison in NATO’s Baltic Sentry and the global race to secure undersea infrastructure.
Why is attribution of undersea cable sabotage so difficult to prove?
Attribution is a three-layer problem, and success at one layer does not guarantee success at the next. The attribution and prosecution gap represents the critical failure point in the entire detection-and-response chain.
Technical attribution, which vessel was present, what happened, where, is increasingly robust. DAS detects acoustic signatures in real time. AIS tracking shows vessel movements, including the pattern of transponder deactivation and reactivation that marks a suspicious transit. Satellite imagery confirms vessel positions independently. Anchor-drag forensic analysis matches damage patterns to specific anchors. Technical attribution is not the bottleneck.
Legal attribution, proving intent to a criminal standard, is where most cases fail. Anchor drags happen accidentally. AIS failures are common on poorly maintained vessels. Crew testimony requires international cooperation across jurisdictions that may be uncooperative. Chains of ownership through shell companies obscure beneficial ownership. The forensic indicators of intent (AIS deactivation pattern, course deviation to intersect cable routes, multiple cables struck, shadow-fleet ownership links) are probabilistic, not deterministic. They build a pattern that convinces intelligence analysts but may not satisfy a criminal court’s “beyond reasonable doubt” standard. The Eagle S demonstrated most of the intent indicators and was still dismissed because the Helsinki Court ruled jurisdiction lay only with the flag state or crew nationality.
Political attribution, which state is responsible and what response is appropriate, can fail even when the first two layers succeed. States may choose not to escalate a grey-zone incident to avoid broader confrontation. The Yi Peng 3 case demonstrated this: diplomatic negotiations between Denmark, China, Sweden, Finland, and Germany produced paralysis rather than action. Finnish intelligence Supo publicly stated in March 2026 that investigations found “no evidence of deliberate Russian state activity,” a view its director described as “broadly shared in the other European intelligence community.” That assessment sits in tension with the US Congress’s characterisation of deliberate state-sponsored sabotage. The intelligence community itself cannot agree on what the evidence means.
As Ray Powell of Stanford’s Sea Light project puts it: “China and Russia will continue this behavior because they calculate that the consequences will not be severe enough to warrant stopping.” That calculation, as of mid-2026, appears to be correct.
Read the full attribution analysis in why undersea cable saboteurs almost never face justice.
What is the resilience dilemma — and when does hardening infrastructure make sabotage harder to prosecute?
The resilience dilemma is the paradox that measures which make cable infrastructure more resilient simultaneously weaken the legal case against saboteurs. If a cut cable causes no user-visible outage because traffic rerouted seamlessly, what was the harm? If rapid repair disturbs or removes seabed evidence before investigators can examine it, what can be proven? If operators do not immediately notice a cut because automatic rerouting masks it, when was the crime? This is the core tension that the attribution and prosecution gap analysis explores in full.
Walk through each dimension. Route bifurcation: a cut cable causes no user-visible outage. Traffic reroutes in milliseconds, users notice nothing, and the legal question “what harm was caused?” becomes difficult to answer with the specificity a court requires. Rapid repair: the EU’s €20 million Rapid Repair Pilot aims to accelerate recovery, but faster recovery reduces the window for forensic examination and may disturb or destroy seabed evidence during the retrieval process. Automatic rerouting: operators relying on automated systems may not detect a cable cut for hours or days, creating uncertainty about the time of the offence that complicates the evidentiary chain.
The Finnish court’s Eagle S dismissal illustrates the problem directly. As CEPA’s analysis noted, the case “highlights the ‘resilience dilemma’: countries’ efforts to protect and harden their undersea infrastructure, and to build in redundancy, can make it harder to make a case against bad actors.”
The dilemma creates a self-reinforcing strategic feedback loop. Detection technology works: DAS can identify an anchor drag in real time. Institutional machinery is mobilising: Baltic Sentry, the EU Cable Security Toolbox, the Strategic Subsea Cables Act. But the resilience measures that make the network robust against disruption simultaneously undermine the legal basis for prosecution. Without prosecution there is no meaningful deterrence. Without deterrence, the incentive to invest in resilience increases, feeding back into the loop. The deterrence strategies that depend on fixing attribution remain unproven until the legal dimension is resolved.
This is not a theoretical concern. It is the operational reality of every Baltic cable cut since 2023: the network stayed up, users noticed nothing, and the legal basis for prosecution was weakened. The more resilient the network, the harder it is to establish that a prosecutable offence occurred.
There is a parallel tension in the strategic debate. The same interconnection that securitisation advocates frame as vulnerability has, in practice, functioned as resilience. Dense, redundant networks enable rerouting and limit disruption. Connectivity, not bifurcation, underwrites resilience. Fragmentation risks brittleness. But the resilience that interconnection provides is precisely what frustrates prosecution. The dilemma is not resolvable by choosing one approach over the other. It is built into the architecture.
Read the full legal analysis in why undersea cable saboteurs almost never face justice.
Resource Hub: Undersea Cable Security Deep Dives
Understanding the Attack Surface
Why the Baltic Sea Has Become the Epicentre of Undersea Cable Sabotage. Examines the geographic choke points, seabed infrastructure density, and jurisdictional patchwork that make the Baltic the world’s most exposed cable corridor. You will understand the timeline of incidents since 2022, why shallow-water geography enables low-tech attacks, and why cable landing stations represent an overlooked single-point failure.
Shadow Fleets and Deep-Sea Submersibles: How Russia and China Target Undersea Cables. Analyses the two distinct threat models: Russia’s shadow fleet and deniable anchor-drag campaign versus China’s purpose-built deep-sea submersible capability. You will understand the Eagle S case, the operational methods used in each theatre, and why the two threat models require different defensive postures.
Detection, Resilience, and Institutional Response
How Distributed Acoustic Sensing and Seabed Surveillance Protect Undersea Cables. Explains the technology transforming cable protection: DAS, seabed-to-space situational awareness, and the repair logistics that determine whether a cut cable is a nuisance or a crisis. You will understand how Finland’s June 2026 operational deployment works, why the global repair fleet is a strategic bottleneck, and where routing redundancy succeeds and where it fails.
NATO’s Baltic Sentry and the Global Race to Secure Undersea Infrastructure. Evaluates the institutional mobilisation and strategic debates: Baltic Sentry, the EU Cable Security Toolbox, the US Strategic Subsea Cables Act, and the competing frameworks of military deterrence, regulatory coordination, securitisation, and cooperative interconnection. You will understand the evidence for and against each approach and the trade-offs that policymakers face.
The Accountability Gap
Why Undersea Cable Saboteurs Almost Never Face Justice. Exposes the failure point in the entire detection-and-response architecture: the legal framework that makes prosecution structurally improbable. You will understand the UNCLOS enforcement gaps, the three-layer attribution problem, the resilience dilemma that weakens the legal case as infrastructure improves, and why, as of mid-2026, no cable saboteur has been convicted.
Suggested reading order: Start with the Baltic vulnerability backgrounder to understand the geography and stakes, then the threat actor analysis to see who is operating and how. The detection and institutional response articles build on that foundation. The legal analysis serves as the capstone that exposes the unresolved strategic tension.
Frequently Asked Questions
How many undersea cables cross the Baltic Sea and how much traffic do they carry?
The Baltic Sea hosts over 35 cable systems, ranging from high-capacity transcontinental links like C-Lion1 (Finland to Germany) to regional systems connecting Nordic and Baltic states. There is no single authoritative public count, but the density is among the highest of any sea basin globally relative to its size. The cables carry financial transactions, cloud-computing traffic, military communications, and consumer internet for the entire Nordic-Baltic region. For the foundational infrastructure context, see the Baltic vulnerability analysis.
How has China actually been involved in undersea cable incidents?
Chinese-flagged or Chinese-linked vessels have been implicated in both the Baltic and Taiwan theatres. In the Baltic, the Newnew Polar Bear (Hong Kong-registered, Chinese-owned) was linked to the October 2023 Balticonnector damage, and the Yi Peng 3 (Chinese-flagged) was detained by Denmark in November 2024. In the Taiwan Strait, the Hongtai 58 severed a cable connecting Taiwan and Penghu Islands in February 2025. Separately, PLA-linked research institutions have developed and tested purpose-built deep-sea cable-cutting submersibles. For the full threat profile, see the shadow fleet and submersible analysis.
Can undersea cables be repaired, and how long does it take?
Yes. Cables are repaired by a global fleet of approximately 60 to 75 specialist ships (roughly 20 of which are contracted for maintenance) using a well-established process: OTDR fault localisation, grapnel retrieval from the seabed, precision fibre splicing aboard the vessel, and redeployment. The timeline ranges from 48 hours in favourable conditions to several weeks for remote deep-water locations, with a global median of approximately 40 days. The repair fleet (commercially operated, mostly built in the 1990s to 2000s, with no government-owned surge capacity) is itself a strategic bottleneck. For the full repair process, see the detection and resilience explainer.
What would be the economic consequences of a coordinated, large-scale undersea cable disruption?
No comprehensive economic model exists for a multi-region coordinated cable disruption. The most cited single-region estimate, for Taiwan, projects losses of approximately $55 million per day and $1.69 billion per month. Equivalent modelling for a Baltic Sea, Red Sea, or transatlantic scenario has not been published. The financial transaction volume alone (SWIFT and interbank settlement traffic that transits undersea cables) suggests the daily cost of a coordinated disruption across multiple chokepoints would be measured in billions, not millions. For the economic stakes, see the institutional response analysis.
What is “weaponised interdependence” and how does it apply to undersea cables?
Weaponised interdependence, the framework developed by Henry Farrell and Abraham Newman, describes how states can exploit the global networks they are embedded in, using panopticon effects (surveillance through infrastructure access) and chokepoint effects (denial by controlling critical nodes). Applied to undersea cables, the framework explains why interconnection creates vulnerability: the same network architecture that makes the global internet work also creates chokepoints that states can exploit. This informs the debate over whether the right response is to withdraw into trusted corridors or to strengthen multilateral governance. For the full strategic analysis, see the institutional response comparison.
Has anyone ever been prosecuted for undersea cable sabotage?
No. No individual or organisation has been successfully prosecuted for deliberate undersea cable sabotage in any jurisdiction. The Eagle S case, the most thoroughly documented incident with the vessel seized in the act, was dismissed on jurisdictional grounds. Taiwan sentenced the Chinese captain of the Hongtai 58 to three years in prison for the Penghu cable severance, but that prosecution was for violating Taiwanese law within its territorial waters. It is the closest any case has come to accountability. For the full legal framework, see the prosecution gap analysis.
What is the difference between Baltic Sentry and Nordic Warden?
Baltic Sentry is a NATO operation launched in January 2025: a multinational military deployment of frigates, maritime patrol aircraft, and uncrewed surface vessels conducting persistent surveillance in the Baltic Sea. Nordic Warden is a complementary but distinct initiative under the Joint Expeditionary Force (JEF), a UK-led minilateral grouping of Nordic and Baltic states that focuses on intelligence fusion, data sharing, and alerting rather than operational patrol presence. Baltic Sentry provides the visible deterrent; Nordic Warden provides the intelligence architecture that tells the deterrent where to look. For the full operational comparison, see the institutional response analysis.
How much does undersea cable protection cost, and who pays for it?
There is no single answer. Cable protection costs are distributed across private operators, national governments, and multilateral institutions. Cable owners bear the costs of repair (typically AU$1.5 to 3 million per operation, largely covered by insurance) and redundancy (each additional route is a multi-hundred-million-dollar investment). Governments fund surveillance (Baltic Sentry’s rotating member-state contributions) and regulatory infrastructure (the EU’s €347 million cable security initiative, including a €20 million Rapid Repair Pilot). DAS represents a relatively low marginal cost since it uses existing fibre, but the sensor fusion architecture that makes it actionable requires ongoing investment. For the cost-effectiveness comparison, see the institutional response analysis.
