Along with Africa and the Arctic, add the growing tensions between the U.S. and China about undersea cable deployment and seabed warfare to your geopolitical tracking, risk awareness, and strategic impacts for your business or organization. Find an overview of the core issues, tensions, and What’s Next? here.

Background

Image Source: Jayne Miller, “The 2020 Cable Map Has Landed,” TeleGeography Blog, June 16, 2020, https://blog.telegeography.com/2020-submarine-cable-map.

“The goal…is to prevent foreign adversaries…from increasing ownership and control of this key economic and telecommunication infrastructure.”

• Undersea telecommunication cables enable consumers, businesses, and governments, including the military, to communicate with each other and access the Internet.
• Private and state-owned telecommunication and technology companies operate about 486 undersea telecommunication cables, which connect every continent except Antarctica.
• These privately owned cables carry about 99% of transoceanic digital communications (e.g., voice, data, internet), including trillions of daily international financial transactions, and serve as the backbone for the global internet. (1)
• Undersea cables are a vital part of global communication infrastructures, with 99 percent of all transoceanic digital communications transporting data like the internet through these fiber optics cables. 
• This technology has added $649 billion to the U.S. economy in 2019 alone and enables transactions worth more than $10 trillion every day within the American financial sector.
• In February [2023], American subsea cable company SubCom LLC began laying a $600-million cable to transport data from Asia to Europe, via Africa and the Middle East, at super-fast speeds over 12,000 miles of fiber running along the seafloor.
• That cable is known as South East Asia–Middle East–Western Europe 6, or SeaMeWe-6 for short. It will connect a dozen countries as it snakes its way from Singapore to France, crossing three seas and the Indian Ocean on the way. It is slated to be finished in 2025. (2)
• In March 2023,  The U.S. House of Representatives…passed…bipartisan legislation to protect American superiority in undersea cable capabilities from China’s economic and military reach.  The Undersea Cable Control Act would require the Biden Administration to develop a strategy to limit foreign adversaries like China from accessing goods and technologies capable of supporting undersea cables and establishing agreements with allies and partners to do the same.
• The Undersea Cable Control Act aims to prevent China from acquiring American-made goods and technologies that are used in developing and supporting undersea cables.  This legislation invokes the Export Control Reform Act – specifically Section 1752 – to restrict the export of items that could prove detrimental to the national security and the economy of the United States.  The goal of the legislation is to prevent foreign adversaries, like China, from increasing ownership and control of this key economic and telecommunication infrastructure.

Seabed Warfare and National Security

“…the threat of these vulnerabilities being exploited is growing. … The threat is nothing short of existential.”

Undersea cables have two types of vulnerabilities: physical and digital. The most common threat today is accidental physical damage from commercial fishing and shipping, or even from underwater earthquakes. The U.S. government has studied the security of commercial undersea telecommunication cables in the past. A 2017 report sponsored by the Office of the Director of National Intelligence (ODNI) found that the majority of disruptions are caused by human activity (e.g., fishing, anchoring, dredging) and natural disasters.  However, undersea cables could also be targeted by states wishing to sabotage the economies of their rivals:

• In the past few years, as China continues to finance its state-run companies and their infrastructure projects globally as a part of the Belt and Road Initiatives, Chinese companies like Huawei and China Telecom have built undersea cables on every continent except for Antarctica. 
• While the United States still has fiber optic technology that’s more advanced than China does, the prolific installments of undersea cables by Chinese companies have raised economic and security concerns globally.
• Subsea cables…are now central to the U.S.-China tech war. Washington, fearful of Beijing’s spies, has thwarted Chinese projects abroad and choked Big Tech’s cable routes to Hong Kong.  (3) 
• Recent damage and threats to commercial undersea telecommunication cables have raised concerns among U.S. officials and experts over the security of commercial undersea telecommunication cables.  (1)
• Currently, more than 95% of the traffic coursing through the global internet is carried by just 200 undersea fiber-optic cables, “some as far below the surface as Everest is above it, ”  according to retired Navy Admiral James Stavridis in the forward to a 2017 report, “Undersea Cables: Indispensable, Insecure,” which raised alarms about the extreme vulnerabilities of the seabed commercial networks. 
• Six years after that report was published, Stavridis told USA TODAY, “I am more concerned now than I was in 2017 about the dangers of an attack on undersea cables.”
• An all-out attack on undersea cable infrastructure would cause “potentially catastrophic” damage to the U.S. and its allies, and their ability to transmit confidential information, conduct financial transactions, and communicate internationally.
• The U.S. − and its allies and adversaries − are focusing on this potential threat from an offensive as well as a defensive standpoint, according to Stavridis and other experts, including a U.S. naval analyst. They are also tapping into the telecommunications cables as valuable sources of intelligence.
• Seabed warfare dates back to at least World War I, when Britain secretly cut German cables laid deep in the English Channel, forcing Germany to use long-distance radio transmissions that were intercepted.
• The U.S. Navy also has a rich history of deep-sea military activity. It tapped Soviet communications networks in the 1970s, according to experts interviewed by USA TODAY, including the U.S. naval analyst in Washington.
•  the threat of these vulnerabilities being exploited is growing. … The threat is nothing short of existential., including deepwater oil drilling and, more recently, mining for precious metals and other resources. (5)
• Whether from terrorist activity or an increasingly bellicose Russian naval presence, the threat of these vulnerabilities being exploited is growing. … The threat is nothing short of existential. (4) 

Threats to Undersea Telecommunication Cables

Intentional Damage to Undersea Telecommunication Cables

Some in Congress have expressed concerns over intentional damage to commercial or government-owned undersea telecommunication cables by foreign adversaries and bad actors seeking to disrupt communications or gather personal, corporate, or government information.  In 2017, ODNI reported that while there had been few reported attacks on undersea telecommunication cables, some had been long-lasting and impactful. In 2007, Vietnamese pirates stole optical amplifiers, disabling a cable system for 79 days.  In 2013, a diver intentionally cut the South East Asia-Middle East-Western-Europe 4 (SMW 4) cable, affecting several service providers,and slowing internet speeds by 60% in Egypt. 

The ODNI report stated that signal rerouting technologies, redundancies in cable lines, and networks of repair ships had increased the resiliency of undersea cable networks and reduced the potential that a single cut would cause widespread outages.  Further, it asserted that simultaneous attacks against multiple cables could cause “serious long-term disruption,” but are difficult to carry out. Some North Atlantic Treaty Organization (NATO) defense officials and other foreign affairs analysts have expressed concern that Russia could cut commercial undersea telecommunication cables to disrupt communications.  In 2017, U.S. Navy Rear Admiral Andrew Lennon,  commander of NATO’s submarine forces at the time, reportedly stated, “We are now seeing Russian underwater activity in the vicinity of undersea cables that I don’t believe we have ever
seen … Russia is clearly taking an interest in NATO and NATO nations’ undersea infrastructure.” 

In 2018, one media outlet, citing a Russian parliamentary publication, reported on Russian capabilities to tap top-secret communication cables, cut undersea cables, and jam underwater sensors.  According to an industry expert, “If somebody knew how these systems worked and if they staged an attack in the right way, then they could disrupt the entire system.  But the likelihood of that happening is very small.” 

Cyberattacks

Global internet and telecommunications traffic is routed and transported through the undersea telecommunication cable network using advanced information and communication technologies and network management software, making the system vulnerable to cyberattacks. A 2021 think tank report notes that “more companies are using remote management systems for submarine cable networks—tools to remotely monitor and control cable systems over the Internet—which are cost-compelling because they virtualize and possibly automate the monitoring of cable functionality.” 

However, these tools (e.g., software, and remote management systems) may create new risks to cable security and resilience.   Hackers could access cables through network management systems to skim personal or financial information, hold network management systems hostage until operators pay ransom, or cause widespread disruption in communications.  In April 2022, the U.S. Department of Homeland Security Investigations (DHSI) reportedly thwarted a cyberattack on a network of a company that manages an undersea telecommunication cable that provides internet and mobile phone services in Hawaii and in countries across the Pacific region. 

DHSI officials attributed the attack to an international hacking group, but were not certain of the intent—whether the attacker intended to access business or personal information, hold the system for ransom, or to disrupt communications.69 DHSI reportedly worked with law enforcement agencies in several countries to make an arrest.  (1)

The War Beneath the Seas

 

Image Source: Data from TeleGeography’s Submarine Cable Map website – Atlantic Council

 

Source of Charts:  Atlantic Council  

 

As reported by Reuters, with tons of previously unreported information, and definitely worth a full review.  You can find the investigative report here.  A summary: 

• A Chinese company that has quickly emerged as a force in the subsea cable-building industry – HMN Technologies Co Ltd – was on the brink of snagging that contract three years ago. The client for the cable was a consortium of more than a dozen global firms. Three of China’s state-owned carriers – China Telecommunications Corporation (China Telecom), China Mobile Limited and China United Network Communications Group Co Ltd (China Unicom) – had committed funding as members of the consortium, which also included U.S.-based Microsoft Corp and French telecom firm Orange SA, according to six people involved in the deal.
• HMN Tech, whose predecessor company was majority-owned by Chinese telecom giant Huawei Technologies Co Ltd,  was selected in early 2020 to manufacture and lay the cable, the people said, due in part to hefty subsidies from Beijing that lowered the cost. HMN Tech’s bid of $500 million was roughly a third cheaper than the initial proposal submitted to the cable consortium by New Jersey-based SubCom, the people said.
• The Singapore-to-France cable would have been HMN Tech’s biggest such project to date, cementing it as the world’s fastest-rising subsea cable builder, and extending the global reach of the three Chinese telecom firms that had intended to invest in it.

Source of Images: reuters.com 

• But the U.S. government, concerned about the potential for China to spy on these sensitive communications cables, ran a successful campaign to flip the contract to SubCom through incentives and pressure on consortium members.
• Reuters has detailed that effort here for the first time. It’s one of at least six private undersea cable deals in the Asia-Pacific region over the past four years where the U.S. government either intervened to keep HMN Tech from winning that business or forced the rerouting or abandonment of cables that would have directly linked U.S. and Chinese territories. The story of those interventions by Washington hasn’t been previously reported.
• SubCom had no comment on the SeaMeWe-6 battle, and HMN Tech did not respond to requests for comment. In a statement last year about infrastructure projects, the White House briefly noted that the U.S. government helped SubCom to win the Singapore-to-France cable contract, without giving details. China’s foreign ministry did not respond to requests for comment. China Telecom, China Mobile, China Unicom and Orange did not respond to requests for comment. Microsoft declined to comment.
• Undersea cables are central to U.S.-China technology competition.  Across the globe, there are more than 400 cables running along the seafloor, carrying over 95% of all international internet traffic, according to TeleGeography, a Washington-based telecommunications research firm. These data conduits, which transmit everything from emails and banking transactions to military secrets, are vulnerable to sabotage attacks and espionage, a U.S. government official and two security analysts told Reuters.
• The potential for undersea cables to be drawn into a conflict between China and self-ruled Taiwan was thrown into sharp relief last month. Two communications cables were cut that connected Taiwan with its Matsu islands, which sit close to the Chinese coast. The islands’ 14,000 residents were disconnected from the internet.
• Taiwanese authorities said they suspected a Chinese fishing vessel and a Chinese freighter caused the disruption. However, they stopped short of calling it a deliberate act and said there was no direct evidence showing the Chinese ships were to blame. China, which considers Taiwan a breakaway province, has ratcheted up military and political efforts to force the island to accept its dominion. (5) 

Source of Images: reuters.com 

What Next?

The Future of Seabed Warfare “Deep Tech” (no pun intended) 

• The U.S. Navy is building its most expensive spy submarine ever, a $5.1 billion high-tech vessel that would patrol the deepest reaches of the ocean and deploy mini-subs and drones that can battle hostile forces while withstanding the crushing pressure of the ocean depths.
• This proposed successor to the USS Jimmy Carter – a nuclear-powered spy submarine filled with robots and specialized ships and divers – is just one of Washington’s secret initiatives aimed at protecting America’s commercial and security interests deep under the sea. It has become an especially urgent priority after last year’s suspected attacks on the Nord Stream gas pipelines, which carry gas from Russia to Germany.”

Image Source:  Naval News

• Preliminary work on the submarine is already underway at the General Dynamics Electric Boat shipyard in Groton, Connecticut, according to the U.S. naval analyst, the Congressional Research Service and trade publications like NavalNews.com.
• It likely will be a modified submarine capable of acting as a “mothership” for underwater vehicles, remotely operated ships (known as ROVS) and other things that can easily maneuver around the seafloor.
• According to Pentagon budget documents and a congressional report on this sub, It will cost roughly $5.1 billion; a standard submarine in the same category cost $3.45 billion in 2021.
• And like the USS Jimmy Carter, the new sub would be able to cut and tap undersea fiber optic communications cables itself.
• One report to Congress by the Navy’s Undersea Warfare Directorate said that by 2025, the Navy hopes to have new technologies operational, including “counter-unmanned underwater vehicle (UUV) warfare, electromagnetic maneuver warfare (and) non-lethal sea control, and seabed warfare.”
• The three leaders including Asst. Navy Secretary Frederick Stefany, said the Navy is investing heavily “in a family of Unmanned Undersea Vehicles (UUVs)” that will expand its undersea reach and capability.
• They said the Navy remains committed to completing the Orca, an extra-large unmanned undersea vehicle that can lay mines, conduct surveillance and engage in Special Operations offensive warfare missions.
• The Navy wants to deploy five of the massive robotic submarines to do the dangerous job of laying undersea mines. And though the Navy has cited that as an urgent priority, the effort is more than 3 years behind schedule and has exceeded costs by at least $242 million, according to a U.S. Government Accountability Office report last September.
• Another vehicle known as the Snakehead, or “Large Displacement Unmanned Undersea Vehicle” (LDUUV), also aims to support U.S. subsea and seabed warfare and has been undergoing in-water testing, the three Navy leaders wrote.  “The LDUUV program aimed to address a critical gap with increased depth, endurance, and payload capacity,” they said, but it has been put on hold, at least temporarily, “to support higher Navy priorities.
• And a third, the MK 11 SDV, can clandestinely ferry Navy SEAL teams to conduct offensive and defensive operations against China in contested areas. 
• According to Peter Singer, an adviser to the U.S. military and “future of warfare,” strategist at the New America think tank in Washington, D.C.:  “War is a human endeavor. And if humans are moving activities onto the seabed, war will follow.” 
• The U.S. military is trying to take advantage of technological breakthroughs like artificial intelligence to substitute machines for human beings wherever possible.   According to Singer, DoD is developing unmanned or drone capabilities for use in air, land, and sea environments known as the Three D’s: 
  • If they’re dull, or something that happens over a long period of time;
  • dirty, if it’s an environment that’s hard for humans to operate in; and
  • Dangerous, if the mission comes with a high risk to human life. 

“And seabed warfare is almost a definition of those three,” Singer said.  (5)

 

Image Source:  reuters.com

“The U.S. and its adversaries – especially Russia and China – are scrambling for dominance.”

A report by the Atlantic Council – Cyber defense across the ocean floor: The geopolitics of submarine cable security – offers eight concrete recommendations for the US government, working with the US private sector and allies and partners worldwide, to better protect the security and resilience of the world’s undersea cables: 

• For all the attention paid to communications technologies like satellites or 5G cellular networks, the vast majority of global Internet communications still travel through metal-encased, fiber-optic tubes laid along the ocean floor.
• Much of this infrastructure is multi-owned by consortia of private and state-controlled firms.
• Three trends, however, are accelerating risks to the security and resilience of undersea cables:
  • First, authoritarian states are reshaping the Internet’s physical topology and digital behavior through companies, introducing new possibilities of espionage and disruption, and reshaping the Internet infrastructure to favor their Internet governance models.
  • Second, more cable owners are linking cable landing stations to remote network management tools, which exposes cables to hacking and disruption; and
  • Third, there is not just a growing volume of data traversing undersea cables…the sensitivity of that data is also increasing. Explosive growth in cloud computing has led more critical sectors, from defense to health to finance to supply and logistics, to transition their data and services to the cloud. In the process, more and more sensitive information, vital to everything from global financial markets to public health, is transmitted over undersea cables.  This makes securing the cables and ensuring their resilience, an urgent issue for the US government in cooperation with allies, partners, and the private sector.
  • The growing centralization of new, US-connected cable infrastructure in the hands of a few cloud service providers (Amazon, Google, and Microsoft), as well as Facebook, increases the urgency of ensuring proper investment in security and resilience. Key policy issues include:
    • Fast Repairs: The increasing volume and sensitivity of data routed over submarine cables means security compromises and service disruptions can inflict even greater harm on economic and national security. Coordinating the quick repair of these cables is often difficult for private companies working with consortia of other cable owners incorporated in a range of countries. 
    • Outage Reporting: Cable outages occur for many reasons, most often not malicious: weather events, ship collisions, and other incidents can physically damage cables; power outages and other electrical or digital problems can likewise disrupt cable operations. The FCC focused additional resources on monitoring such events in 2016, but there is still more work to be done to ensure that cable outages are communicated—and responses are coordinated—in the most efficient and effective ways possible. 
    • Norms: Undersea cables are already vulnerable to espionage and cyberattack, and this is especially true with poorly secured and Internet-connected remote cable management tools. If badly secured, these systems are more susceptible to compromise and with even less advanced capabilities. In response, the Department of State should strengthen international norms against nation-states damaging or disrupting undersea cables.

But even with the influence the US private sector has on global cable development, the private sector cannot go it alone. Poor market incentives for robust security—combined with new threats and an internationally collaborative system of cable construction and management—meaning the US government must also better engage with allies and partners to protect the security and resilience of this submarine cable infrastructure. To this end, [the Atlantic Council] report makes the following recommendations for the US government, along with the private sector and allies and partners, to better protect the security and resilience of submarine cables:

The US Congress should statutorily authorize the US executive branch body responsible for monitoring foreign-owned telecoms in the United States for security risks: the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector (formerly the informal Team Telecom).   This would provide it with the necessary funding, review authority, and formal structure to better screen foreign telecoms that own cables. The newly renamed organization is a coordinating entity between several federal agencies, with the FCC playing a key role on the telecom referral and licensing side, and the Department of Homeland Security (DHS) and the DOJ playing a key role on the security review side. 

The US Congress should conduct a study, starting no earlier than one year into the program’s launch, on the Cable Ship Security Program that was authorized in the National Defense Authorization Act (NDAA) for 2020.  The Department of Transportation is currently in the process of standing up the program with two vessels so that government-authorized, privately owned ships are on standby to repair damaged submarine cables relevant to US national security.  This program, therefore, helps ensure that alongside commercial investment in cable resilience, the US government is taking steps to repair damaged submarine cables more quickly than they might otherwise be if left entirely up to the private sector.

The US executive branch should create and promote the use of security baselines and best practices for cable remote network management systems. More cable owners are deploying Internet-connected industrial control systems to remotely manage complex cable infrastructure. These systems could be remotely compromised to disrupt or deny the delivery of Internet data across cables, a risk compounded by the poor market incentives for developers of these technologies to legitimately prioritize cybersecurity. As such, the National Institute of Standards and Technology (NIST) should create a set of security standards and best practices for vendors that build cable remote network management systems, and for the submarine cable owners that ultimately deploy those technologies at cable landing stations. NIST’s deep technical expertise and widely respected framework-creation process make it well-suited to craft a list of security standards and best practices for the private sector. Then, the US executive branch, particularly large and influential agencies like the Department of Defense, should consider adopting those security baselines and best practices into procurement requirements for any companies doing business with the federal government that also own undersea cables carrying US, and likely US government, data. If the US government is going to have more of its data routed over the global Internet via the public cloud in the coming years, it should be invested in protecting the security and resilience of the remote technologies that manage the underlying infrastructure because their compromise could have serious effects on economic and national security.

The Federal Communications Commission should invest more resources in promoting and maintaining federal interagency cooperation on resilience threats to submarine cables. While this has been an FCC effort for several years now, the growing threats to undersea cable security and resilience make this internal federal coordination an even higher priority. The FCC should focus on such measures as information sharing on resilience threats and continued reassessments of the effectiveness of outage reporting requirements, which were expanded in March 2020.  The agency should also work with state and local authorities to integrate cable resilience best practices into permitting decisions, which would create stronger incentives for cable owners to invest in protecting cable resilience.  FCC action here can help identify risks, take mitigating steps as necessary, and forge better coordination mechanisms with the private sector (including through ISACs discussed below). Preventing disruptions to cable operation can support the delivery of Internet data and thus economic and national security.

The Department of State should pursue confidence-building measures to strengthen international norms against nation-states damaging or disrupting undersea cables. The political will for any kind of international legal treaty to protect submarine cables is limited: It is difficult to imagine Beijing and Moscow signing onto any agreement that would tie their own hands vis-à-vis disruptively interfering with physical cable infrastructure, whether for strategic, conflict, or domestic repression purposes. The United States could pursue such legal agreements in bilateral or limited multilateral capacities, such as within the NATO bloc, which could communicate a commitment from global, open internet countries to not disrupt submarine cables. 

The Department of State should also conduct a study on ways to better integrate undersea cables into cyber capacity-building and foreign assistance programs for infrastructure worldwide, focused on security and resilience questions. Disruptions of undersea cables abroad can still undermine US economic and national security by cutting or slowing Internet connectivity to other parts of the world, and even hindering data flows to the United States. These cable disruptions can also undermine human rights, the free flow of information, and economic and national security in ally and partner countries. The Department of State should, therefore, conduct a study on ways to make this issue a more integral part of its cyber capacity-building and foreign assistance work with allies and partners. Options might include working with other governments to establish cable repair programs in their own countries, working with other governments and their private sectors to understand key risks to cable resilience, and working to ensure other governments are making fast repair and resilience requirements a key part of authorizing undersea cable construction within their jurisdictions. Boosting resilience in cable infrastructure can promote a more secure and global Internet for all.

US-based submarine cable owners should work with federal, state, and local authorities to establish public-private ISACs as threats to their submarine cable infrastructure grow.  Industry-specific ISACs across sectors like health, energy, and finance have become integral mechanisms through which companies share cybersecurity threat information with other firms through established and confidential channels. Though many submarine cable owners are members of these and other ISACs, no ISAC exists specifically for threat sharing among submarine cable owners. Yet as more submarine cable owners deploy remote network management systems, directly connected to the Internet, to manage complex cable infrastructure, they are introducing new levels of cybersecurity risk: malicious actors could hack into these systems to disrupt cable signals. There are also many risks posed to cables that are distinct from those posed to other parts of those owners’ businesses (e.g., cloud platforms, cellular networks). US-based submarine cable owners should, therefore, establish ISACs where they can share cybersecurity threat information with one another to collectively protect submarine cable security and resilience and to increase their available intelligence for making corporate cybersecurity decisions. They should work as well with federal authorities, including the FCC and DHS, particularly the Cybersecurity and Infrastructure Security Agency (CISA), as well as state and local officials, to ensure the government also has requisite threat information to make determinations about particular cables that pose unique security risks or cables whose compromise would seriously undermine US economic and national security. That said, a key issue with threat sharing is liability. CISA’s liability protections for information sharing cover private firms giving information to DHS, but the federal government should consider expanded liability protections such that private companies can also share cable threat information with, at a minimum, those in the FCC, DOJ, and intelligence community that (in addition to DHS) are presently the driving force behind cable security reviews. Other factors can hinder threat sharing, such as a perceived lack of a business case for doing so, but this may be one way to help encourage it.

Amazon, Facebook, Google, and Microsoft, whose investment in submarine cables worldwide is rapidly growing, should craft and publish strategies for protecting the security and resilience of their cable infrastructure. Information historically sent on back-end systems in energy, health, financial, defense, and transportation sectors is increasingly transmitted to and from the public cloud. These four US companies are also increasingly investing in building and maintaining the submarine cables which route that and other Internet data. As such, they have an elevated responsibility to protect these systems’ security and resilience: they have a direct ownership stake in the infrastructure and profit from it. Their increased focus on cable security and resilience should include such measures as greater investment in securing remote network management systems, greater investment in physically securing cable landing stations, more comprehensive plans for quickly repairing and restoring cables in the event of damage or disruption, and building and maintaining robust cable threat-sharing partnerships with one another, as well as with the US government and its allies and partners. (6)

For OODA Loop News Briefs on this topic, see Undersea Cables | OODA Loop. 

https://oodaloop.com/archive/2022/09/28/russian-attack-on-undersea-energy-infrastructure-means-businesses-should-prepare-for-more-infrastructure-attacks-including-space-and-undersea-comms/

https://oodaloop.com/archive/2023/05/01/seven-crucial-global-power-shifts-displacements-risks-and-uncertainties-playing-out-in-sudan/

https://oodaloop.com/archive/2023/01/18/how-has-the-war-in-ukraine-changed-the-geopolitics-of-the-new-arctic/