Critical Maritime Infrastructure is the New War Frontier

At least 11 Baltic cables have been damaged since October 2023, according to Time, making some suspect deliberate targeting. The events in the Baltic Sea point to a new typology – shallow-water sabotage that can be quickly carried out by any vessel and is meant to inflict physical damage. The speed makes these attacks difficult to anticipate and prevent.

CNN referred to critical underwater infrastructure as “Europe’s unexpected Achilles’ heel,” following a string of incidents since 2022. “So far, the impact on Europe’s natural gas, electricity and data flows has been fairly limited. But a concerted attack on data cables could paralyze many nations’ communications networks, jeopardizing hospital surgeries, police responses and more.” 

There is a growing understanding of just how much is at stake for countries and companies around the world. 

Protecting critical maritime infrastructure is vital for both governmental and commercial organizations, due to the cables’ essential role in global connectivity and economic stability. Submarine cables are responsible for carrying approximately 95% of all international data, enabling global communications, financial transactions, and operational logistics across industries. 

Additionally, energy pipelines and underwater power grids that form part of the maritime infrastructure are critical for maintaining energy security and stability, making their protection a top priority for governments and businesses alike.

Illicit actors are highly motivated to strike, in part because most critical underwater cables and pipes are vulnerable – stakeholders don’t yet know how to effectively protect them. 

As the great power competition and geopolitical tensions escalate, warfare is evolving. Targeting the traditional military targets of a fellow mega-power has given way to indirect and repetitive targeting of civilian infrastructure. 

Dr. Sidharth Kaushal, Senior Research Fellow at the Royal United Services Institute, spoke during Windward’s masterclass in January 2025 about the increased targeting of critical undersea and civilian infrastructure: it’s becoming clear that “in the modern world, the center of society’s gravity was not its military, but its supporting apparatus, so to speak, the critical infrastructure that kept it running.”

Some of the recent incidents involve shadow fleet vessels suspected of circumventing sanctions and also attempting to damage undersea infrastructure. This connects the worlds of national security and compliance and highlights the need for advanced monitoring and rapid response capabilities to safeguard critical assets.

There are multiple daunting challenges for governmental and commercial entities trying to anticipate, react to, and then investigate critical maritime infrastructure incidents. 

The sheer expanse of the undersea cable network makes monitoring and protection a monumental task. With more than 500 cables spanning approximately 1.4 million kilometers across deep and often inaccessible oceanic regions, comprehensive surveillance is impractical and ineffective using conventional methods. Without an AI-powered solution, organizations will drown in data and lack the ability to respond in real time.  

Additionally, undersea cables are extremely thin and are typically left unshielded on the ocean floor. This makes them highly susceptible to both unintentional damage and deliberate attacks. Everyday maritime activities such as fishing, trawling, and anchoring pose substantial risks. Additionally, natural phenomena such as earthquakes and submarine landslides can cause extensive disruptions. Organizations require the ability to differentiate between accidents and coordinated attacks. 

Unlike terrestrial infrastructure, undersea cables are largely unprotected by active defense systems. Historically, their security has depended on people not knowing where they are located. 

But as maritime technology advances and geopolitical tensions escalate, reliance on remoteness is no longer sufficient – and some cables lay beneath popular vessel routes. The increasing accessibility of seabed mapping technologies has made it easier for illicit actors to locate and potentially target critical cable systems.

And identifying responsible parties is challenging, due to the clandestine nature of underwater activities and the lack of real-time monitoring solutions. Some of the intel gathering for underwater sabotage and the cutting itself has been performed by merchant vessels, as opposed to the expected military vessels. This ambiguity complicates response strategies and undermines deterrence efforts.

International governance of undersea cables is fragmented, with substantial gaps in regulatory oversight, which exacerbates the above challenges. While some national jurisdictions implement protective measures within their territorial waters, there is no universally coordinated framework for securing these assets on the high seas (although the next section does detail recent attempts at international cooperation). 

The absence of standardized protocols and enforcement mechanisms leaves undersea cables exposed to exploitation and attack, particularly in regions of geopolitical contention. 

Also, existing maritime domain awareness solutions are often designed for surface and near-surface monitoring, leaving deep-sea infrastructure largely unmonitored. Many organizations can detect when vessels are sailing close to cables or pipes, but knowing which specific vessels pose a risk to critical infrastructure is far more difficult. 

It is obvious that government agencies – particularly those involved with communications, energy, and national security – should be on high alert. They need to protect the valuable cables and pipes that keep their countries connected to the internet and maintain the flow of gas and oil, which affects energy prices, hospitals and healthcare, international alliances, etc. 

A quick example: after a Taiwanese telecoms company detected that an international undersea cable was damaged in January 2025, a “suspicious vessel” was observed on the same route as the affected cable. 

“Taiwan Coast Guard officials in the days since have said they suspect that the Shunxin39 – a Chinese-linked cargo vessel – could have cut the cable, in an incident that has spotlighted the island’s growing concerns about vulnerabilities that could be exploited by Beijing,” according to CNN.

These types of attacks are attractive as a new type of “gray warfare.” They can do tremendous damage, but are often opaque and offer plausible deniability for the perpetrators. That’s a major reason that underwater warfare incidents have increased so significantly in recent years. 

We’ve seen a trajectory in the frequency of cable-cutting incidents similar to the explosion of location (GNSS) manipulation incidents. This specific deceptive shipping practice (DSP) is also hard to detect and is the fastest-growing DSP in recent years. 

How are governments and international bodies responding? 

In 2023, NATO established the Critical Undersea Infrastructure Coordination Cell.  

The cell uses innovative technologies and engages with industry, and key military and civilian stakeholders, to boost the security of Allied undersea infrastructure. 

NATO launched its Maritime Centre for Security of Critical Undersea Infrastructure in May 2024. 

“Like other aspects of maritime security, securing CUI goes beyond posturing to deter future aggression; it includes robust coordination, to actively monitor and counter malign or hybrid threats, denying any aggressor the cover of “plausible deniability”. Through the wide networks we are establishing in the new center, that job will become much easier to achieve. And if, in the future, nations seek NATO assistance, we will be ready to help them using our networks and data,” said Commander MARCOM, Royal Navy Vice Admiral Mike Utley. 

Underwater infrastructure sabotage affects: 

• Policy and regulation agencies
• National defense and intelligence organizations
• Marine regulation bodies
• Coast guards
• Navies

New International Alliances to Counter the Threat

As noted, critical maritime infrastructure protection became one of the most important issues in the maritime and supply chain ecosystems in 2025. Unsurprisingly, we saw new international developments to counter the threat. 

Baltic Sentry is a NATO mission established in January 2025 to protect the underwater infrastructure of the region following multiple attacks. Key features include:

• Deployment of various assets, including frigates, maritime patrol aircraft, and naval drones
• A focus on enhancing maritime presence and monitoring key areas
• Utilization of new technologies, including a small fleet of naval drones for improved surveillance and deterrence

The Joint Expeditionary Force (JEF) has activated an advanced, AI-based reaction system to track potential threats to undersea infrastructure and monitor the Russian shadow fleet, following reported damage to a major undersea cable in the Baltic Sea. The project is called Nordic Warden. 

It covers 22 key areas of interest in the English Channel, North Sea, Kattegat, and Baltic Sea, and includes real-time monitoring and a warning system shared with JEF nations and NATO allies.

The Private Sector is Worried 

Communications, oil and gas, technology companies, and other commercial entities have been watching the recent cable-cutting incidents with great concern. Companies with an obvious economic interest in keeping data, oil, and gas flowing through the cables and pipes they own do not want to cope with disrupted operations and profits. 

This affects: 

• Communication and telecom companies
• Oil and gas operators
• Energy companies 
• Underwater security and monitoring companies
• Financial institutions

U.S. officials issued a warning in 2024 to cable owners, such as Google and Meta Platforms, according to The Wall Street Journal. Undersea cables that ferry internet traffic across the Pacific Ocean could be vulnerable to tampering by Chinese repair ships. Google and Meta Platforms partially own a significant amount of cables, but they rely on maintenance specialists, including some with foreign ownership. Some of these repair ships have been caught turning off their transponders. 

Elisabeth Braw, author of the upcoming book, Undersea War, and a Senior Fellow at the Atlantic Council, laid out how commercial organizations could be affected in a Politico article entitled, “Private companies need to get better at monitoring threats.”

“On the world’s high seas, owners of undersea cables, pipelines, offshore windfarms and other sea-based installations might be seeing their installations similarly sabotaged for geopolitical purposes too – in fact, that’s what appears to have happened…to Cinia, the Finnish owner of the C-Lion1 cable connecting Finland and Germany.”

If the Eagle S was engaged in sabotage, it exemplifies the growing overlap between commercial and paramilitary operations. Is such a ship truly commercial, or covertly government-operated? 

This ambiguity is further complicated by the United Nations Convention on the Law of the Sea (UNCLOS), which allows freedom of passage for merchant vessels, but excludes intelligence gathering under Article 19, 2. (c). Proving breaches of innocent passage could lead to significant legal and operational consequences.

Shadow fleet ships, often evading sanctions, present a dual threat: sanctions compliance and security risks. Stricter monitoring and sanctions from port operators, insurance providers, and international regulators could be put into place as a precaution.

While governments must bolster independent capabilities to procure and act on maritime intelligence, energy companies can’t rely solely on state measures. 

The entities laying critical infrastructure like undersea cables must assume accountability for securing their assets against threats. Collaborative approaches involving the public and private sectors are essential to mitigate vulnerabilities.

Windward’s new Early Detection solution has helped expose many of the behavioral characteristics of ships involved in critical maritime infrastructure sabotage. Following the C-Lion1 incident in the Baltic Sea, we used this new technology – which flags anomalies and shifting trends globally, or within predefined areas – to analyze the 30 days before the first report of the incident.

We found that huge statistical spikes could have predicted the Baltic Sea undersea cables incident! Early Detection flagged 50 anomalies or new trends in the Baltic Sea and within the territorial waters of surrounding countries. These were specifically related to dark activity, slow-speed sailing, or drifting – all activities that could potentially be related to an intentional act of interference, or sabotage. 

Many of the vessels were linked with Russia. For instance: 

• We saw an 849% increase in vessels with Russia compliance risk drifting in the Finnish exclusive economic zone (EEZ), including the Åland Islands, which is a four-year high! It’s approximately 8.5 times higher than the number of vessels expected.

The image below shows where Russian vessels turned off their AIS signals:

Eighty-four high and moderate-risk vessels connected to Russia conducted 140 dark activities, mainly near the Gulf of Finland. The average duration of the dark activity was 91 hours. This means nearly three days of unaccounted activity near and around the undersea cables. 

Let’s focus on a Russian-flagged cargo vessel, sanctioned and flagged as high risk for smuggling. The ship turned off its AIS on November 11, 2024, for nearly three days (69 hours). It reappeared 20.5 nautical miles from where it went dark, a travel time of around three hours. During its dark period, the vessel could have sailed to a number of ports with time to spare. During this time, it also could have easily traveled to where the C-Lion1 was located.

History Repeats Itself…

A fiber optic cable between Latvia and Sweden was damaged on January 26, 2025, due to suspected “external influence” (according to Reuters).

Earlier in January, our Early Detection flagged patterns in the Baltic Sea that mirrored those leading up to the C-Lion1 cable sabotage in November 2024.

Surges in suspicious activities, including drifting and dark activity by Russian compliance vessels, signaled the possibility of another incident – and then another cable was cut.

These recurring events reveal a troubling pattern in the Baltic region. While no one can predict the future, detecting these warning signs as they emerge is the closest thing to a crystal ball in today’s volatile maritime landscape.

Click here to see how you can benefit.