Reports

Huge Statistical Spikes Could Have Predicted the Baltic Sea Undersea Cables Incident

Media outlets reported that two undersea internet cables were suddenly disrupted on November 19, 2024. One of the cables was the C-LION1, the only direct connection of its kind between Finland and Central Europe. Consequent reports strengthened the suspicion that this was an act of deliberate sabotage.

Could it have been detected in advance? Some of the huge statistical spikes we found regarding disabling AIS signals, slow-speed sailing, and drifting indicate that law enforcement agencies could have been on alert before the incident…

The Importance of Early Detection

Windward’s new Early Detection solution flags anomalies and shifting trends globally, or within predefined areas. These may include geopolitical events and/or military or paramilitary operations that can affect national security and global trade. Intentional sabotage, or tampering with critical infrastructure, is also within the purview.

Suspicious Behavior by Russia-Affiliated Vessels Increased…

In the 30 days before the first report of the incident, Early Detection flagged 50 anomalies or new trends in the Baltic Sea and within the territorial waters of surrounding countries. These were specifically related to dark activity, slow-speed sailing, or drifting, – all activities that could potentially be related to an intentional act of interference, or sabotage. 

A closer look immediately surfaces some interesting anomalies of particular relevance.

In the past 30 days, the Early Detection model flagged significant increases in suspicious activities by vessels affiliated with Russia. We saw:

  • An 849% increase in vessels with Russia compliance risk drifting in the Finnish exclusive economic zone (EEZ), including the Åland Islands, which is a four-year high! It’s approximately 8.5 times higher than the number of vessels expected.

 

graph
  • A 44% increase in vessels with Russia compliance risk conducting dark activity in the Baltic Sea. During the week of November 7, 116 vessels were observed engaging in this activity, compared to an expected value of 80 vessels. While there’s a noticeable upward trend over the past four years, suggesting a gradual increase in this behavior over time,  the recent spike of 116 vessels is unusual in comparison to the median number of 10 vessels across the past four years.
graph
  • A 612% jump in vessels with Russia compliance risk drifting in Estonian waters, more than six times the number of vessels than expected, another four-year high.
graph
  • A 1,261% spike in vessels under Russia’s flag sailing below 3kn in Poland’s EEZ, which is an unusual increase in Russian vessel presence in the area. Based on historical data, there’s a noticeable downward trend over the past four years, suggesting a general decrease in Russian vessel presence in these waters over time – making this recent spike unusual, compared to typical activity levels.
graph

What Does This Mean?

These behaviors – international disabling AIS signals, slow-speed sailing, and drifting – can be utilized to mask illicit activities and are considered risk indicators.

Consider the image below, which shows where Russian vessels turned off their AIS signals:

map 1

Eight four high and moderate-risk vessels connected to Russia conducted 140 dark activities, mainly near the Gulf of Finland. The average duration of the dark activity was 91 hours. This means nearly three days of unaccounted activity near and around the undersea cables. 

Let’s focus on a Russian-flagged cargo vessel, sanctioned and flagged as high risk for smuggling. The ship turned off its AIS on November 11, 2024, for nearly three days (69 hours). It reappeared 20.5 nautical miles from where it went dark, a travel time of around three hours. During its dark period, the vessel could have sailed to a number of ports with time to spare. During this time, it also could have easily traveled to where the C-Lion is located.

One high-risk, Russian-affiliated vessel going dark is a matter of concern. Hundreds, is even more so.

map

Windward Can Help!

Early Detection solution flags notable anomalies and new trends that warrant a deeper investigation. Windward’s technology and domain expertise are instrumental in the effort to protect critical infrastructure, including enhancing the physical security of cables. We can help users monitor critical infrastructure in real-time and look back to investigate incidents after they occur. 

In the weeks leading up to the cable disruption, AI-powered insights clearly indicated heightened suspicious activities in the area. While it is impossible to know for certain if these anomalies are directly related to the incident, the geopolitical tensions in the region should attract attention from maritime security agencies and international observers.

Despite their critical importance, the protection and monitoring of underwater infrastructure remain alarmingly inadequate in many parts of the world. This issue has become a central concern for national governments and security organizations. As damage to infrastructure can occur without immediate detection, these critical infrastructures are highly vulnerable.

Submarine communication cables carry over 98% of internet traffic. While damage to one or two cables, particularly in well-connected regions, would cause only minor disruptions, a large-scale, deliberate, and well-coordinated attack could have far-reaching global consequences.

Possessing early intelligence on these anomalies, or on “new normals” that suggest emboldened actions and heightened presence by adversarial forces in an area of strategic importance, would have enabled intelligence and defense organizations to make critical decisions – perhaps intensifying monitoring by adding patrols, or deploying unmanned assets.

Want to See For Yourself?