According to ENISA, more than 97% of the world’s internet traffic traverses through subsea cables at some point. These cables play a crucial role in the global internet infrastructure, making it imperative to safeguard them from cyberattacks, physical assaults, and other potential threats.
With the increasing reliance on the internet and the escalating volume of data being transmitted, incidents involving subsea cables could result in outages and disruptions. Weak points include cable landing stations and subsea areas where multiple cables are in close proximity to each other.
The 2022 report by the International Cable Protection Committee reveals that most subsea cable incidents are accidental, often caused by anchoring and fishing activities. Natural phenomena such as underwater earthquakes can also lead to cable incidents. In rare cases, system failures contribute to these incidents.
Malicious actions such as sabotage attacks and espionage pose additional threats to subsea cables. Coordinated sabotage attacks targeting multiple cables simultaneously could cause significant disruptions to internet connectivity. The process of repairing subsea cables is complex, time-consuming, and requires specialized cable repair ships, which are limited in number worldwide.
While the likelihood of eavesdropping on cables on the seabed is considered low, accessing communication data at cable landing stations or cable landing points remains a feasible threat that should be taken into consideration.
Subsea cables are subject to various regulatory regimes, laws, and authorities. National telecom authorities, entities under the NIS Directive, cybersecurity agencies, national coastguards, and military organizations may be involved in their protection. Additionally, international treaties establish universal norms and legal boundaries in maritime territories.
In the private sector, the subsea cable ecosystem comprises undersea cable owners and operators, integrated suppliers, suppliers without dedicated fleets, owners of installation and repair vessels, and subsea cable maintenance companies.
Submarine cables
There is a lack of comprehensive information regarding the resilience, redundancy, and capacity of subsea cables, necessitating further analysis. Clarifying the mandate and supervision over subsea cables at the national level is crucial to ensure their protection and prevent chokepoints.
National authorities should engage in the exchange of good practices concerning subsea cable protection, including cooperation with energy sector authorities experienced in safeguarding subsea power cables. Additionally, collaboration with authorities under the Critical Entities Resilience Directive, who possess expertise in physically protecting critical infrastructure, could provide valuable insights.
Accidental damage caused by fishing or anchoring has been the primary cause of most subsea cable incidents. Natural phenomena like undersea earthquakes or landslides can also have a significant impact, particularly in areas with a dense concentration of cables. Chokepoints, where multiple cables are closely installed, represent single points of failure that can strain cable repair capacity.
Both physical attacks and cyberattacks should be considered as threats to subsea cables, landing points, and the information and communication technology (ICT) infrastructure at these points.
ENISA published this report to assist national authorities in EU Member States in supervising telecom networks and core internet infrastructure, in accordance with the European Electronic Communications Code (EECC) and the Directive on measures for a high common level of cybersecurity across the Union (NIS1 and NIS2). Subsea cables are specifically mentioned in the NIS2 directive and should be addressed in national cybersecurity strategies.
CyberSec84 | Cybersecurity news. 
Leave a comment