Dr Robert James Chapman, Dr Chapman and Associates Ltd, January 2025Can be contacted at: DrChapmanAssociates@outlook.com
On 25 December 2024 Finland’s electricity transmission operator Fingrid reported that their 106-mile Estlink 2 cable connection between Finland and Estonia had been disconnected and in all probability deliberately sabotaged. On the same day the Finnish telecommunications and digital operator Elisa reported two fibre optic cables linking Helsinki (Finland) and Tallinn (Estonia) were broken. In addition, Finnish transport and communications agency Traficom advised a fourth internet cable running between Finland and Germany and belonging to Finnish group Cinia was also believed to have been severed. Fingrid requested seizure of the Russian ‘shadow fleet’ oil tanker Eagle S over suspected cable damage. As a consequence, the Finish coastguard boarded the Eagle S tanker at sea and to aid their investigation, took command of and sailed the vessel to an anchorage near the Finish port of Porvoo. Sophisticated spying equipment was found on board the tanker. The Cook Islands registered ship is considered by the European Commission and Finland to be part of Russia’s so called ‘shadow fleet’.
The United Nations, the European Union and the UK government are now highly focused on the security and resilience of undersea cables and pipelines. They form part of the critical national infrastructure (CNI) of multiple nations. As reported by the Sunday Telegraph, the Baltic Sea nations, (the independent republics of Estonia, Latvia, and Lithuania), have been on high alert after a series of disruptions to power cables, telecom links and gas pipelines, since Russia’s invasion of Ukraine in 2022. These most recent events follow on the heels of the severing of the Arelion data cable between the Swedish island of Gotland and Lithuania on November 17 2024 and the cutting of the 730-mile C-Lion telecommunications cable between Helsinki (Finland) and the port of Rostock (Germany) on November 18 2024. As reported by Henri Astier and Paul Kirby of the BBC, Germany suspected sabotage. In a statement by the European Commission on 26 December 2024, it said “we are strengthening efforts to protect undersea cables, including enhanced information exchange, new detection technologies, as well as undersea repair capabilities, and international cooperation. We remain committed to ensuring the resilience and security of our critical infrastructure”.Unfortunately, these events are not isolated. The sabotage of three of the four Nord Stream pipelines in the Baltic Sea in September 2022 highlighted the potential vulnerability of undersea cables and pipelines to malicious attack. The Nord Stream pipelines carried gas from Russia to Rostock in Germany under the Baltic Sea and as reported by the BBC “were a controversial and unpopular symbol of European energy dependence on Moscow”. As reported by Damien McGuinness of the BBC, in August last year, German state prosecutors issued an arrest warrant for a Ukrainian diving instructor thought responsible.
Russia’s so called ‘shadow fleet’, is a group of ships used by Russia which use illicit practices to avoid sanctions on Russian oil as a desperate attempt to undermine UK and G7 sanctions and continue unfettered trade in Russian oil.
As described in the UK Government’s press release of 11 September 2024, Russia’s oil exports are Putin’s most critical revenue source for funding his illegal war in Ukraine, accounting for roughly a quarter of Russia’s budget in 2023. At the time of issue of the press release, the Foreign, Commonwealth and Development Office considered that sanctions imposed since February 2022 had deprived Russia of over $400 billion worth of assets and revenues, thought to be equivalent to funding the invasion for 4 more years. In addition, Foreign Secretary David Lammy advised: “Russia has been forced to spend over $8 billion amassing this shadow fleet. But with sanctioned tankers loitering and unable to load oil, we are determined to make Putin’s investment an expensive misstep for the Kremlin. Our action will help to counter Russian attempts to undermine and dodge economic sanctions”.
It could be construed that the cutting of undersea cables is retaliatory action by Russia against sanctions imposed by the G7, (an intergovernmental political and economic forum consisting of Canada, France, Germany, Italy, Japan, the United !Kingdom and the U.S.), on Russia’s trade in oil.
According to the UK government’s National Protective Security Authority (NPSA), the country’s critical national infrastructure relates to those facilities, systems, sites, information, people, networks and processes, necessary for a country to function and upon which daily life depends. In the UK, the CNI sectors are listed as:
As advised in a written statement, by Chris Bryant (UK Minister of State for Data Protection and Telecoms) on 12 September 2024 “Data infrastructure will be managed under existing cross Government CNI structures led by the Cabinet Office, as a sub-sector of Communications”. Data infrastructure is described as the physical data centers and cloud infrastructure which provide the foundations of the UK’s digital economy.
Many of the sectors rely on Position, Navigation and Timing (PNT) satellite information such as the emergency services and banks which will be given added resilience through a new framework unveiled by Science Minister George Freeman on 18 October 2023.
One of the government’s key guidance documents on CNI is “Securing Critical National Infrastructure: An introduction to UK capability” published by the UK Defence and Security Exports and the Department for Business and Trade and was published in 2023.
The UK’s Critical National Infrastructure (CNI) has been repeatedly described as becoming increasingly interconnected and interdependent, making it harder for government departments to both comprehend and manage the threats faced by the UK. A joint initiative by the Cabinet Office, the NCSC and the NPSA has developed a new methodology to collect data on this ‘interconnectedness’, called the Criticalities Process and is developing a new tool to visualise and interrogate the data produced called the CNI Knowledge Base. This interconnectedness can be international. An example is that German wind farm operation is dependent on satellites operated by the United States. The CNI Knowledge Base is described as the ‘Single Source of Truth’ for UK CNI, enabling government analysts to visualise the data. This software lets risk owners view UK CNI on a map or as a network graph, with interdependencies mapped across it. The tool and data are held in a secure environment, accessed only by appropriately cleared government officials.
In a UK Parliament ‘lnsight’ titled “Seabed Warfare: Protecting the UK’s Undersea Infrastructure”, published on 24 May 2023, the author, Louisa Brooke-Holland of the House of Commons Library, outlined the significance of the UK’s undersea infrastructure and the measures taken to protect it against potential threats.
Brooke-Holland stated: “Undersea cables and pipelines form part of the UK’s critical national infrastructure, the facilities, systems and networks necessary for a country to work. On the seabed lie miles of telecommunication cables that enable internet access, financial transactions and the sharing of data essential to business and personal life”. Estimates vary, but the Ministry of Defence suggests 99% of global internet traffic goes through undersea cables. Seabed gas and oil pipelines provide essential energy supplies to the UK; 77% of all of the UK’s gas imports came from Norway through pipelines lying under the North Sea.
According to the Ministry of Defence the growing use of the seabed has “increased opportunities for adversaries to threaten Western subsea critical national infrastructure”. The same Insight stated: The UK Government said in a Defence report in 2021that Russia is developing “deep sea capabilities which can threaten undersea cables”. As reported in The Times Newspaper in January 2022 this view is echoed by the comment made by the Chief of the Defence Staff, Admiral Sir Tony Radakin who said: There’s been a phenomenal increase in Russian submarine and underwater activity over the last 20 years”.
The ‘Notice’ published by the Department for Science, Innovation and Technology on 29 November 2024 addressing the New York Joint Statement (referred to below) sets the context for the almost explosive international dependency on submarine cables and pipelines. The Notice states: “The demand for undersea cables and supporting infrastructure has surged as seamless connectivity has become indispensable to commerce and digital growth across every sector of the global economy. The expansion of undersea cable networks is the foundation of a more interconnected and interdependent global community, and states (the community) should adopt policies to enable efficient, robust, redundant, resilient, and secure infrastructure for network data and information flows”
However, the rapid development of communication technologies and the massive scale of these undersea networks increases global dependency on these systems and introduces vulnerabilities. This dependency can present major risks to both international communications and energy supplies as well as national security and economic stability. The Notice goes on to say “Protecting the security, resilience, and integrity of undersea cables is critical to global communications, economic growth, and development”.
On 26 September 2024, at the 79th annual United Nations General Assembly in New York, the UK joined with the EU and 15 other partners to endorse the New York Joint Statement on the security and resilience of undersea pipelines and cables in a globally digitalized world (the Statement). The Statement sets out clear proposals on counties working individually and together to ensure the security of this infrastructure. The endorsers of the statement stated they aspired to a series of principles for a shared global approach to ensure “the security, reliability, interoperability, sustainability, and resiliency for the deployment, repair and maintenance of undersea cable infrastructure”. In summary these principles addressed: the design of undersea cable infrastructure, cooperation in the selection of verifiable subsea cable providers, coordination of responsible cable deployment, adoption of spatial and route planning, the sharing of best practices in regulation, transparency over ownership and governance, implementation of regular security risk assessments, promotion of data security measures and collectively complying with international law. They appear to be well considered and described and have created a significant platform for future cooperation.
In 2021 the Ministry of Defence announced plans to procure two new ships as part of creating a new Multi-Role Ocean Surveillance (MROS) capability to provide seabed surveillance and response capacity within the UK and Northern European waters. Russia’s invasion of Ukraine in 2022 prompted the then Defence Secretary, Ben Wallace, to accelerate the procurement of the first of these new ships with the specific goal of detecting threats to cables and pipelines under the seabed. As reported in The Irish Times on May 3rd 2023, David Cattier, the assistant secretary general for intelligence and security within the North Atlantic Treaty Organisation (NATO), had said Russia was actively mapping critical undersea systems and warned of a significant risk that Moscow could target infrastructure in Europe and North America. In the same article the Times referred to a joint investigation published in April 2023 by Danish, Finnish, Swedish and Norwegian public broadcasters which advised that Russian military and civilian ships were mapping seabed infrastructure in the Baltic and North Seas. Cattier had gone on to say “there are heightened concerns that Russia may target undersea cables and other critical infrastructure in an effort to disrupt western life and gain leverage against those nations that are providing support to Ukraine”. He pointed to Russia’s military strategy which calls for the rapid destruction of critical infrastructure in the early stages of a conflict, a tactic seen in Ukraine, as one reason for the heightened concern. He warned of “a persistent and significant risk” that Russia could attack allied systems.
The UK’s RFA Proteus, planned to be the first of a new generation of survey and surveillance ships, was sworn into service on 10 October 2023. It is a converted merchant vessel and will be operated by the Royal Fleet Auxiliary, which is the civilian branch of the Royal Navy, supported by Royal Navy specialists. It is tasked with monitoring and protecting the country’s critical underwater infrastructure, including telecommunication and power cables as well as gas and oil pipelines. The hope is she will play a crucial role in British maritime security. This new MROS ship is fitted with advanced sensors dedicated to monitoring underwater areas of UK sovereign interest and it is understood will used as a platform to carry a number of Remotely Operated Underwater Vehicles (ROUVs), also referred to as undersea drones, for use in the collection of seabed data. The ship’s advanced capabilities are designed to protect British interests and support NATO and other allies in maintaining secure and open seas. The UK will also collaborate in developing undersea capabilities with Australia and the United States as part of the 2021 AUKUS agreement.
The significance of the threat of ‘attacks on critical infrastructure’ is reflected in The World Economic Forum’s Global Risks Perception Survey (GRPS), which it identified as one of 20 risks that would most likely present a material crisis on a global scale in 2024. As far back as 2015, Nicole Starosielski (currently a professor at the University of California, Berkeley), emphasised the importance of undersea cables in that they “transport nearly 100% of transoceanic data traffic”. In addition, the BBC reported as far back as March 2021 that undersea cables carry trillions of dollars-worth of financial transactions every day.
Writing for the World Economic Forum, Starosielski highlighted these cables “carry the world’s internet, phone calls and even TV transmissions between continents at the speed of light. A single cable can carry tens of terabits of information per second. Even though they might seem behind the times, [these] fibre-optic cables are actually state-of-the-art global communication technologies”. From her research, Starosielski discovered that fewer than 300 cable systems transport almost all transoceanic traffic around the world with each cable carrying an extraordinary amount of information and in some instances entire countries relying on only a handful of systems. Of significance is that cables carry data faster and cheaper than satellites.
Preceding the article, media coverage had been dominated by the question of vulnerability of the cables and exposure to disruption. Searching questions had been posed as to what would happen if these cables were cut and was there a threat of sabotage from Russian subs or terrorist agents.
Enterprise Risk Management (ERM) aims to create a risk-aware culture within an organisation, enabling better decision-making and enhancing overall resilience. This culture needs to be as much about being outward looking and conscious of the current risk landscape, as being focussed on current operations and ongoing projects. As explained in “Simple tools and techniques for enterprise risk management, 2nd edition” published by John Wiley and Sons, understanding the context of a business or organisation provides a foundation for the overall risk management process and will determine the quality of all succeeding steps. Its “degree of usefulness will depend on its relevance, breadth, depth and its currency”. For instance, those organisations working on a day-to-day basis on CNI projects involving undersea pipelines and cables may not be aware of the likelihood and potential impact of attacks on the nation’s CNI or how critical it would be to UK businesses, citizens, the economy and national security. In addition, they may be unfamiliar with how UK foreign policy has been received overseas and whether it has unsettled foreign powers to the point where they have threatened or are currently sponsoring attacks on elements of our CNI. As highlighted by Deloitte, in the Summer 2022 edition of their Insights Magazine, clearly the coming together of evolving international relations and improvements in digital technology is both a global problem but also a potentially more dangerous one.
Perhaps a key takeaway from the events of November and December of 2024 is that the risk landscape is evolving rapidly and enterprise risk management needs to be increasingly responsive to both emerging national and international threats. Hence risk taxonomies need regular review and updating. In addition, a preoccupation with past events as an indicator of potential future threats can dilute the benefit of initiatives to understand how the landscape may change over time. The New York Joint Statement from the United Nations highlighted the importance of looking at cable and pipeline projects holistically from spatial mapping through to design, procurement, installation and maintainability rather than just considering what nations should do post commencement of operations, with a particular emphasis on risk exposure and security. For this to take effect there will need to be a coordinated approach between industry and governments. ERM can benefit from horizon scanning and scenario analysis only if the appropriate subject matter experts are involved and they are engaged in a timely manner. The stark message from these events should be that organisations cannot continue to believe that updating principal threats on a quarterly or annual basis will protect their shareholder’s interests.
This website uses cookies to ensure you get the best experience on our website.
Read our Privacy Statement & Cookie Policy
