The September 2022 attacks on the Nordstream 1 and 2 pipelines convinced many in Europe that malign actors have the capability and intent to attack critical undersea infrastructure. While the attacks targeted gas pipelines, equally vulnerable is the vast system of fiber-optic and data cables that underpin the global exchange of information, including transatlantic financial transactions.
The Nordstream attacks occurred on a section of the pipeline located just outside Swedish and Danish territorial waters. Attackers damaged the pipelines in a series of explosions that left gas bubbling up from the bottom of the Baltic Sea for days—an act of energy and environmental sabotage. Multiple investigations into the attacks are ongoing. Moscow was identified as the key suspect in the immediate aftermath, but new reporting has revealed that some Western intelligence officials believe that a pro-Ukrainian group may be responsible. Both Russian and Ukrainian governments have denied any responsibility or prior knowledge of the attacks. But at the same time, Moscow has shown no shame in continuing its campaign of terror against Ukrainian critical infrastructure and has also been fingered in a string of security incidents around critical infrastructure in Europe, including German trains, Norwegian oil platforms, a Polish port, and Dutch offshore wind farms.
As the war in Ukraine stretches into a second year, Europe has awoken to the reality that maritime infrastructure is vulnerable and that NATO states need to prioritize the security of the critical infrastructure on which their economies depend. In a recent commentary, Alessio Patalano of King’s College London described undersea infrastructure as the “lifelines of modern prosperity” and a critical arena where adversaries can challenge European security. Because much of the critical maritime infrastructure in Europe is inherently multinational, and the key capabilities are expensive, the alliance has a natural role to play in organizing the defense of maritime infrastructure and helping governments pool their resources.
Underwater but Indispensable
European undersea infrastructure crisscrosses the North Sea, the Baltic, the English Channel, and the Mediterranean, underpinning vast swaths of the European economy. Pipelines that carry gas from Norway to the United Kingdom and continental Europe, or from North Africa to Europe, are just as important as the Nordstream pipelines—more so now that European imports of Russian gas have fallen precipitously. Liquified natural gas terminals in Europe are also now more important than ever as the continent tries to diversify its energy suppliers. Offshore electricity generation by wind farms or tidal generation systems may also be vulnerable.
In addition to gas pipelines, European consumers receive electricity via subsea cables. Last year a new cable capable of carrying up to 1,400 megawatts of electricity from Norway to the United Kingdom began operation. Another cable is planned to link wind farms in Morocco with British consumers. In the Mediterranean, Egypt recently announced a plan to deliver as much as 3,000 megawatts of electricity to Greece via a subsea cable.
And submarine cables don’t just carry electricity; they also carry data. As much as 99 percent of all global data traffic—from video calls to online purchases and music streaming—flows through cables that travel along the bottom of the sea. These submarine cables carry $10 trillion of financial transactions daily, underpinning the global economy. They also carry sensitive diplomatic and military communications, including the bandwidth the US military uses for drone operations. The world’s reliance on submarine cables will only increase in the coming years. The proliferation of 5G networks might double the bandwidth demand on submarine cables every two years for the foreseeable future.
Even if Moscow is not responsible for the Nordstream attacks, Russia has a history of sabotaging undersea infrastructure. In 1959, during the Cold War, a Soviet trawler damaged subsea cables off the coast of Newfoundland. In 2014, when Russia invaded Crimea, one of its first moves was to cut communications cables with the mainland, though they were above ground. Russian forces have maintained a steady stream of attacks on Ukrainian infrastructure since their 2022 invasion. Russia was suspected of being at fault when the cables linking Norway to the island of Svalbard were mysteriously severed in 2021. Then, in early 2022, Russian Navy exercises over cables that connect Ireland and the United Kingdom were interpreted as an implicit threat of action against the cables. In October, Norway reported unidentified drones flying near its oil platforms offshore, and officials worried Russian agents were responsible. In January, Polish police discovered a trio of divers suspected of carrying out underwater reconnaissance near the port of Gdansk who claimed they were diving for amber—in the middle of the night. In February, Dutch military intelligence publicly accused a Russian ship of attempting to map out energy infrastructure in the North Sea, specifically offshore wind farms. The Russian Navy is also one of only a few navies that operate vessels capable of severing or otherwise damaging submarine cables at depth, though it is relatively straightforward to damage pipelines or cables with divers, mines, or remote vehicles as they pass through shallow water. It should not come as a surprise if Russia continues to target undersea infrastructure for intelligence gathering or sabotage.
Kinetic methods are not the only way to damage submarine infrastructure. Submarine infrastructure can also be vulnerable to cyberattacks. In 2021, hackers disrupted the operation of the Colonial Pipeline in the United States, which supplied 45% of the East Coast’s petroleum fuel needs. And in 2017, a cyberattack against Maersk, a maritime logistics company, crippled port operations worldwide. Ukraine’s energy grid has become a repeated target of Russian cyber attacks since the early days of the invasion in 2022. While not attacks against undersea infrastructure, these incidents show the interest in attacking logistics infrastructure, and similar attacks could be aimed at undersea targets. Undersea infrastructure, like pipelines and cables, make excellent targets for two reasons—they have tremendous strategic value, and as the Nordstream attacks have demonstrated, it is very challenging to assign attribution.
What should be done? Europe must take maritime infrastructure protection seriously, and NATO is best positioned to lead the effort. The alliance’s strategic concept specifically spells out the importance of maritime security as “key to our peace and prosperity” and cautions that adversaries are “investing in technologies that could… target our civilian and military infrastructure.”
And to an extent, the alliance has stepped up. After the Nordstream attacks, a “flood” of NATO and allied warships began patrolling the North Sea and the Baltic. Still, this effort is unsustainable and unlikely to deter further attacks because monitoring, let alone repairing, maritime infrastructure requires special equipment like submersibles and underwater drones. It is not feasible to patrol all of the cable and pipeline routes, which total over 1.2 million kilometers, nor is it realistic to harden them against sabotage. Sebastian Bruns, a naval expert at the University of Kiel, compared the task of patrolling all the subsea cable routes to “the assignment of two cop cars to watch over the entire highway network of the United States.” It is equally improbable that naming and shaming Russia would deter future attacks by itself. Recent research into historical cases of maritime sabotage concluded that half of the time, even a loss of surprise wasn’t enough to prevent maritime sabotage.
In February, NATO Secretary General Jens Stoltenberg announced that NATO was establishing an “undersea infrastructure coordination cell” that would help “boost the security of Allied undersea infrastructure.” This move is a small step in the right direction and likely foreshadows a more prominent role for NATO in undersea infrastructure protection throughout Europe. The European Defense Agency has also signaled interest in undersea infrastructure and will hold its first symposium on Critical Maritime Infrastructure Protection in April.
But more action is needed. The Alliance should ensure that it has the resources to respond to attacks on submarine infrastructure by quickly repairing or replacing damaged infrastructure and responding to aggression in kind. One path forward might be to create a standing naval task group with cable and infrastructure repair ships. NATO already has standing mine countermeasure groups. The naval analyst Joshua Tallis recently argued that “NATO’s standing naval forces offer a relatively low-cost means of sending high-value political signals of alliance unity and defense,” but they are overdue for an update. Organizing a standing naval force around critical maritime infrastructure would be an excellent next step.
Individual nations have also begun recognizing the threat and investing in capability on their own, but their efforts would be best organized under the umbrella of the alliance. As an island nation, the United Kingdom is particularly vulnerable to attacks on subsea infrastructure. Since 2010, it has increased electricity imports by nearly tenfold. The British government recently took a positive step by announcing it would acquire specialized ships that carry remotely operated vehicles for inspecting subsea infrastructure. It should come as no coincidence that now-Prime Minister Rishi Sunak was the author of a pivotal 2017 report on undersea cable security. The French military has also invested in subsea capability and released a “seabed warfare strategy” in early 2022. Italian defense experts have also called for more “robust deterrence capabilities” to “ensure persistent protection for critical underwater cable bundles and key energy infrastructures connecting its mainland and Europe with suppliers in North Africa and the Middle East.”
Meanwhile, the Italian Navy has begun working with an Italian telecom company to improve its monitoring of threats to subsea cables. Moving forward, NATO should focus the efforts of individual members on deterrence and mitigation. The alliance needs to reiterate the message that an attack on subsea infrastructure, even in international waters, is akin to an attack on a member of the alliance—and make clear that the alliance has the means to respond in kind.
If the alliance successfully organizes resources to protect, defend, and repair critical undersea infrastructure, it will have opportunities to export know-how and capability to other partners concerned about attacks on their infrastructure, like India, Australia, or Taiwan. Taking a leading role in Europe will position the alliance to contribute to critical infrastructure protection globally.
The attack on the Nordstream pipelines threatens Europe and the maritime infrastructure on which it relies. If attackers, whether a pro-Ukrainian group, the Russian Navy, or some other entity, can damage subsea pipelines in the Baltic, a region on the fast track to becoming a “NATO lake,” then critical infrastructure like gas pipelines, submarine cables, liquified natural gas terminals, or even oil platforms are not safe anywhere. Attacks on pipelines or cables in the Black Sea, Eastern Mediterranean, or the North Sea may be next. NATO has an opportunity to meet the moment: it can help unify Europe’s efforts to protect maritime infrastructure by preparing to mitigate the damage from future attacks and through deterrence—messaging that future attacks will be costly for any attacker. So far, the small steps the alliance has taken are a good start, but more needs to be done.
Walker D. Mills is a Marine Corps infantry officer, a nonresident fellow at Marine Corps University’s Brute Krulak Center for Innovation and Future War, and a nonresident fellow with the Irregular Warfare Initiative.
The views expressed are those of the authors and do not reflect the official position of the United States Military Academy, Department of the Army, or Department of Defense.
Photo: US Navy, Photographer’s Mate Second Class William Krumpelman