On Protecting the Undersea Cable System
The undersea cable system is increasingly vulnerable to attack, yet reliance on this critical infrastructure to carry internet traffic as well as the transfer energy continues to grow. A divided Congress should unite to better protect this critical infrastructure.
Published by The Lawfare Institute
in Cooperation With
Cables the size of a garden hose crisscross the oceans. Unlike your hose at home, these cables require all the protection afforded to other pieces of critical infrastructure, like the power grid. And, assuming you don’t have a serious feud going on with your neighbors, these cables are also unlike your hose at home because nations and non-state actors keen on sowing disruption realize that breaking a single cable can leave millions without internet access, saddle companies with millions in losses, and rob the power grid of millions of gigawatts of energy.
Despite the obvious vulnerability of these cables, the United States has failed to take necessary steps to protect this critical infrastructure. It’s not for lack of warning. Back in 2017, Garrett Hinck discussed in Lawfare the inadequacies of the legal regime protecting undersea cables. A year later, he evaluated the specific threat Russia poses to the undersea cable system. By late 2022, “mainstream” commentators such as Fareed Zakaria had picked up on the need to enact new policies surrounding the security of this critical infrastructure.
The inadequate attention given to undersea cable protection stems from three facts. First, a dearth of awareness among legislators of the vulnerability of these cables has muted calls for overdue policies. Second, private entities own the majority of the most important cables, complicating efforts to institute time- and resource-intensive policies. Finally, outdated and complicated laws govern different parts of the sea, which presents barriers to implementing new policies. Despite these hurdles, however, the Biden administration can and should act to secure the undersea cable system. This article offers three straightforward recommendations that could drastically improve the resilience of these deliverers of internet, energy, and more.
Insufficient Awareness of the Significance of Undersea Cables
Undersea cables have rarely been headline news. The public may have had a vague sense of their role in facilitating communication when, in 1857, two ships embarked from County Kerry, Ireland, to lay a transatlantic cable so that telegrams could flow across the pond. Perhaps the public’s attention waned that same day when the nascent expedition came to a rapid conclusion—the cable broke, and a series of repairs began.
Nearly a year later, in August 1858, the transatlantic cable finally came “online,” but the media coverage focused less on the medium that allowed for the exchange of international messages and more on the content of those messages. In defense of the public’s lack of appreciation for the infrastructure itself, the first message was between celebrities. Queen Victoria messaged U.S. President James Buchanan about her hope that the cable would serve as “an additional link between nations whose friendship is founded on their common interest and reciprocal esteem.”
Not much has changed since 1858. Cables have been laid across the globe, but little attention has been given to their location, ownership, function, and vulnerability. The public can be forgiven for, perhaps, assuming that our communication infrastructure relies more on satellites than undersea cables.
Our reliance on these cables, however, has only increased over time—and their security has diminished. More than 95 percent of intercontinental global internet traffic goes through undersea cables. When one of these cables is severed—intentionally or through natural causes—the disruption can be significant. For instance, millions experienced temporary internet blackouts on June 7 when the Asia-Africa-Europe-1 cable was cut.
In addition to communications, undersea cables will increasingly be used for another critical purpose: energy transmission. Last year, the United Kingdom and Norway demonstrated the value of this use case by launching the operation of the world’s longest subsea electricity cable—allowing the nations to share renewable energy.
Especially at a time when energy transmission has become a geopolitical concern, however, these cables have become targets in need of additional protection. Historically, as pointed out by Hinck in 2017, it has been safe to assume that physical damage to cables was the result of accidents, like fishers mistakenly dropping an anchor on a cable, or natural causes, such as earthquakes. However, reports of cables being damaged or broken are justifiably no longer being chalked up to curious sea creatures. Instead, reports of cable damage result in headlines like this one from Techspot: “Damaged European undersea cables impact internet connectivity worldwide: An unlikely coincidence or did Russian sabotage temporarily put [i]nternet access on hold?”
These sorts of questions echo concerns raised by the likes of U.K. Prime Minister Rishi Sunak, who published an in-depth analysis of the undersea cable system while serving as a member of Parliament. These concerns are warranted given increased investment by Russia in naval vessels with the capacity to surveil and disrupt traffic traveling on undersea cables. For example, in 2018, Hinck noted that Russian submarines had the capacity to “dive down thousands of meters, enabling [them] to target cables at depths that would be very difficult to repair.”
Some nations, such as the U.K., have not missed this moment to rally support for undersea cable defenses—the nation’s defense secretary recently announced plans to build two ships equipped with means to protect the nation’s undersea cables.
How Private Ownership Factors in Sea Cable Protection
Though awareness of the role and vulnerability of undersea cables may be spreading, the task of protecting this critical infrastructure is only getting more complicated. Privately owned cables facilitate nearly 100 percent of intercontinental global internet traffic. Even public entities, such as the Department of Defense, rely almost exclusively on private cables for their internet traffic.
Attempts to foster coordination between communications companies and U.S. public entities provide little hope for a rapid and sufficient response with respect to the threats posed to undersea cables. The trials and tribulations of the Cybersecurity and Infrastructure Security Agency (CISA) demonstrate such difficulties. Since the start of CISA operations in 2016, the agency has struggled to fulfill its legislated mandate: the sharing of cyber threat information between the federal government and private sector. According to an audit by the Department of Homeland Security, CISA’s efficacy has been undermined by relatively few private entities signing up for the program, difficulties creating standards for the sharing of such information, and a shortage of CISA staff.
These same problems—attracting private participation, developing agreeable standards, and recruiting and retaining the necessary staff—exist in even greater magnitudes in the context of protecting the undersea cable system. The chief cause of additional difficulties is the scope of the undersea cable system—if CISA struggles to cudgel U.S. companies to participate in a limited act of collaboration, then any entity tasked with inducing a global set of private and public entities to share information will likely face even greater hurdles.
Efforts to coordinate private-sector actors to protect undersea cables are also complicated by the litany of ad hoc, regional committees of cable owners—for example, the Oceania Submarine Cable Association formed in 2010 and promptly disbanded in 2011. What’s more, these organizations do not always support initiatives by national governments to protect the undersea cable system. Case in point, the North American Submarine Cable Association (NASCA) opposed the Canadian government grouping undersea cables together to reduce the odds of breakage.
To complicate coordination efforts further, whereas CISA can at least leverage the fact that private entities have volunteered to participate in some of its programs, such as the Critical Infrastructure Cyber Community, NASCA’s opposition to Canadian as well as American regulations suggests hesitancy among cable owners to cede any control to public entities.
Current International Laws Inadequately Protect the Undersea Cable System
Beyond stitching together a global set of private and public entities, attempts to protect the undersea cable system will have to sort through a complicated and outdated legal framework. Most countries look to the United Nations Convention on the Law of the Sea (UNCLOS) to assess the legality of ocean-based actions and policies. UNCLOS divides the ocean into a series of zones based on distance from the coast of the nearest nation. Zones closer to a nation’s coast feature few restrictions on that nation’s exercise of its sovereign authority. However, the farther a zone is from that coast, the less power a nation has to exert that authority.
This framework leaves significant gaps with respect to protecting the undersea cable system. In the high seas—the most distant zone—the authority of any one nation is diminished to such an extent that it is unclear what, if any, policies a single nation can unilaterally implement to protect undersea cables. And, to the extent that a nation does have the authority to enforce UNCLOS provisions in the high seas, the convention does not criminalize international theft of undersea cables in that zone—leaving nations without a legal basis to prevent and penalize such activity. It is true that Article 113 of UNCLOS provides criminal sanctions for those who willfully or with culpable negligence injure undersea cables, but nations can bring those sanctions only if they have passed national legislation implementing Article 113—and most, including the U.S., have not.
To the extent that other international agreements address attacks on cables, they also appear ill suited to confront modern threats to the undersea cable system. As summarized by Hinck, the 1884 Convention on the Protection of the Submarine Cables—which the U.S. incorporated into law—bans the intentional breaking of cables, but that ban does not apply in wartime. Subsequent international agreements, such as the 1958 Convention on the High Seas, failed to equip nations with any more authority to punish intentional breaks of undersea cables.
On the whole, these treaties render the undersea cable system “fragile” during peacetime and afford them “uncertain” protection during wartime, as James Kraska notes:
U.S. laws further complicate the legal web surrounding the undersea cable system but do not patch the holes in enforcement mechanisms. Coastal states, not the federal government, have authority over the three nautical miles of seabed off their respective coasts. However, within these zones, there are often pockets of federally protected areas, such as national marine sanctuaries. It follows that a comprehensive approach to protecting undersea cables connected to the U.S. will require extensive coordination among local, state, and federal entities as well as private entities.
Three Recommendations for the Biden Administration
Given the scale of the undersea cable system and the magnitude of harm that any disruption to that system can cause, it may seem natural to focus on international-scale reforms such as enforcing or amending UNCLOS to improve the security of undersea cables. However, even if the U.S. Senate ratified UNCLOS (which it has yet to do) and Congress adopted legislation implementing the UNCLOS articles pertaining to undersea cable protection, the U.S. lacks the means to effectively enforce those articles. There are simply too many cables along the U.S. coastline to create a threat of enforcement sufficient to deter nefarious actors—in contrast to countries like Australia, which relies on air and sea patrols to monitor geographically concentrated cable protection zones, cables in the U.S. are distributed up and down the coasts.
The most immediate and impactful steps the U.S. can take all involve working with private actors to change their practices regarding the laying and monitoring of undersea cables.
First, the U.S. should pass legislation requiring that all undersea cables that cross through federal seabed be “dark cables.” This idea, a favorite of Sunak, would result in only the private owners and public officials knowing the location of the undersea cable. By reducing the number of parties aware of the location of important cables, those cables will, in theory, face fewer threats of intentional sabotage.
Second, the U.S. should coordinate with the International Cable Protection Committee (ICPC), an organization of 190 members who own 98 percent of the world’s undersea communication cables (of which there are 36 U.S.-based organizations), to develop new standards for the laying of cables. Though garden-hose-sized cables may be the current norm, the new standard could include laying only dark cables and mandating better defenses of cable landing points—where cables make landfalls. The need to work within the ICPC emerges from the fact that a cable is only as strong as its weakest point, and U.S.-based laws and policies have limited jurisdictional reach. The administration should work with Congress to prioritize this sort of coordination.
Third, the U.S. needs to centralize the monitoring of undersea cables under one agency. Currently, the agency responsible for such monitoring depends on the legal status of the seabed in question—the result is messy and impractical. By way of example, the National Oceanic and Atmospheric Administration exercises authority over cables laid in national marine sanctuaries, whereas the Federal Energy Regulatory Commission has that authority with respect to cables laid on the continental shelf. Several other agencies, such as the Federal Communications Commission, also impact the nation’s undersea cable protection regime by issuing licenses for cables. According to a 2014 report issued by the Communications Security, Reliability, and Interoperability Council, “federal agencies generally fail to coordinate among themselves and with their state and local counterparts on even an ad hoc basis to ensure submarine cable protection[.]” If the U.S. ever wants private entities to feel comfortable sharing sensitive information regarding their undersea cables with the federal government, then it will need to show them that their information will be gathered and distributed in a way that makes it actionable. This will also entail improving information sharing between the federal government and state and local governments.
The transmission of renewable energy and the flow of internet communications hinge on protecting the undersea cable system. International and domestic laws provide insufficient means to deter interference with these cables and foster insufficient coordination among private and public entities. The Biden administration should act to protect the undersea cable system by working closely with private entities and organizations to develop new standards for cables that will make cables harder to detect and harder to break.