Back to Insights
From security to economy: the importance of Critical Undersea Infrastructure
A brief analysis on the risks and strategies for IT cables, pipelines, and the security of the underwater domain.
Alongside Ukraine and Gaza, the most significant international hotspot in the first half of 2024 was undoubtedly the Red Sea. Here, the attacks of the Houthi against cargoes demonstrated how non-state actors with limited resources can cause significant damage to global trade and pose a serious threat even to countries far away from the theatre of operations. In particular, the assaults by the Yemeni terrorist organization have also had the effect of highlighting the strategic nature of critical undersea infrastructure and the risks to which the latter are exposed – as displayed by the damage to the communication cables between Asia and Europe at the end of February.
The term Critical Undersea Infrastructure (CUIs) refers to pipelines used to transport oil, gas and hydrogen, and cables used for electricity, communications, and IT data. To understand their importance, consider that two-thirds of the world’s gas and oil passes through pipelines, whose global investment is expected to reach $210 billion over the next five years. Talking about cables, instead, currently around $10 trillion of transactions and 90 per cent of the world’s data traffic depend every day on these undersea infrastructure.
However, despite their critical importance, pipelines and cables are exposed to a wide range of risks, given that in addition to natural or man-made disasters, they can also be subject to both physical and cyber-attacks.
First of all, the depth at which CUIs are located has historically prevented an adequate knowledge of the underwater domain. In fact, it is estimated that only 20 per cent of the seabed has been thoroughly explored and just 2 per cent with modern technologies and studies – an even slighter level of knowledge to that of outer space. Moreover, the great depths make it difficult to monitor infrastructure and attribute attacks, also considering the different physical laws vis-à-vis the surface.
Both pipelines and cables are installed taking into account global geography and the characteristics of the seabed, which is often marked by depressions, underwater mountains or active volcanoes that could potentially damage CUIs or prevent their proper use. As a result, there is a high concentration of underwater infrastructure nearby maritime chokepoints, as well as hubs which serve as the main point of departure and arrival of pipelines and cables.
The necessity for submarine infrastructure to be positioned according to geography and maritime morphology also means that the area affected by the passage often coincides with highly unstable theatres, such as the Red Sea. In such areas, pipelines and cables are particularly vulnerable, with possible consequences for all countries and private actors involved. Even greater damage can occur in the case of islands, which, unable to rely on alternative land connections, risk having all kinds of energy supplies or IT services blocked – functions that can be supplemented with stocks and power plants on site in the first case, and with satellites in the second, but without being able to achieve total replacement.
In the specific case of pipelines, damage could also cause serious harm to the maritime environment. Consider what happened in the Baltic in September 2022, where the North Stream pipeline – responsible for transporting gas from Russia to the European Union – was allegedly intentionally destroyed. According to recent studies, the conspicuous gas spill not only had significant economic and political implications, but also caused severe damage to the surrounding maritime ecosystem. With particular reference to computer cables, it is possible that submarine espionage actions are undertaken to get hold of sensitive data passing through this infrastructure. In the event that cables are manufactured by non-Western companies, there is also the risk that backdoors are inserted during the construction, stealing information or compromising the very functioning of data transmission.
As far as strategies to mitigate the aforementioned risks are concerned, there are several areas that need to be mentioned. First of all, with respect to the more strictly military profile, recent years have witnessed a proliferation of documents, initiatives and activities aimed at strengthening Underwater Domain Awareness – i.e. knowledge of the underwater domain with better mapping and monitoring and with the development of specific studies and strategies on the subject. For instance, in some countries, such as France, the concept of Seabed Warfare has been formulated, meaning warfare on submarine terrain – a segment, this one, even more specific to the macro-theme of underwater.
In addition to organising an ever-increasing number of military exercises focused primarily on the protection of the underwater domain, EU member states and NATO have set up centres to study and monitor CUIs. Mention should be made here of the creation in 2023 of the NATO-EU Joint Task Force on Critical Infrastructure Resilience and the publication of the EU Maritime Security Strategy, in which the underwater component plays a key role. Following the NATO summit in Vilnius, the Maritime Centre for the Security of Critical Undersea Infrastructure was also created within the Alliance’s Maritime Command (MARCOM).
The security of critical undersea infrastructure, however, does not only concern the military component. Especially with respect to the mitigation of risks arising from hybrid warfare tactics, civil authorities and private stakeholders in NATO countries have also paid increased attention to the protection of underwater pipelines and cables. Crucial points in this regard are the upgrading and strengthening of the resilience of each individual infrastructure – to be understood as a reduction of time between interruption and resumption of service in the event of an attack – and the diversification of routes, so as to multiply the number of available infrastructures and minimize dependence on a single source.
In order to ensure all-encompassing protection from risks for critical underwater infrastructures, it is therefore essential to acquire greater knowledge and stricter regulation on the underwater domain. Similarly, it is necessary to constantly update infrastructures and ensure more efficient coordination between military authorities, civilian public actors and private stakeholders.
In a region such as the Mediterranean, these activities are even more important to guarantee essential services to citizens and businesses, which see IT data and energy as the two cornerstones of the system.
