The recent surge in maritime security is a direct response to a troubling increase in hostile activity targeting Critical Undersea Infrastructure (CUI). As reports confirm, "Over the past 2–3 years, Europe has experienced increasing threats to its undersea cables and pipelines."
The wake of incidents like the Nord Stream pipeline sabotage in September 2022 served as a stark wake-up call, exposing the immense vulnerability of these essential arteries. Countries from Europe and the U.S., Australia, Japan, and India (the Quad) are beefing up their maritime security efforts.
Beyond highly publicized events, there's a pattern of seemingly accidental yet suspicious damage. Chinese vessels, for instance, have been implicated in cutting communication cables in the Baltic Sea in late 2024. These actions often fall into a "grey zone," making attribution difficult and providing "plausible deniability" for hostile actors, including state-sponsored groups using "shadow fleets" of aging vessels.
The stakes are astronomically high. Disrupting a single subsea telecommunications cable can incur "more than 24 million euros per day" in costs, while damages to oil and gas pipelines can easily reach "tens of billions of euros" for repairs alone. This isn't just an economic threat; it's a direct challenge to national security, global communication, and energy stability.
Adding to the urgency is the "convergence of advances in robotics, sensors, materials, artificial intelligence, propulsion and energy systems, and autonomous systems," which has drastically increased the capabilities and reduced the cost of advanced drone technologies for both legitimate and nefarious purposes.
In response, nations are deploying cutting-edge technologies. The strategy involves a multi-layered approach:
-
Autonomous Underwater Vehicles (AUVs) and Uncrewed Surface Vessels (USVs): These drones are rapidly becoming the eyes and ears of maritime security. AUVs can cover vast distances for large-scale surveys, while smaller, portable ROVs (Remotely Operated Vehicles) can be quickly deployed to investigate anomalies and live-stream video from beneath the surface. Germany has deployed its "Blue Whale" stealth submarine drone in the Baltic Sea with NATO support, showcasing a tactical move against sabotage.
-
Integrated Sensor Networks: The goal is to create a "comprehensive sensor network." This integrates AUVs, USVs, ROVs with aerial drones, aircraft, and satellite data, forming a "seabed to space" surveillance capability. NATO's "Digital Ocean Vision" and initiatives like the "Seabed Security Experimentation Centre (SeaSEC)" in Europe are testing these combined capabilities for detecting underwater vehicles, classifying threats near pipelines, and identifying seabed anomalies.
-
Dedicated Vessels: The U.K., for example, has launched the RFA Proteus, a Multi-Role Ocean Surveillance Ship designed to repair cables and act as a mothership for UUVs.
- A commercially available remotely operated vehicle (ROV) has been adapted by the Defence Science and Technology Laboratory (Dstl) and industry partners to deal with sabotage threats and clear legacy unexploded ordnance. These present hazards to both vessels and divers deployed to deal with them.
"The adversarial space is increasing while the attack surface and the complexity of our critical systems have gone underwater. Modern threat models need to incorporate the reality that disruption can come in many forms including the cutting of a seabed communication cable, or the rupture of a pipeline," said Derek Fisher, Director of the Cyber Defense and Information Assurance Program, Temple University." Regardless of intent and attribution, these threats have real-world impacts on the bottom line of the organizations that depend on the stability of these underwater highways. Organizations that have these exposures need to ensure they have diverse routing, satellite failover, and onshore redundancy built into their operations as well as a hardened supply chain based on their supply chain risk assessment."
The intensified focus on maritime security presents both new challenges and critical responsibilities for cybersecurity professionals.
The very tools designed for protection—drones, surveillance systems, interconnected sensors—become new attack vectors. OT (Operational Technology) systems controlling vessels, pipelines, and energy terminals are increasingly intertwined with IT, creating complex, vulnerable interdependencies. As one expert noted, "The maritime industry's digital transformation has heightened the risk of cyberattacks."
Nation-state actors are leveraging advanced AI and large language models (LLMs) to craft highly adaptive phishing campaigns, generate sophisticated malware, and conduct targeted ransomware attacks. GPS spoofing and jamming are also significant concerns for navigation systems.
Cybersecurity teams will increasingly work with real-time data from diverse maritime sensors (radar, AIS, sonar). The ability to fuse this data and apply analytics to detect "AIS spoofing, hijacking, data manipulation," or "malware attacks against ECDIS" becomes paramount for early warning.
The sheer number of public and private entities involved in CUI (from manufacturers to operators and repair services) creates an expansive supply chain. A breach anywhere can have cascading effects. Cybersecurity professionals must push for better "cyber supply chain visibility and non-standardized C-SCRM practices."
International bodies like the IMO are tightening cybersecurity requirements, and regional entities like the EU are issuing recommendations for "more frequent risk assessments and stress tests on the cybersecurity and physical security of subsea cable systems." Staying abreast of and implementing these evolving standards is non-negotiable.
The problem is not solely up to militaries or governments to solve. Most CUI is built, owned, and operated by private companies, and they should be the first line of defense, some experts say. What is needed is unprecedented levels of information sharing and collaboration between private operators, government agencies, and military forces to bolster collective resilience.
The seabed is no longer just a vast, silent expanse; it's a vital digital frontier. For cybersecurity professionals, understanding its vulnerabilities, the emerging threats, and the technological responses is no longer optional. It's an urgent call to action to help secure the unseen infrastructure that powers our modern world.
For more insights on this topic, attend the SecureWorld Critical Infrastructure virtual conference on August 28, 2025. See the agenda and register here.
