Between 95 and 99% of the world’s data traffic travels through submarine cables. An extensive network of more than 1.3 million kilometers, which travels across the seas and oceans, from shore to shore. According to TeleGeography, there are 650 of these infrastructures in operation or in the pipeline, mainly operated by private companies. Whether we can connect to the internet, back up our computer files, make a bank transaction with our cell phone or communicate with other people depends to a large extent on whether nothing happens to the submarine cables that cross the world from one coast to another.
In recent times, numerous incidents where the breakage of a cable leaves a territory without connectivity are proof that despite their critical nature. They are not always properly protected: in the Baltic Sea alone, between 2022 and July 2025, ten cases of submarine cable breakage were recorded, seven between November 2024 and January 2025. In most of these incidents, international governments interests were suspected to be behind them, with Chinese or Russian involvement. In a complicated geopolitical context, these types of events, in which there remains some doubt as to whether they are accidental or intentional, put the focus on the need to ensure protection. Both at the physical and cybersecurity levels.
The US think tank Atlantic Council identifies several trends that threaten the security of submarine cables. On the one hand, linked to the geostrategic issue, the presence of authoritarian governments are reshaping the internet’s physical layout through companies that control internet infrastructure, to route data more favorably, interrupting the provision of services or taking advantage of infrastructures for espionage. In addition, network management centers have moved from locations close to cable entry points to remote ones, which adds new levels of risk. Finally, with the rise of technologies such as cloud computing, 5G or IoT, the volume of data transmitted over these cables has increased, but also their sensitivity, as more and more sectors depend on these tools for their performance. Once again, these are added factors for which cybersecurity and security policies for these critical infrastructures need to be reviewed. In fact, the European Union is taking action, with a Cable Security Action Plan published in February 2025 that alludes not only to the physical challenges, but also to the need for cyber protection. But with the vast majority of cables in the hands of private companies, the approach they take is critical.
Dealing with the cybersecurity of submarine cables
In this new scenario, big technology companies are becoming major players thanks to their growing presence as a project developer: in a decade, Google, Meta, Amazon and Microsoft have gone from having 10% of international capacity to 71%. Asked how they address issues of infrastructure protection and cybersecurity, Google says they focus on the physical aspect. “Security is a key factor in all our infrastructure investments. Routes are deliberately chosen with many factors in mind, and methods such as shielding and cable burial are used to protect submarine cables.” Google says fishing boats and ship anchors as the greatest physical risk, and notes that “the best protection against these risks and any other physical damage is to build a network infrastructure that achieves resilience, in part, through multiple diverse network routes. Our philosophy is to create sufficient concurrent network paths at metropolitan, regional and global levels, along with a scalable software control plane, to support traffic redistribution and minimize network congestion. When physical damage occurs, redundant network paths can reroute traffic to minimize service disruption for customers and users.”
One of the Spanish companies most involved in this global network is Telxius, a subsidiary of Telefónica. The company stresses that “submarine cables are more than just infrastructure; they are the backbone of the global digital ecosystem. In a hyperconnected world, submarine cables are essential and are part of a broader digital ecosystem that goes beyond the coast to key data centers,” the company says. Regarding the physical protection of this type of critical infrastructure, the company points to a significant improvement in recent times. “Physical accessibility is limited, so redundancy and resilience are still essential to guarantee continuity in the event of accidental damage caused by fishing, anchoring or natural phenomena such as earthquakes or landslides which, in the absence of redundancy, could affect service continuity”. In terms of cybersecurity, there is a twofold perspective. On the one hand, “it guarantees diversity and redundancy in all our terrestrial and submarine routes, which allows us to maintain service continuity with high availability even in the event of outages”. They exemplify this with the case of its transatlantic route, where Telxius offers what they call redundant connectivity through its two state-of-the-art submarine cables: Marea and Dunant.
In addition, from the Telefónica subsidiary they talk about protecting the infrastructure through a comprehensive security model. “In terms of cybersecurity, Telxius adopts, for its IT systems, networks and devices, a multi-layered approach and leverages artificial intelligence and machine learning for real-time threat detection.” This comprehensive model would thus combine different elements including physical measures and cybersecurity in the mooring stations, periodic audits and continuous evaluation, continuity and disaster recovery plans, periodic testing and clear protocols for crisis action, training and awareness to reduce social engineering risks and the use of AI and machine learning for proactive detection and risk mitigation. “And all this from regulatory compliance in key areas: business continuity, information security, environmental management and energy efficiency,” they summarize. A necessary framework to ensure the continuity of an infrastructure on which much of modern life depends.
No Responses