How 99% of intercontinental data flows through infrastructure that can be cut with an anchor — and why Russia is mapping every meter of it
On November 17-18, 2024, the BCS East-West Interlink cable connecting Lithuania and Sweden, and the C-Lion1 fiber optic cable linking Finland and Germany, were both disrupted in the Baltic Sea. The near-simultaneous timing and geographic proximity of the two incidents prompted German officials to publicly call the event "sabotage."[1]
The cables in question carry data for millions of users across Northern Europe. Their disruption did not cause an internet blackout — redundant routing absorbed the load — but exposed a fundamental vulnerability: the physical infrastructure carrying 99% of intercontinental data traffic consists of fiber optic cables thinner than a garden hose, laid on the ocean floor with minimal physical protection.[2]
This was not an isolated incident. In October 2023, the Chinese-flagged vessel Yi Peng 3 dragged its anchor for over 100 miles across the Baltic seabed, severing undersea cables and the Balticconnector gas pipeline linking Finland and Estonia. On Christmas Day 2024, an electricity cable and four telecommunications cables between Finland and Estonia suffered simultaneous outages.[3]
The Russian research vessel Yantar is officially classified as an oceanographic survey ship. In practice, it is operated by GUGI — Russia's Main Directorate for Deep Sea Research — which reports directly to the Russian Defense Ministry.[4] The Yantar carries two deep-submergence vehicles capable of operating at depths exceeding 6,000 meters, well beyond the depth of any submarine cable.
Since at least 2015, the Yantar has been tracked operating in close proximity to submarine cable landing points and mid-ocean cable routes across the Atlantic, the Mediterranean, and — with increasing frequency since 2023 — the Baltic Sea. Satellite imagery analyzed by European intelligence services shows the vessel systematically following cable routes, stopping at junction points, and deploying its submersibles.[5]
In August 2021, Naval News reported the Yantar loitering near transatlantic internet cables off the coast of Ireland.[6] In November 2025, UK Defence Secretary John Healey publicly stated that the Yantar had entered British waters north of Scotland and was "designed for gathering intelligence and mapping out undersea cables."[4] A declassified photograph released in December 2025 showed a Royal Navy submarine surfacing to confront the Yantar — an unusual escalation indicating the seriousness with which NATO views the mapping operations.[7]
The mapping itself is the weapon. Precise knowledge of cable routes, burial depths, repair ship locations, and junction points would enable targeted severing operations during a conflict — degrading an adversary's communications at the physical layer, below the reach of any firewall or encryption. The intelligence gathered by Yantar is assessed to have a shelf life measured in decades.[5]
The 2023 and 2024 Baltic incidents involved Chinese-flagged vessels, prompting analysis from the Jamestown Foundation and others suggesting increasing Russian-Chinese cooperation on hybrid infrastructure attacks.[8] The use of Chinese commercial vessels provides plausible deniability — anchor-dragging incidents are common maritime occurrences — while achieving the strategic objective of testing Western detection and response capabilities.
The global submarine cable network spans approximately 1.4 million kilometers. Most cables are buried in sediment near shore but lie exposed on the ocean floor in deep water. Monitoring this entire network in real time is physically and financially impossible. NATO's 2024 assessment acknowledged that "harsh maritime conditions offer some coincidental protection" at depth, but cables in shallower seas — particularly the Baltic — are readily accessible.[9]
Submarine cables in international waters are protected under the 1884 Convention for the Protection of Submarine Telegraph Cables and the 1982 UN Convention on the Law of the Sea. However, enforcement mechanisms are minimal. Anchor-dragging by a commercial vessel is not clearly an act of war, even when the pattern of incidents strongly suggests coordination. This legal ambiguity is precisely the space hybrid warfare operates in.[10]
Fewer than 80 cable repair ships operate worldwide. Repair operations typically take one to three weeks and require precise positioning over the damaged cable in often challenging sea conditions. A coordinated multi-cable attack during a geopolitical crisis could overwhelm repair capacity, creating sustained communications degradation — a scenario NATO has explicitly war-gamed since 2024.[9]
The submarine cable threat exists across the full spectrum of conflict, from peacetime intelligence preparation to wartime infrastructure destruction.
Simultaneous severing of 3+ cables in a single region during a geopolitical crisis. Would overwhelm repair capacity, degrade financial markets, military communications, and civilian internet for weeks. Probable attribution but below Article 5 threshold if executed with commercial vessel cover.
Systematic mapping of cable routes, burial depths, repair infrastructure, and junction points by GUGI vessels. Currently assessed as active and continuous. Provides targeting data for future operations and creates deterrent uncertainty — the adversary knows you know where the cables are.
Physical interception of undersea cable signals using deep-submergence vehicles. Historical precedent: Operation Ivy Bells (US tapping of Soviet undersea cables in the Sea of Okhotsk, 1971-1981). Yantar's submersibles have the assessed capability for cable access at operational depths.
Individual cable disruptions disguised as maritime accidents. Multiple Baltic incidents since 2022 are consistent with this pattern. Objectives: test Western detection capability, response times, and political escalation thresholds.
In January 2025, following the string of Baltic cable disruptions, NATO launched Operation Baltic Sentry — a dedicated naval patrol mission to protect critical undersea infrastructure in the Baltic Sea. Nordic and Baltic states signed joint cooperation agreements on cable security, and the EU designated submarine cables as critical infrastructure requiring enhanced protection.[10]
Whether these measures are sufficient remains an open assessment. The Atlantic Council's 2025 analysis noted that patrolling the Baltic is feasible due to its relatively small size, but the approach does not scale to the Atlantic or Pacific. The fundamental asymmetry persists: the attacker needs to find one cable in one location; the defender must protect all cables everywhere, continuously.[10]
The deeper strategic question is whether submarine cable vulnerability will drive a diversification toward satellite-based internet backbone (e.g., Starlink, Project Kuiper) — effectively creating a redundancy layer that reduces the leverage of cable disruption. This transition, if it occurs, would reshape the entire topology of global communications infrastructure and the threat models built around it.
Cyber warfare discourse fixates on software vulnerabilities, zero-day exploits, and network intrusions. Submarine cable operations target the physical layer beneath all of it — the actual glass fibers carrying the data. No encryption, firewall, or intrusion detection system protects against a ship's anchor dragged across the ocean floor.
Russia's systematic cable mapping campaign, combined with the demonstrated willingness to conduct or enable hybrid attacks on Baltic infrastructure, represents an active and evolving threat to Western communications resilience. The intelligence preparation is assessed to be largely complete for the Baltic Sea and advancing in the North Atlantic.
The pattern of Baltic incidents from 2022 through 2025 — Nord Stream, Balticconnector, C-Lion1, BCS East-West, Finland-Estonia links — represents the most sustained campaign of hybrid infrastructure attacks in modern history. Each incident tested a different vector, response time, and attribution pathway. Together, they constitute a playbook for communications disruption that could be executed at scale during a future crisis.
The attacker needs to find one cable in one location. The defender must protect all cables everywhere, continuously.