A Deep Dive into Undersea Cable Sabotage

A Border Cyber Group long-read on the campaign against the world's subsea infrastructure — from the North Atlantic to the Taiwan Strait, the Baltic, the Red Sea, and the waters around Australia.

Beneath the world's oceans runs a lattice of roughly 1.5 million kilometres of fibre-optic cable — about 570 individual systems carrying somewhere between 95% and 99% of all intercontinental data traffic. Not "most" of the internet. Effectively all of it. The satellite constellations people imagine doing the heavy lifting handle only a sliver. When NATO Secretary-General Mark Rutte announced a new protection mission in January 2025, he put a figure on the stakes: more than 95% of internet traffic moves through these cables, underwriting an estimated $10 trillion in financial transactions every single day.

For most of the cable era this was a quiet engineering story. Cables broke — they break constantly — but almost always by accident: a fishing trawler, a dragged anchor, an undersea landslide. The European Subsea Cables Association estimates that, on average, a submarine cable is damaged somewhere in the world every three days. Industry data puts the annual total at roughly 100 to 200 faults, with anchors and fishing gear responsible for around 70% of them.

That statistical fog of routine accidents is precisely what makes the current moment so dangerous. Over the past two years, a pattern of incidents — in the Baltic, around Taiwan, in the Red Sea, and now in the North Atlantic — has emerged that looks less like bad luck and more like a campaign. And the single hardest problem in the entire field is this: when the normal background rate of accidental damage is this high, how do you ever prove an act was deliberate? That ambiguity isn't a side effect of the threat. It's the weapon.

This is a deep dive into what is actually known, theatre by theatre, plus the technical and legal realities that govern how nations can — and largely cannot — respond.

The North Atlantic — Russia's deep-sea surveying fleet

The development that should worry people most is the most recent, because it is the most strategic, the most deliberate, and the least deniable.

The April 2026 operation

On 9 April 2026, UK Defence Secretary John Healey stood up at a Downing Street news conference and did something governments rarely do: he publicly exposed an ongoing Russian undersea operation while it was still underway. He revealed that the UK — working with Norway and other allies — had spent more than a month tracking three Russian submarines operating covertly in the North Atlantic, north of the UK, directly over critical undersea cables and pipelines.

The composition of that flotilla is the tell. It was not a random patrol. It comprised:

  • One Akula-class nuclear-powered attack submarine, which Healey characterised as "a likely decoy to distract" from the other two vessels.
  • Two specialist deep-diving units from GUGI — the Glavnoye Upravleniye Glubokovodnykh Issledovaniy, Russia's Main Directorate of Deep-Sea Research.

Healey's description of the GUGI units was blunt: they are "designed to survey underwater infrastructure during peacetime and sabotage it in conflict." British and allied forces — using maritime patrol aircraft, surface ships, and airborne anti-submarine assets, with Norwegian support — maintained continuous, uninterrupted surveillance. The message Healey delivered was deliberately performative: "Our armed forces left them in no doubt that they were being monitored, that their movements were not covert, as President Putin planned, and that their attempted secret operation had been exposed." The Russian units retreated north to their bases having, in the MoD's phrasing, "failed to complete their operation in secrecy." Post-operation verification found no physical damage to any cable or pipeline.

Healey also pointedly noted the timing: the operation coincided with the international community's attention being fixed on a war in the Middle East (a conflict with Iran). The UK assessment was that Russia deliberately chose a moment of maximum distraction to ramp up activity against European infrastructure. As Healey put it, while many eyes were on the Middle East, British forces were "simultaneously responding to rising Russian threats north of the UK."

Who and what is GUGI?

This is the part that elevates the North Atlantic story above the anchor-dragging incidents elsewhere. GUGI is not a fishing fleet that might plausibly snag a cable by accident. It is an elite, secretive branch of the Russian armed forces — reportedly overseeing around 50 specialised vessels — purpose-built for deep-water operations: seabed mapping, infrastructure surveying, and, by Western assessment, sabotage.

Its flagship asset is the Yantar, a vessel that has become a recurring character in this story. Officially an "oceanographic research ship," Yantar is equipped with submersibles and robotic arms — the kind of toolset that can tap, cut, or disrupt fibre-optic and energy lines on the seabed. The UK Ministry of Defence has stated plainly that GUGI units can survey subsea infrastructure and, if required, damage cables using equipment carried onboard.

Yantar's recent movements read like a survey of NATO's nervous system. Over the preceding year it was reportedly tracked passing Norway, transiting the English Channel, the Irish Sea, and the Mediterranean, heading toward the Suez Canal, and — most tellingly — loitering over undersea cables near Svalbard and in the Irish Sea. In November 2025, after Yantar sailed close to British waters, Healey delivered a direct, almost cinematic warning aimed at Moscow: "We see you. We know what you're doing. If the Yantar travels south this week, we are ready." He stated explicitly that the vessel was being used for gathering intelligence and mapping the UK's critical underwater infrastructure.

A former UK naval attaché to Russia, quoted in the Financial Times, observed that Moscow has invested enormous time, money, and effort in mapping NATO's seabed infrastructure. John Hardie of the Foundation for Defense of Democracies noted that GUGI vessels have "long engaged in suspicious activity near undersea cables."

Russia's denial

Predictably, Moscow rejected the account. The Russian Embassy in London dismissed Healey's claims as neither credible nor verifiable, asserting that Russia does not threaten infrastructure critical to Britain — and, in a pointed bit of counter-messaging, claimed responsibility for the Nord Stream pipeline sabotage rested with Western countries.

Why this is the most concerning thread

Three reasons:

  1. Intent is unambiguous. Unlike a cargo ship "accidentally" dragging an anchor, there is no innocent explanation for a deep-sea research directorate's purpose-built submersibles loitering over transatlantic cables. The surveying is the threat — it is the reconnaissance phase that makes a future, deniable cut possible at the moment of Russia's choosing.
  2. It is sustained and resourced. A month-long, multi-vessel, multi-domain operation is a strategic commitment, not opportunism.
  3. It maps a wartime capability. The peacetime survey establishes exactly where to strike "in conflict" — which is the explicit framing Western defence officials now use.

The UK/Norway response has been to stand up persistent monitoring: in December 2025 the two announced joint naval patrols with a fleet of at least 13 warships protecting North Atlantic infrastructure, building on an AI-driven tracking system (see Nordic Warden, below) first activated in early 2025.

The Baltic Sea — a two-year string of "accidents"

If the North Atlantic is the strategic-reconnaissance theatre, the Baltic is the proving ground for plausible deniability. Since Russia's full-scale invasion of Ukraine in February 2022, the relatively shallow, nearly landlocked Baltic — stitched together with power cables, telecom links, and gas pipelines connecting nine littoral states — has seen an extraordinary concentration of infrastructure damage. By late January 2025, at least 11 Baltic cables had been damaged since October 2023.

The key incidents

October 2023 — Balticconnector. The Chinese-flagged container ship Newnew Polar Bear dragged its anchor across the seabed, damaging the Balticconnector gas pipeline and telecom cables between Finland and Estonia. This was, in retrospect, the template for everything that followed: a commercial vessel, an anchor, a trail on the seabed, and an owner claiming accident.

November 2024 — the near-simultaneous double cut. Two cables were severed within roughly a day of each other: the BCS East-West Interlink connecting Lithuania and Sweden, and the C-Lion1 cable linking Finland and Germany. The near-simultaneity and proximity triggered immediate accusations of hybrid warfare and sabotage from European officials. Scrutiny fell on the Chinese bulk carrier Yi Peng 3, which had been near both cables at the relevant times. To date, the damage has not been conclusively attributed to any party — a recurring and frustrating refrain.

Christmas Day 2024 — the Eagle S. This is the most legally significant case. The tanker Eagle S — UAE-based owner, widely linked to the Russian "shadow fleet" — dragged its anchor for nearly 100 kilometres across the seabed, severing the Estlink 2 power interconnector and several telecom cables between Finland and Estonia. Finnish authorities did something unusually aggressive: they interdicted the vessel, escorted it into Finnish waters, and seized it. Finnish police later said they found drag marks on the seabed consistent with the Eagle S causing the damage. Critically, Finnish authorities reasoned they had little choice but to detain the ship in their exclusive economic zone, because not doing so risked even more cable damage.

The Eagle S case became the test of whether the legal system could actually punish this behaviour. The answer, ultimately, was sobering: in October 2025, a Finnish court dismissed the case against the Eagle S captain and crew, ruling that prosecutors had failed to prove intent and that the incident fell outside Finnish jurisdiction. The single most promising sabotage prosecution collapsed on the twin rocks of intent and jurisdiction — a preview of Part 5.

January 2025 — the cluster. The pace intensified. A cable linking Sventoji (Lithuania) and Liepāja (Latvia) was damaged on 2 January; Latvian police boarded a docked ship and opened criminal proceedings, but by 5 January said they had found no evidence linking the vessel to the damage. Then on 26 January, a fibre-optic cable connecting Latvia and the Swedish island of Gotland ruptured. Sweden seized and boarded the Malta-flagged bulk carrier Vezhen on suspicion of "gross sabotage." The Bulgarian owner (Navigation Maritime Bulgare) said the anchor had dropped in high winds and may have struck the cable, but denied sabotage. A Swedish prosecutor later ruled the breach accidental and released the vessel.

December 2025 — the Fitburg. The pattern continued into the most recent winter: Finnish police seized the vessel Fitburg, en route from Russia to Israel, on suspicion of sabotaging an Elisa telecom cable across the Gulf of Finland to Estonia by dragging its anchor.

The crucial complication: maybe it really is accidents

Here honesty demands a hard caveat, because the intelligence picture is genuinely contested. In early 2025, US and European security officials told the Washington Post and the AP that the emerging consensus among Western services was that many of the Baltic incidents were probably maritime accidents, not Russian sabotage. One senior intelligence official cited ships' logs and mechanical anchor failures as "multiple indications" pointing away from deliberate Russian action — and noted that Russian-owned cables had also been severed. Another official said Russia had even dispatched an intelligence vessel to one rupture site to investigate the damage, behaviour hard to square with authorship.

This is the central epistemological trap of the whole subject. A shadow-fleet tanker crewed by an underpaid, poorly-trained crew, operating an ageing vessel with a dodgy windlass in a storm, will sometimes drag an anchor across a cable by genuine accident. The Baltic is shallow, congested (several thousand commercial vessels transit at any moment), and dense with cables. Some real fraction of these incidents is almost certainly accidental. The strategic question is whether an adversary can exploit that background rate — quietly encouraging or directing "accidents" that are individually deniable but collectively a campaign. That is the definition of gray-zone warfare, and it is designed to be unfalsifiable.

NATO's response: Baltic Sentry and Nordic Warden

The alliance has not waited for legal certainty. In January 2025, NATO Secretary-General Rutte — co-hosting a Summit of Baltic Sea Allies with Finland's President Stubb and Estonia's PM Michal — launched Baltic Sentry, a multi-domain vigilance mission under NATO's Supreme Allied Commander, deploying frigates, maritime patrol aircraft, and naval drones across the Baltic.

Running alongside it is Nordic Warden, activated by the UK-led Joint Expeditionary Force (JEF) in early January 2025. Nordic Warden harnesses AI to fuse data from multiple sources — including the Automatic Identification System (AIS) that ships broadcast — to calculate the risk posed by each vessel entering areas of interest, with a particular focus on tracking the Russian shadow fleet. It has since been integrated into NATO's Combined Task Force Baltic.

The Taiwan Strait — gray-zone warfare as state policy

The theatre nearest to Australia's strategic environment, and arguably the one where intent is least deniable, is the waters around Taiwan. Here the pattern is so consistent that the "unlucky ship" explanation has worn through.

The incident record

  • February 2023 — Matsu. Two cables connecting Taiwan's main island to the outlying Matsu Islands were severed within days, cutting roughly 14,000 residents off from normal internet service for weeks. Taiwan blamed two Chinese vessels but stopped short of calling it deliberate.
  • January 2025 — the Shunxin 39. A Chinese-linked vessel (the Shunxin 39, also rendered Xing Shun 39) allegedly damaged the Trans-Pacific Express (TPE) cable north of Taipei.
  • February 2025 — the Hong Tai 58. This is the one Taiwan came closest to calling sabotage outright. The Togo-flagged, Chinese-crewed Hong Tai 58 (also Hong Tai 168) had been loitering within ~925 metres of the Taiwan–Penghu No. 3 cable since 22 February. Taiwan's coast guard repeatedly hailed the vessel, which did not respond. Shortly after it dropped anchor in the early hours of 25 February, Chunghwa Telecom detected the cable had been cut. The coast guard intercepted and boarded the ship, detained all eight Chinese crew, and escorted it to Tainan. The captain (surnamed Wang) was remanded in custody by a Tainan court on flight, collusion, and evidence-tampering grounds.

By March 2025, Taiwan had logged five cable malfunctions in that year alone, against three each in 2023 and 2024. Across 2023 to late 2025, there were at least 11 subsea cable breakdowns around Taiwan — though, in keeping with the pattern everywhere, some were later attributed to genuine accidents or ageing equipment.

The dueling narratives

Taipei classifies these as "gray zone" activity — covert, ambiguous, low-intensity tactics designed to achieve strategic objectives without crossing the threshold into open war. It places cable damage in the same toolkit as military aircraft incursions, cyberattacks, economic coercion, and election interference. Taiwan's coast guard also intercepted Chinese research vessels allegedly gathering seabed data — the same survey-then-strike logic visible in the Yantar's Atlantic loitering.

Beijing's response runs on two tracks. The Chinese Foreign Ministry plays dumb — spokesperson Lin Jian said he was "not aware of the situation" and that it was "not a diplomatic issue." Meanwhile, in December 2025, a Chinese public-security probe in Shandong offered a counter-narrative: it claimed the Hong Tai 58 was actually being run by two Taiwanese nationals as part of a long-running frozen-goods smuggling operation, and accused Taipei of "cross-border repression and political manipulation."

Taiwan's strategic posture has hardened in response. In March 2025 its Defense Minister announced new Navy–Coast Guard cooperation, reframing cable protection from a "bureaucratic afterthought" into a national defence priority — the same institutional shift now happening in Canberra, London, and Brussels.

The Red Sea — cables as collateral in a shooting war

The Red Sea presents a different flavour of threat: not patient survey-and-sabotage, but cables caught in the blast radius of an active maritime conflict, in one of the most cable-dense chokepoints on earth.

The geography is the vulnerability. The narrow Bab-el-Mandeb strait funnels a huge share of Europe–Asia data through a tiny corridor, creating concentrated single points of failure where localised damage cascades across multiple systems.

February 2024 — the Rubymar. The clearest case of conflict-driven damage. The UK-owned cargo ship Rubymar was struck by a Houthi anti-ship missile, and as it drifted — abandoned, taking on water, anchor deployed — it dragged across and damaged three major cable systems: AAE-1 (Asia-Africa-Europe 1), EIG (Europe India Gateway), and SEACOM. The result disrupted an estimated 25% of internet traffic between Asia, Europe, and the Middle East. Note the mechanism: the Houthis didn't cut the cables directly: they sank a ship whose anchor did the cutting. Deniability built in.

September 2025 — the second wave. Fresh cuts in the Red Sea degraded internet service across Saudi Arabia, Pakistan, the UAE, and India, with NetBlocks recording slow speeds and intermittent access. Microsoft warned that the Middle East might see increased latency due to the fibre cuts. One affected system was SEA-ME-WE 4 (South East Asia–Middle East–Western Europe 4), partly operated by a consortium including Tata Communications. The Houthis' al-Masirah channel acknowledged the cuts had occurred (citing NetBlocks) but, consistent with their posture since early 2024, denied responsibility. Yemen's internationally recognised government-in-exile took the opposite view, with its information minister arguing the cuts could not be separated from the Houthi campaign.

The Red Sea underscores a point relevant everywhere: in a contested chokepoint, you don't even need a dedicated sabotage program. A war, some missiles, drifting ships, and dense cable concentration produce strategic-scale disruption as a by-product.

The broader picture from threat-intelligence researchers: between 2024 and mid-2025, Recorded Future's Insikt Group documented 44 cable-damage events across 32 locations worldwide — a tempo that, whatever the mix of accident and intent, is straining a system never designed for an adversarial environment.

Here is the uncomfortable core of the whole problem: even when a state is certain a cable was deliberately cut, the international legal framework gives it remarkably little power to do anything about it.

A 19th-century treaty doing 21st-century work

The foundational instrument is the 1884 Convention for the Protection of Submarine Telegraph Cables (the Paris Convention). It makes it "a punishable offense to break or injure a submarine cable, willfully or by culpable negligence." But it has three crippling limitations:

  1. It applies, by its own text, to telegraph cables — a category that predates fibre optics by a century.
  2. It has only 36 states parties, and there's no clear evidence its rules have hardened into binding customary international law.
  3. Its enforcement is reactive: under the 1884 regime, the cable owner must wait until the damage is done before sanctions trigger. The most common penalty in national legislation derived from it is a modest monetary fine — woefully inadequate against a state actor.

UNCLOS: better, but full of holes

The 1982 UN Convention on the Law of the Sea (UNCLOS) is the modern "Constitution of the Oceans" and improves matters — it extends protections to all cables regardless of use, and (unlike 1884) allows sanctioning of conduct likely to cause damage, not just completed damage. But the gaps are severe:

  • Article 113 merely obliges states to pass laws criminalising intentional cable damage on the high seas and in their EEZs. Many states parties have never actually implemented this obligation; those that have often did so via outdated 1884-era legislation with trivial penalties.
  • Crucially, Article 113 gives warships no right to board or arrest a vessel suspected of intentionally cutting a cable. Outside the 12-nautical-mile territorial sea — in the EEZ and on the high seas — the freedom of navigation is jealously protected, and states have consistently opposed any general right to board foreign-flagged ships without flag-state consent, even for serious crimes.
  • On the high seas, a single nation's authority is so diminished that it's unclear what, if anything, it can unilaterally do to protect a cable.

This is why the Eagle S prosecution collapsed and the Vezhen was released. Even with seabed drag marks and a 100-km gouge, prosecutors couldn't clear the bars of proving intent and establishing jurisdiction over a foreign vessel in international-ish waters.

The workarounds states are improvising

Lacking good law, states have started reaching for creative tools:

  • The "stateless vessel" gambit. Article 110 of UNCLOS does permit warships to board ships without nationality. In 2025, Estonia and France boarded and inspected the tanker Kiwala (later renamed Boracay), a suspected Russian shadow-fleet vessel, treating it as stateless because of unclear flag registration. Since a large and growing number of shadow-fleet tankers carry murky or fraudulent registration, this provides a narrow but real legal handle to interdict suspect ships.
  • Reframing sabotage as piracy. Some legal scholars argue attacks on cables could be squeezed into UNCLOS's piracy provisions, which carry universal jurisdiction — though this is a contested, untested stretch.
  • Cable protection zones. Coastal states can designate zones with anchoring and fishing restrictions (Australia's regime, below, is a leading example), though their legality in the EEZ can be challenged.
  • Proposed reforms. A UN Security Council resolution (vulnerable to veto), a new treaty (slow, politically fraught), or expanded EEZ enforcement powers and universal jurisdiction for intentional sabotage. None is close to reality.

The blunt summary: the law was written for an age of accidental cable breaks and good-faith shipping. It is structurally unequipped for an age of deniable, state-directed gray-zone sabotage by shadow fleets.

The technical reality — how cables are cut, found, and fixed

Understanding why sabotage is so attractive and attribution so hard requires understanding the physical engineering.

Where and how cables are vulnerable

A cable's threat profile depends almost entirely on depth:

  • Shallow water (under ~200 m): This is where ~70% of all cable casualties occur, because this is where human activity concentrates — fishing trawlers and ship anchors. To mitigate, installers bury cables up to three metres deep using remotely-operated plows towed by cable ships, and wrap them in steel armouring.
  • Deep water (beyond ~1 km): Once it's too deep to anchor, fish, or easily sabotage, the main threats become natural — undersea landslides, seismic events, volcanic activity, and even powerful deep-sea currents strong enough to drag cables across rocks or wrecks.

The dominant sabotage method is brutally low-tech: dragging a ship's anchor. It requires no special equipment, leaves a plausible "we hit weather / had a windlass failure" excuse, and is indistinguishable on the seabed from a genuine accident. The Eagle S dragged its anchor ~100 km; the Channel Islands cables to Jersey have twice been cut by anchor drags. This is the saboteur's perfect tool precisely because it mimics the most common accident.

A more sophisticated actor — a GUGI submersible with robotic arms, for instance — can do worse: tap a cable for intelligence, or cut it surgically in deep water where no fishing or anchoring excuse exists and where, conveniently, almost no surveillance can observe the act.

How a break is located

Cables come ashore at multiple landing stations, each monitored 24/7 by network-management software. When a fault hits (signal loss, latency spike), operators first isolate the affected segment between landings. Then, for precise location:

  • Optical methods: A light pulse is sent down the fibre; broken fibres reflect it back, and the round-trip time pinpoints the break.
  • Spread-spectrum time-domain reflectometry (SS-TDR): Originally developed to find faults in aircraft wiring, SS-TDR sends low-power modulated pseudo-noise signals down even a live, high-voltage cable, analysing reflections to locate a fault within metres without disrupting service — a key advantage over traditional reflectometry, which can't safely be used on energised power conductors.

How a cable is repaired — and why it's slow

This is the strategic vulnerability. Repair depends on a tiny, ageing global fleet of roughly 60 specialised cable ships. Less than 10% of them are under 18 years old; one is reportedly 52. These vessels sit on 24-hour standby with spare cable, splicing gear, and dynamic-positioning thrusters — but there aren't many, and they're often far from where they're needed.

The repair sequence:

  1. Mobilise. A ship transits to the site — which can take days or weeks depending on distance and queue. A January 2025 fault near Taiwan saw a repair vessel arrive weeks later.
  2. Grapple. In deep water, the ship deploys a grapnel — a heavy multi-pronged hook on a winch — and drags it along the seabed (sometimes for miles) to snag and cut the cable, bringing the loose ends up. (Ironically, the repair process itself begins by cutting the cable.) In buried shallow-water sections, an ROV or mass-flow-excavation tool uses high-pressure water jets to unearth the cable first; ROVs can't operate at the greatest depths due to pressure.
  3. Splice. The hooked cable is winched aboard over a stern chute under up to 10 tons of tension. Because there's never enough slack to simply cut out the damaged section and rejoin, fresh cable must be spliced in. Technicians do this in climate-controlled onboard workshops — a data-cable splice can take up to ~16 hours.
  4. Relay. The repaired cable is paid back out over the stern and lowered to the seabed in a slack "omega" or hairpin loop to accommodate the added length.

The takeaway for an adversary: cutting is cheap, fast, and deniable; repair is expensive, slow, and dependent on a scarce, geriatric global fleet. The asymmetry is enormous — and it's worst for geographically remote, repair-vessel-distant nations. Which brings us home.

Australia — exposed, alarmed, and under-prepared

Australia has not (yet) suffered a confirmed act of cable sabotage. Its notable incidents have been accidental or legally ambiguous. But its strategic anxiety is real, rising fast, and well-founded — because Australia combines extreme dependence on subsea cables with some of the worst structural vulnerabilities in the developed world.

Australia's actual incident record

  • 2021 — the Australia Singapore Cable. The closest thing to a deliberate-damage case. The master of a container ship was charged with damaging the cable about 10 km off Perth, causing $1.5 million in damage — allegedly the ship dragged its anchor through the area in high winds, snagging the cable 20 m below the surface. The prosecution did not proceed, and to date it's believed there have been no successful prosecutions under Australia's cable-protection laws — a local echo of the global enforcement gap.
  • 2022 — the Tasmania double outage. The most consequential disruption, and almost certainly accidental: Tasmania's two main subsea cables were both severed within hours of each other. The result was widespread outages affecting flight schedules, ATMs, and payment systems, even forcing some businesses to close. It remains the canonical demonstration of how a two-cable redundancy can fail catastrophically and near-simultaneously.

Why Australia is uniquely vulnerable

Dependence. Undersea cables carry roughly 95% of Australia's international data. The country's Chief of Navy, Vice Admiral Mark Hammond, recently described seabed cables as "our lifelines," warning that their loss would pose "an existential threat to our island and to our people." That is not hyperbole for an island continent at the far end of long cable routes.

Repair distance. Recall the global repair fleet of ~60 ageing ships and the handful of repair facilities worldwide. A map of those facilities shows them clustered far from Australia. A vessel responding to a cut on Australia's approaches could take days or weeks to arrive — a far worse position than the cable-dense, repair-vessel-rich North Atlantic or East Asia.

No sovereign repair capability. This is the quiet scandal. Australia's submarine cables are privately owned and operated, with commercial operators handling repairs under contract. In peacetime this works — there's enough redundancy to absorb delays. But the Australian government has no mechanism to task a repair ship if a cable were cut in a crisis. As analysts at the Lowy Institute and Australian Naval Institute put it: until now, it has never needed one. Meanwhile the commercial repair sector is under strain, with specialised vessels and their expert crews ageing faster than they're being replaced. The government has created a "maritime strategic fleet" for moving critical cargo in a crisis — but pointedly made no provision for cable repair.

Rising military salience. The strategic stakes are climbing. Google is laying new submarine cables along Australia's northern and western approaches, linking to a planned Google AI data centre on Christmas Island (likely building on an existing cloud deal with the Australian Department of Defence) and connecting to HMAS Stirling near Perth — the base that will host AUKUS partners and nuclear-powered submarines. As subsea cables become wired into AUKUS and nuclear-submarine basing, they shift from commercial assets to first-order national-security targets.

Australia's legal regime — a relative bright spot

One area where Australia leads is its cable-protection-zone framework. The Australian Communications and Media Authority (ACMA) can declare protection zones with anchoring and fishing restrictions, and cable owners can apply for them (the application cost — around $160,000 — is trivial against a multi-million-dollar repair bill). It's frequently cited as close to a "gold standard" regime. But as practitioners warn, it can't be "set and forget," and — as the failed 2021 Perth prosecution shows — even a strong legal framework founders on the universal problems of proving intent and securing convictions.

The proactive response

Australia isn't standing still:

  • The Pacific cable initiative (October 2023). Australia and the US announced an initiative to fortify the security of submarine cables linking Pacific Island nations, paired with Google's South Pacific Connect project to build more cables — adding the redundancy that is the single best defence against any one cut.
  • The AUKUS seabed-defence pact (May 2026). The newest and most significant move. On 31 May 2026, the US, UK, and Australia announced a trilateral effort to protect undersea cables and pipelines from sabotage, centred on jointly developing unmanned undersea vehicles — autonomous defensive drones — to monitor and protect seabed infrastructure. The framing borrowed directly from the North Atlantic experience, explicitly citing the unprecedented scale of attacks over the prior 18 months and the UK's tracking of Russian submarines. It signals, more than anything, that Canberra now treats cable security as a frontline defence problem rather than a private commercial matter.

The bottom line

Pull the threads together and a coherent, alarming picture emerges:

  • The capability and intent are real and demonstrated. Russia's GUGI fleet and the Yantar are conducting sustained, purpose-built surveying of NATO's seabed infrastructure — the explicit "survey in peace, sabotage in war" doctrine. China's behaviour around Taiwan fits a multi-year gray-zone pattern. The Houthis have shown cables can be collateral in a shooting war.
  • The method is built for deniability. Anchor-dragging is indistinguishable from the ~100–200 genuine accidents that occur yearly, and the background noise is the weapon. This is why almost no incident yields a clean "intentional" verdict, and why prosecutions (Eagle S, Vezhen, the 2021 Perth case) keep collapsing.
  • The law is a 19th-century relic with 21st-century gaps. Outside territorial waters, states largely cannot board, arrest, or effectively punish suspected saboteurs. The shadow-fleet "stateless vessel" workaround is the most promising tool, but it's narrow.
  • Repair is the strategic chokepoint. A geriatric global fleet of ~60 ships means cutting is cheap and fast while fixing is slow and scarce — an asymmetry that punishes remote nations most.
  • Australia sits at the dangerous intersection of total cable dependence, extreme repair distance, no sovereign repair capability, and rising military salience as AUKUS infrastructure goes live. It has a strong legal-zone regime and is now moving — via the Pacific initiative and the May 2026 AUKUS seabed pact — but it is starting from behind.

The cables are, in the now-common phrase, the arteries of modern civilisation. The unsettling reality of 2026 is that adversaries have mapped those arteries, the tools to sever them are crude and deniable, the law offers little protection, and the means to repair them are scarce and slow. The defensive response — Baltic Sentry, Nordic Warden, the UK-Norway patrols, the AUKUS drone program — is real but nascent. The race between the surveyors and the defenders is very much underway, and it is being run on a seabed almost no one can see.

Border Cyber Group. This piece synthesises open-source reporting and is current as of June 2026. Subsea cable attribution is contested and fast-moving by nature; where incidents remain under investigation or unproven, we have said so.

Jonathan Brown is a cybersecurity researcher and investigative journalist at bordercybergroup.com.

If you would like to support our work, providing useful, well researched and detailed evaluations of current cybersecurity topics without ads or fees... Buy us a coffee! https://bordercybergroup.com/#/portal/support