Why the Internet’s Backbone Lies Unguarded on the Seafloor
The defining infrastructure of the internet is not a data center or a satellite. It’s a network of more than 500 commercial fiber-optic cables resting on the floor of the world’s oceans, totaling roughly 1.5 million kilometers of submarine line. These cables carry an estimated 95 to 99 percent of all intercontinental data traffic — roughly $10 trillion in daily financial transactions, every video stream that crosses an ocean, every cloud service synchronizing across continents. Satellite communications handle a tiny residual fraction. The substrate of the global internet is wet, dark, and almost entirely undefended. The events of 2024 and 2025 forced governments to acknowledge what cable engineers had been warning about for two decades: the infrastructure most of the modern economy runs on is also the easiest to break.
The Invisible Spine of the Modern Internet
The economic weight that sits on submarine cables is difficult to overstate. International banking settlement, high-frequency trading, supply chain coordination, military communications, and every consumer internet service depend on the same physical wires. A single transatlantic cable carries enough capacity for millions of simultaneous video streams, gaming sessions, and online platform connections — from streaming services to e-commerce to online gaming operators like v vegas with a wide library of slots and other consumer platforms that move audio, video, and transaction data across continents in real time. The cables are owned by a small number of private consortia, with limited oversight and almost no military protection along most of their route. The vulnerability is structural — the physical layer of the internet was built for commerce, not warfare.
The 2024-2025 Incident Cluster
Recorded Future’s analysis of publicly reported cable damages found 44 separate incidents across 2024 and 2025, distributed across 32 distinct clusters. The major ones tell the story directly.
| Date | Location | Cables Affected | Suspected Cause |
| Jan 2022 | Svalbard, Norway | 1 | Russian trawler activity (unconfirmed) |
| Oct 2023 | Balticconnector | Pipeline + cable | Hong Kong-flagged vessel anchor |
| March 2024 | Red Sea | 4 (25% of Asia-Europe-Africa traffic) | Rubymar drifting anchor after Houthi strike |
| Nov 2024 | Baltic — Sweden-Lithuania, Finland-Germany | 2 cables in 24 hours | Yi Peng 3 (Chinese vessel) |
| Jan 2025 | Taiwan | 1 | Shunxin-39 (Hong Kong-registered) |
| Sept 2025 | Red Sea, near Jeddah | Multiple | Unknown; Microsoft Azure disrupted |
Seven of the ten Baltic cable cuts since 2022 occurred in the narrow window between November 2024 and January 2025. The Baltic has been called the “Achilles heel” of Europe — shallow average depth of about 180 feet, roughly 4,000 ships transiting daily, and an immediate adjacency to Russian Baltic ports.
Why the Vulnerabilities Aren’t Going Away
The geographical conditions that make cable networks efficient also make them fragile. Cables concentrate at narrow choke points — the Danish Straits, Bab el-Mandeb, the Strait of Malacca, and the waters around Taiwan. At those points, cable density is high, water is shallow, and shipping traffic is heavy. The routes that let cables connect continents efficiently are the same ones where a dragging anchor or deliberate sabotage can sever multiple lines at once. Global repair capacity is limited; average repair time runs around 40 days, stretching further when permits are slow, or cables sit in conflict waters. Satellite and microwave backups carry only a small fraction of lost bandwidth.
The Threat Actors and Their Tools
The actors with demonstrated capability or intent fall into four groups:
- Russia’s Main Directorate of Deep-Sea Research (GUGI) operates deep-diving nuclear submarines and the Yantar intelligence ship, with submersibles capable of operating at 6,000 meters.
- Chinese-flagged vessels, including Yi Peng 3 and Shunxin-39 have been linked to cable cuts in the Baltic and around Taiwan, with patterns suggesting deliberate seabed mapping.
- Houthi forces in Yemen are indirectly responsible for the March 2024 Red Sea incident through the Rubymar attack, and suspicion lingers over the September 2025 cuts.
- Fishing vessels and commercial shipping cause most accidental damage, including the 2022 Shetland Islands incident that took card payments offline.
The category that worries analysts most is the “gray zone” between deliberate sabotage and plausible accident — a dragged anchor that looks like negligence but happens to occur exactly where two cables cross.
What 40 Days of Repair Time Actually Means
The repair fleet is small. Roughly 60 specialized cable repair ships exist globally, and they handle every fault on the network. A single major incident can monopolize regional capacity for weeks. The cables themselves aren’t the difficult part; the challenge is locating the exact break point on the seafloor, lifting the cable from several kilometers down, splicing in new fiber, and re-laying without further damage. In regions with no redundant routes — West and Central Africa, parts of the Pacific, and smaller European connections — a 40-day outage means 40 days of degraded national connectivity.
The Response, and What’s Still Missing
NATO stood up a Critical Undersea Infrastructure Coordination Cell in February 2023, and the EU and NATO created a joint Task Force on critical infrastructure resilience. Egypt launched WeConnect in 2023 for cross-connections between landing stations. Taiwan announced Navy-Coast Guard cooperation for cable protection in March 2025. None of these closes the fundamental gap: the cables remain almost impossible to defend along their full length, and legal frameworks for prosecuting deliberate damage remain fragmented across jurisdictions. The 1884 Cable Convention is still the primary international instrument governing the seabed wires that carry the modern economy.
