Increased Russian naval activity in recent years around deep-sea cables, the critical infrastructure of the global internet, has heightened concerns that Russia may target them in an effort to disrupt Western daily life as the country seeks new means of coercion amid its war in Ukraine. Deep-sea or submarine cables are fiber optic cables that lay the foundation for global internet connectivity across the world. The cables, which are often thousands of miles/kilometers in length, transmit an estimated 95% of international data traffic from country to country by connecting two or more land points across bodies of water. The cables themselves are typically not much wider than a garden hose, and although they are covered in varying layers of copper, nylon and plastic for insulation, they are not heavily protected. Today, there are more than 400 subsea cables in operation that vary in length, with some shorter than 50 miles (about 80 kilometers) long and others extending more than 10,000 miles (about 16,000 kilometers) in length. Some connect single points across a body of water, while others have multiple landing points connecting multiple countries. Sea cables are prone to damage, and there are, on average, approximately 100 cable faults a year, most commonly due to fishing and shipping activity that accidentally damages a cable. While damage to sea cables may be fairly routine, repairing damaged cables can nevertheless be a time-consuming and logistically challenging endeavor; while some repairs can be completed in the span of a few hours, other repairs that are deeper or farther from shore can take days or even weeks.

Concerns over the potential for malign nation-state activity against deep-sea cables, especially by Russia, have risen in the past few years. In the last several years, Russia has sought to modernize its navy and maritime information-gathering capabilities, expanding its operations across the world. Western officials have raised particular concern about increasingly frequent Russian naval operations near underwater sea cables. In a December 2017 interview with The Washington Post, U.S. Navy Rear Adm. Andrew Lennon said, "We are now seeing Russian underwater activity in the vicinity of undersea cables that I don't believe we have ever seen." As part of its increased maritime activity, Russia has sought to modernize and deploy more submarines and surface vessels such as its purported Yantar "research vessel," a Russian ship commissioned in 2015 that is widely believed to be used for intelligence-gathering purposes. More recently, in July 2022, Russia commissioned the Belgorod submarine, now the largest in the world and also believed to be used for a number of espionage activities. Both of these and other Russian vessels possess deployable manned and unmanned deep-sea submersibles that can potentially be used to survey or tamper with deep-sea cables. In recent years, these vessels have been spotted a number of times near international sea cables, heightening concerns that Russia may be gathering information on them for malicious purposes.

• In August 2021, the Yantar was spotted loitering off the coast of Ireland between two undersea internet cables, one of which connects Ireland to the United States. The vessel remained stationary for approximately two days, raising concerns that Russia was attempting to gather information on transnational cables. 
• In January 2022, one of two sea cables connecting mainland Norway and the Svalbard archipelago in the Arctic Ocean was severed under suspicious circumstances. Although the cause of the damage remains unknown, suspicion has fallen on Russia and the investigation has implicated human activity rather than an accident.
• In late January 2022, Russia moved a naval exercise that was scheduled to take place in early February within Ireland's exclusive economic zone (EEZ) to instead occur just outside the EEZ. However, the location of the exercise was still right above the route of two submarine cables and a third planned cable that was due to be commissioned at the time. The cables connect countries including the United Kingdom, France and the United States, and while the chosen location for the military exercise was not necessarily believed to be exclusively related to the sea cables, it nevertheless raised suspicions that Russia had chosen the location of the exercise to alarm the West due to its proximity. 

Since its invasion of Ukraine, Russia or Russian-aligned actors have targeted a number of critical infrastructure entities, both within Ukraine and abroad, raising concerns that a sea cable attack could become more likely in the future. Following the outbreak of the Russia-Ukraine war in February, Russia has pursued a number of kinetic and cyberattack operations against Ukraine's critical infrastructure. Such attacks have included missile and drone strikes against Ukrainian energy facilities, electric power grids, water supply centers and railroad infrastructure. Russia has also engaged in cyberattacks against strategic Ukrainian targets, including communications systems, government websites, transportation logistics systems and military control centers. In addition to attacks within Ukraine itself, Russian-aligned cyber actors have also broadened their operations to conduct attacks targeting Western governments and their infrastructure. For instance, the Russian-aligned hacktivist group Killnet has launched cyber campaigns against Western governments including Lithuania, Norway, Estonia and Poland. Killnet's attacks arguably had the most impact in Lithuania, where the group's distributed denial of service cyber campaign in June disrupted access to websites and the functionality of internal networks for logistics companies, airlines, major financial institutions, energy companies and internet service providers intermittently for several weeks. Furthermore, research published in September by U.S. cybersecurity firm Mandiant found evidence of collaboration between hacktivist groups like Killnet and the GRU, Russia's military intelligence agency, indicating Russia's willingness to support cyber operations against Western countries. Outside of Russian-sponsored hacktivist operations, there have also been several instances of either Russian-attributed attacks on critical infrastructure or suspicious instances of critical infrastructure being damaged beyond Ukraine's borders.

• During the initial invasion of Ukraine in February, a Russian cyberattack targeted the Viasat-operated KA-SAT satellite in Ukraine with data wiper malware, which disrupted internet access across Ukraine and across several central European countries (including Germany, where more than 5,000 wind turbines were taken offline). 
• In September, four suspicious gas leaks on the Nord Stream 1 and 2 natural gas pipelines, which connect Russia to Germany, were widely blamed on Russia. On Nov. 18, the Swedish government reported that the gas leaks had resulted from an act of sabotage due to the detection of explosives at the site of the pipelines.
• In October, three major subsea cables were damaged in the south of France, disrupting internet connectivity across Europe, Asia and the United States, though U.S. cloud security company Zscaler was able to mitigate the impact by rerouting internet traffic through alternative cables. The source of the disruption remains unknown, however, the CEO of Zscaler claimed that the incident was "an act of vandalism" without elaborating.

Although there has not yet been a confirmed incident of intentional damage to an underwater cable, the likelihood that Russia could target one may grow as the war in Ukraine continues into 2023. Russia is notorious for engaging in asymmetric warfare operations that use unconventional means — often in different domains (such as cyberspace or, in this case, potentially underwater) — to overcome conventional constraints and leverage other strengths, and this reliance on asymmetric operations has only grown since the Russia-Ukraine war broke out. The widespread and severe sanctions program that the West has implemented against Russia, combined with Moscow's major setbacks on the battlefield in the face of Western-provided weapons and other support, has given the Kremlin ample reason to retaliate against the West. While Russia has largely avoided high-profile attacks against Western critical infrastructure to avoid conflict escalation beyond Ukraine, the frequent accidental damage that occurs to underwater sea cables may offer Russia the opportunity to strike back against the West while avoiding clear attribution. In this hypothetical, such an attack would support Russia's efforts to hurt the United States and Europe by exacerbating fears among civilian populations in the West and disrupting economic activities in these countries. Russia would likely not engage in multiple majorly disruptive underwater sea cable attacks at once or target certain cables connecting Russia to the global internet, since such attacks would heighten the likelihood that Russia's own internet connectivity and daily life would be negatively impacted; however, isolated attacks on specific sea cable networks that connect Western countries would not be outside of the realm of possibility. A key consideration in such a scenario would be location because, while sea cable damage is fairly routine, most cables that are damaged from fishing vessels or other routine accidents typically occur near shorelines and therefore can be repaired more easily. Of greater concern would be if Russia targeted sea cables at much greater depths and/or farther from shore where a break may be difficult to locate and repair, exacerbating the impact of such an act of sabotage.

• Outside of sabotage operations, Russia may also attempt to access deep-sea cables for intelligence-gathering purposes. Although more difficult than sabotage, sea cables can also be tapped to record, copy or steal data. The process by which sea cables can be tapped is largely unknown, as is the overall efficiency of attempted sea cable tapping operations. However, various countries, including the United States, have been known to design submarines specifically for this purpose. In 2005, AP reported that the USS Jimmy Carter had been repurposed to carry crews of technicians specifically for cable-tapping operations, although the details of the ship's intended operations were naturally kept secret.

The most vulnerable sea cables are located in choke points where major undersea cables intersect and where a single point of failure can have an outsized impact. For Europe, a primary area of concern is the passage between the Indian Ocean and the Mediterranean Sea via the Red Sea because this route supports much of Europe's internet connectivity to Asia. For the United States, the coastline of New York is the primary point of connection to Europe, and the United Kingdom's western shores are a primary point of location for the U.S. digital connection to the rest of Europe. Between late January and early February 2008, the vulnerability of these chokepoints was highlighted by the severance of several sea cables off the coast of Alexandria, Egypt, which disrupted the internet in 14 countries. The incident, believed to be caused by a ship's anchor, immediately disrupted large swaths of internet connectivity across countries in the region, including the Maldives (which lost 100% of its internet access); India (which lost 82%); Qatar, Djibouti and the United Arab Emirates (which lost 70%); and Saudi Arabia, Egypt and Pakistan (which lost 50%). Most internet in these countries was restored within the day by diverting internet traffic in the region through alternative cables, but the cables themselves were not repaired for almost two weeks. More recently, another incident affected sea cables in Egypt in June 2022 when the Asia-Africa-Europe-1 (AAE-1) cable was severed by unknown causes in Egypt. The effect of the cut was immediate, impacting internet connectivity in more than seven countries, including Ethiopia, which lost 90% of its connectivity, and Somalia, which lost 85%. Although the disruption only lasted for a few hours, the incident demonstrated the immense impact that one cable can have and the importance of regions such as the Red Sea for global internet communication.

Damage to sea cables can have myriad impacts on a country's internet infrastructure, broadly disrupting daily life and business operations. As a result of the world's overwhelming reliance on internet connectivity, a lack of access to online services can affect digital access to financial institutions or payments, media and news reporting, and emergency services, among many other things. Moreover, as significant portions of the global workforce have shifted to work-from-home or hybrid work modalities, access to the internet has become even more essential for many individuals and companies. For citizens, the inability to access online services can cause personal financial loss and heighten safety risks by making emergency services inoperable. For businesses, such disruptions raise a number of financial and operational risks by undermining business continuity and threatening data loss. 

• On Jan. 15, the eruption of the Hunga Tonga Hunga Ha'apai volcano and the subsequent tsunami that it triggered severed the only sea cable connecting the island nation of Tonga to the global internet for approximately five weeks. In the interim, civilians on the island had little-to-no access to the internet or mobile services, adding to the extensive economic loss that resulted from the natural disaster.
• On Oct. 20, two cables in Scotland were disrupted, severing the internet connection between the mainland and the Shetland Islands and causing some landlines and mobile phone services to be unusable for several days. Credit payment systems were inoperable on the island, forcing businesses to rely on cash payments, and people were also unable to contact emergency services during this period.

Depending on the level of damage it sought to cause, Russia might find these and/or other disruptions attractive means of putting pressure on Western governments as its war in Ukraine drags on. Most countries today have multiple sea cables connecting them to global internet infrastructure, and, as a result, damage to one sea cable will not typically cause extensive disruption to daily life within that country. This in itself may be attractive to Russia, as it could demonstrate a capability to do further damage without initially causing outsized disruptions that could provoke more significant blowback. That being said, countries that are smaller and/or have fewer endpoints for sea cables are much more vulnerable to operational disruption if cables are damaged, intentionally or not. In Europe, Russia may target sea cables along the Irish coastline, where critical trans-Atlantic sea cables connect the United States to Europe, as well as endpoints in cities such as Marseille, France, where myriad cables connect continental Europe to endpoints in Africa and Asia. Finally, as evidenced in the case of Tonga, sea cables can take time to repair, and countries that do not have alternative sea cables to which they can move their internet traffic have few options in the interim. This may also factor into Russia's strategic analysis, meaning that Russia may target more isolated geographical locations with fewer cables or otherwise try to disrupt cables in deeper, more remote locations to further complicate repair efforts following an attack.