Tag: NATO

  • Operation Gladio: NATO’s Secret Stay-Behind Armies Explained

    On October 24, 1990, Italian Prime Minister Giulio Andreotti stood before the Chamber of Deputies and confirmed what had been rumored for decades: a secret paramilitary network had been operating inside Italy since 1956, coordinated by NATO and the CIA, armed with weapons caches hidden in forests and mountain meadows, trained in unconventional warfare on remote Mediterranean islands and at British and American special operations centers, and composed of recruits who included ex-fascists and neo-fascists from the Italian far right. The network was called Gladio — the Latin word for sword. Similar networks existed in every NATO country in Western Europe: France, Belgium, the Netherlands, Luxembourg, Germany, Denmark, Norway, Portugal, Spain, Greece, Turkey. Parallel networks existed in neutral countries — Sweden, Switzerland, Finland, Austria. The networks had been internationally coordinated through the Allied Clandestine Committee in Brussels, whose last known meeting had taken place on October 23-24, 1990 — the day Andreotti gave his speech. Within weeks, the European Parliament condemned the stay-behind armies by resolution. Within months, similar parliamentary investigations were underway in Belgium and Switzerland. Italian magistrates who had been investigating unsolved terrorism for nearly two decades suddenly had a framework that tied the attacks together. The press called it “the best-kept and most damaging political-military secret since World War II.”

    What stay-behind was supposed to do

    The stay-behind doctrine emerged from a straightforward Cold War scenario. If the Soviet Union invaded Western Europe and NATO forces were pushed back, someone needed to remain behind the lines to conduct sabotage, gather intelligence, and support resistance movements — the same function the British Special Operations Executive and the American OSS had performed against Nazi occupation during World War II. The stay-behind networks were built on that model. Weapons caches were buried across Western Europe — in Italy alone, 139 cache sites were eventually disclosed, though ten of them couldn’t be recovered in 1973 because they’d been hidden in locations requiring “complex demolition work.” The networks were to activate only after a Soviet invasion. Their members were civilians, mostly vetted for anti-communist reliability, trained in guerrilla warfare and communications. The founding premise was defensive: preparation for an invasion that, as it turned out, never came.

    The Italian network was formalized through a bilateral agreement between Italian military intelligence (SIFAR) and the CIA signed on November 28, 1956, under the supervision of Defense Minister Paolo Taviani. A classified 1959 SIFAR document — later released to Italian parliamentary investigators — described the operation under the title “The Special Forces of SIFAR and Operation Gladio.” The document confirmed NATO coordination and CIA involvement. It described a network of trained operatives, buried arms, and communications infrastructure designed to activate in the event of occupation.

    What stay-behind actually did

    The Italian investigation that led to the 1990 disclosures began with a specific case — the 1972 Peteano bombing, in which three Carabinieri were killed by a car bomb. The attack was initially blamed on left-wing terrorists. Italian magistrate Felice Casson reopened the case in the 1980s and discovered that the bombing had been carried out by a far-right militant named Vincenzo Vinciguerra, that Italian officials had deliberately misdirected the investigation to implicate the left, and that the explosives used matched materials from a NATO stay-behind arms cache. Vinciguerra testified at his 1984 trial that he had been part of a broader network — the first public admission of Gladio’s existence, five years before Andreotti’s speech. Casson’s investigation led him to the archives of the Italian military intelligence service, where he found the 1959 SIFAR document confirming what Vinciguerra had described.

    The pattern Casson uncovered — a terrorist attack carried out by far-right operatives, initially blamed on the left, investigators steered away from the real perpetrators, explosives traced to stay-behind caches — matched a series of bombings and massacres that had defined Italy’s “Years of Lead” (anni di piombo) from 1969 to 1980. The 1969 Piazza Fontana bombing in Milan killed 17 people. The 1974 Piazza della Loggia bombing in Brescia killed eight. The 1974 Italicus Express train bombing killed twelve. The 1980 Bologna railway station bombing — the deadliest terrorist attack in postwar Italian history — killed 85 and wounded more than 200. In each case, the initial investigation implicated the far left. In each case, subsequent investigations found far-right operatives with intelligence service connections. The term that emerged from Italian historiography to describe the pattern was the “strategy of tension” — the deliberate use of terrorism to create public fear, discredit the left, and justify authoritarian responses.

    The 1980 Bologna bombing is the case with the strongest documented connection to Gladio and P2. Licio Gelli — the grandmaster of the P2 Masonic Lodge — and Pietro Musumeci, the deputy director of Italian military intelligence and a P2 member, were both convicted of obstructing the investigation. Gelli’s P2 network and the Gladio stay-behind network overlapped significantly in personnel: military officers, intelligence officials, and far-right operatives who appeared on one list frequently appeared on the other. The structural relationship between P2 and Gladio was the link between a political conspiracy and an operational one.

    The Belgian parallel

    Italy was not unique. Belgium’s stay-behind network — code-named SDRA8 — came under investigation after the Brabant massacres, a series of supermarket robberies and shootings between 1982 and 1985 that killed 28 people and were never fully solved. The attacks were carried out with military precision, often left valuable cash behind, and appeared designed to terrorize the Belgian public rather than generate revenue. Belgian parliamentary investigators concluded that elements of the country’s stay-behind network had been involved. Belgian Defense Minister Guy Coëme confirmed the existence of the Belgian stay-behind army in November 1990, weeks after Andreotti’s disclosure.

    The Swiss network — P-26 — was discovered by coincidence a few months before Andreotti’s speech and exposed as extremist in ideology rather than merely anti-communist. Swiss Defense Minister Kaspar Villiger resigned. The Swedish stay-behind network was acknowledged by General Bengt Gustafsson in 1990, who denied NATO or CIA involvement — a denial contradicted by CIA officer Paul Garbler, who confirmed Sweden was “a direct participant.” In every country where parliamentary investigations took place, the pattern was similar: the official purpose of the network was stay-behind resistance to Soviet invasion; the actual operational history included connections to domestic right-wing terrorism, political manipulation, and obstruction of democratic oversight.

    Why it’s Lecture 6

    Gladio is the Shadowcraft case study that demonstrates how covert infrastructure outlives its original purpose. The stay-behind armies were built for one scenario — Soviet invasion — that never happened. The infrastructure they created — trained operatives, weapons caches, communications networks, command structures, relationships with far-right organizations — existed for 40 years across 15 countries without ever being activated for its stated purpose. What it was activated for, in documented cases across multiple countries, was domestic political manipulation: terror attacks designed to shift public opinion, investigations steered away from state-connected perpetrators, and coordination with organizations like P2 that operated outside democratic accountability.

    The Safari Club was built to continue covert operations abroad when Congress constrained the CIA. Gladio was built to prepare for an invasion and became, in documented cases, an instrument of domestic political violence when the invasion didn’t come. Both share the same structural logic: capacity created for one purpose becomes available for others, and the oversight mechanisms that should catch the drift don’t catch it, because the capacity was classified into invisibility before anyone could define what it was for. Western Goals preserved surveillance files that Congress had ordered destroyed. Gladio preserved operational capacity that should have ended when the Cold War ended — and in some documented cases, began using that capacity against the democracies it was built to defend.

    We cover Operation Gladio alongside BCCI, the Vatican Bank, Wagner Group, and 20 other case studies of covert institutional power across our Shadowcraft course — where a network built to resist an invasion that never came became the single most documented example of how Cold War infrastructure outlived the Cold War.

  • Undersea Cable Warfare: The Internet’s Physical Vulnerability Nobody Talks About

    Ninety-seven percent of all intercontinental internet traffic — every bank transfer between New York and London, every video call between Tokyo and San Francisco, every military communication between NATO headquarters and deployed forces — travels through physical cables lying on the ocean floor. Not satellites. Not wireless signals. Not “the cloud.” Fiber-optic cables about the diameter of a garden hose, resting on the seabed, often unburied, clearly marked on publicly available nautical charts so ships can avoid them. There are roughly 570 active submarine cables as of 2025, with another 81 planned, spanning more than 1.4 million kilometers of ocean floor. They are the actual, physical internet. And since 2022, someone has been cutting them.

    The Baltic Sea timeline

    The incidents started with Nord Stream. In September 2022, explosions ruptured the Nord Stream 1 and Nord Stream 2 gas pipelines in the Baltic Sea — not cables, but the same category of critical undersea infrastructure, and the event that announced to every intelligence service on earth that the seabed was now a theater of operations. A Ukrainian man has been sought by German prosecutors in connection with the sabotage; Italy’s top court approved his extradition in November 2025. The attack demonstrated that subsea infrastructure could be destroyed with plausible deniability, and the response from the international community was — by any honest assessment — inadequate.

    A year later, in October 2023, the Chinese-owned vessel Newnew Polar Bear dragged its anchor hundreds of miles across the Baltic seabed, severing the EE-S1 data cable connecting Sweden and Estonia and damaging the Balticconnector gas pipeline between Finland and Estonia. Because Sweden was not yet a NATO member and no alliance-wide response protocols existed for this scenario, the ship sailed through the Baltic, through the Danish Straits, along the Norwegian coast, and into Russian waters before anyone could decide what to do about it. China initially denied involvement. Ten months later, Beijing admitted the ship was responsible but attributed the damage to “bad weather.” The captain was remanded in custody in Hong Kong in May 2025.

    Then November 2024. On November 17, the BCS East-West Interlink cable connecting Sweden and Lithuania was cut, reducing about a fifth of Lithuania’s internet capacity. Less than 24 hours later, on November 18, the C-Lion1 cable connecting Finland and Germany — Finland’s only direct data link to the European continent — was severed. The Chinese-flagged bulk carrier Yi Peng 3, which had departed from the Russian port of Ust-Luga on November 15, was tracked by maritime data to the exact time and location of both cable breaks. Western intelligence officials told the Wall Street Journal they believed Russian intelligence had induced the vessel’s Chinese captain to drag the ship’s anchor to cut the cables — encrypted communications between Russian vessels and Yi Peng 3 were reportedly intercepted on November 21. Germany’s defense minister called it sabotage. He said “no one” believed the cables were cut accidentally. U.S. intelligence officials, meanwhile, assessed that the cables were “not cut deliberately.” Both positions exist simultaneously. The investigation remains open.

    Christmas Day 2024. The Estlink 2 power cable connecting Finland and Estonia was severed, along with four telecommunications lines. Finland seized the Eagle S, a Cook Islands-registered oil tanker linked to Russia’s “shadow fleet” — the network of aging, opaquely owned vessels Russia uses to circumvent Western oil sanctions. Finnish authorities said the ship had slowed as it passed over the cables. They later recovered a lost anchor they believed belonged to the vessel. In October 2025, a Finnish court dismissed the case against the Eagle S captain and crew, ruling prosecutors failed to prove intent.

    January 2025. An undersea fiber-optic cable connecting Latvia and the Swedish island of Gotland malfunctioned. Sweden seized the Maltese-flagged bulk vessel Vezhen on suspicion of sabotage. A Swedish prosecutor later ruled the breach accidental and released the ship. February 2025. Cinia, the Finnish telecom operator, detected damage to the C-Lion1 cable between Germany and Finland — the same cable severed in November — at a location east of Gotland.

    New Year’s Eve 2025. At 4:53 a.m., Finnish telecom company Elisa detected a disruption to its cable running from Helsinki to Tallinn. Finnish police seized the cargo vessel Fitburg, en route from Russia to Israel, on suspicion of sabotaging the cable by dragging its anchor. Five days later, Latvian authorities boarded another ship suspected of damaging a telecom link to Lithuania.

    Seven incidents in the Baltic Sea between late 2023 and early 2026. The pattern is consistent: cable damage occurs near vessels with Russian port connections or links to Russia’s shadow fleet, investigations are hampered by the complexity of international maritime law, flag-state jurisdiction, and opaque ship ownership structures, and prosecutions either fail for lack of provable intent or remain unresolved. Lithuania’s foreign minister, Gabrielius Landsbergis, summarized it: there had been essentially zero incidents in 20 years, and suddenly after Russia’s full-scale invasion of Ukraine, they recur every month.

    Why the cables are so hard to protect

    The Baltic Sea is relatively shallow — an average depth of about 55 meters — which makes its cables more accessible to anchors and more vulnerable to deliberate interference. Up to 4,000 ships pass through daily. The combination of shallow water, dense shipping traffic, and proximity to the Russian ports of St. Petersburg and the Kaliningrad enclave makes the Baltic what analysts at the Royal United Services Institute call the “Achilles heel” of European infrastructure.

    But the problem isn’t limited to the Baltic. In early 2024, Houthi attacks in the Red Sea area severed three major submarine cables — AAE-1, Seacom, and EIG — disrupting an estimated 25 percent of data traffic between Europe and Asia. Repairs took months. In March 2024, multiple cable cuts off West Africa caused massive service disruptions in Côte d’Ivoire, Liberia, and Ghana. Tonga has experienced three major cable disruptions since 2019, each one taking the island nation largely offline.

    The structural vulnerability is straightforward. Cables are long, immobile, clearly charted, and land at fixed points that are publicly known. Over 70 percent of cable faults are accidental — fishing nets, anchors, earthquakes, even shark bites — which gives deliberate saboteurs built-in plausible deniability. The global cable repair fleet consists of 62 vessels, most of them aging, and by 2040 nearly half will reach end of life while total cable kilometers are projected to increase 48 percent. Repair times range from days to months depending on location, damage severity, and vessel availability. The Estlink 2 power cable cut on Christmas 2024 wasn’t repaired until August 2025 — a seven-month outage for a critical power interconnection between two NATO allies.

    International law compounds the problem. Under the UN Convention on the Law of the Sea, freedom of navigation limits what navies can do in international waters or even within exclusive economic zones. A ship dragging its anchor through a cable zone isn’t committing a clear act of war — it’s committing an ambiguous act that could be negligence, weather, mechanical failure, or sabotage, and proving which requires forensic evidence from the seabed and cooperation from flag states that may not be forthcoming. Russia’s shadow fleet vessels operate under flags of convenience — Cook Islands, Malta, Cameroon — registered in jurisdictions with minimal regulatory oversight. The ownership structures involve shell companies layered across multiple countries. By the time investigators identify the vessel, board it, and attempt prosecution, the legal process has absorbed more resources than the sabotage cost to execute.

    The Russian strategy

    This isn’t random. Russian military doctrine has explicitly identified critical civilian infrastructure as a strategic target since the 1990s. The Bulletin of the Atomic Scientists described the Baltic cable incidents as “expressions of a new Russian strategy” rooted in the idea that the “anthropogenic shell of modern society” — the fragile infrastructure on which economies depend — is the West’s structural weakness. From 2000 onward, Russia has invested in modernizing its undersea capabilities, and a comprehensive Swedish investigation published in April 2023 documented a decade of large-scale Russian activities mapping critical infrastructure in the North and Baltic Seas.

    The strategic logic is asymmetric and efficient. With a handful of shadow fleet tankers — ships that cost Russia nothing because they’re already evading oil sanctions — Moscow can force NATO to commit frigates, aircraft, naval drones, and intelligence resources to guarding thousands of kilometers of cable routes. When sabotage occurs, the shallow Baltic and the energy dependencies of small nations like Estonia, Latvia, and Lithuania amplify the impact. NATO launched “Baltic Sentry” in January 2025 — patrols, aircraft, naval drones, national surveillance assets — but as the operation’s own commanders acknowledge, the Baltic Sea is larger than it looks, they can’t be everywhere, and the response authority rests with individual coastal states, not NATO.

    The cost-benefit ratio is lopsided in Russia’s favor. Dragging an anchor costs nothing. Repairing a severed power cable costs months and millions. Prosecuting the crew requires proving intent in a court system designed for peacetime negligence, not hybrid warfare. And every month that European allies spend debating jurisdiction and legal authority is a month that demonstrates what Landsbergis fears most: that NATO’s collective response mechanism isn’t fast enough or decisive enough for gray-zone operations that don’t cross the threshold of armed attack.

    Beyond the Baltic

    The vulnerability is global. Approximately 80 percent of U.S. military communications travel through the same commercial submarine cables that carry civilian internet traffic. Landing stations — the shore facilities where cables converge before connecting to terrestrial networks — are critical chokepoints. A handful of locations in the United Kingdom, France, Egypt (near the Suez Canal), Singapore, and the eastern United States handle disproportionate shares of global traffic. The Atlantic Council warned that authoritarian governments, particularly China, are reshaping the internet’s physical layout through companies that control cable infrastructure, potentially gaining better control of chokepoints and espionage access.

    There are roughly 150 to 200 cable faults globally every year — about three to four per week. Most are genuinely accidental. The challenge is distinguishing the one deliberate cut from the 199 accidents, in real time, with enough legal certainty to justify a response, in waters governed by international law that prioritizes freedom of navigation over infrastructure protection. The cables that carry 97 percent of the world’s intercontinental data are defended by a 62-ship repair fleet, a patchwork of national jurisdictions, and an international legal framework written for an era when the most valuable thing on the ocean floor was fish.

    We cover the geopolitics of undersea infrastructure — from the Baltic cable wars to Red Sea disruptions to the strategic chokepoints where cables, pipelines, and shipping lanes converge — across our Off The Map course, where the physical geography that most people never think about turns out to determine which countries stay connected and which ones go dark.