Ninety-seven percent of all intercontinental internet traffic — every bank transfer between New York and London, every video call between Tokyo and San Francisco, every military communication between NATO headquarters and deployed forces — travels through physical cables lying on the ocean floor. Not satellites. Not wireless signals. Not “the cloud.” Fiber-optic cables about the diameter of a garden hose, resting on the seabed, often unburied, clearly marked on publicly available nautical charts so ships can avoid them. There are roughly 570 active submarine cables as of 2025, with another 81 planned, spanning more than 1.4 million kilometers of ocean floor. They are the actual, physical internet. And since 2022, someone has been cutting them.
The Baltic Sea timeline
The incidents started with Nord Stream. In September 2022, explosions ruptured the Nord Stream 1 and Nord Stream 2 gas pipelines in the Baltic Sea — not cables, but the same category of critical undersea infrastructure, and the event that announced to every intelligence service on earth that the seabed was now a theater of operations. A Ukrainian man has been sought by German prosecutors in connection with the sabotage; Italy’s top court approved his extradition in November 2025. The attack demonstrated that subsea infrastructure could be destroyed with plausible deniability, and the response from the international community was — by any honest assessment — inadequate.
A year later, in October 2023, the Chinese-owned vessel Newnew Polar Bear dragged its anchor hundreds of miles across the Baltic seabed, severing the EE-S1 data cable connecting Sweden and Estonia and damaging the Balticconnector gas pipeline between Finland and Estonia. Because Sweden was not yet a NATO member and no alliance-wide response protocols existed for this scenario, the ship sailed through the Baltic, through the Danish Straits, along the Norwegian coast, and into Russian waters before anyone could decide what to do about it. China initially denied involvement. Ten months later, Beijing admitted the ship was responsible but attributed the damage to “bad weather.” The captain was remanded in custody in Hong Kong in May 2025.
Then November 2024. On November 17, the BCS East-West Interlink cable connecting Sweden and Lithuania was cut, reducing about a fifth of Lithuania’s internet capacity. Less than 24 hours later, on November 18, the C-Lion1 cable connecting Finland and Germany — Finland’s only direct data link to the European continent — was severed. The Chinese-flagged bulk carrier Yi Peng 3, which had departed from the Russian port of Ust-Luga on November 15, was tracked by maritime data to the exact time and location of both cable breaks. Western intelligence officials told the Wall Street Journal they believed Russian intelligence had induced the vessel’s Chinese captain to drag the ship’s anchor to cut the cables — encrypted communications between Russian vessels and Yi Peng 3 were reportedly intercepted on November 21. Germany’s defense minister called it sabotage. He said “no one” believed the cables were cut accidentally. U.S. intelligence officials, meanwhile, assessed that the cables were “not cut deliberately.” Both positions exist simultaneously. The investigation remains open.
Christmas Day 2024. The Estlink 2 power cable connecting Finland and Estonia was severed, along with four telecommunications lines. Finland seized the Eagle S, a Cook Islands-registered oil tanker linked to Russia’s “shadow fleet” — the network of aging, opaquely owned vessels Russia uses to circumvent Western oil sanctions. Finnish authorities said the ship had slowed as it passed over the cables. They later recovered a lost anchor they believed belonged to the vessel. In October 2025, a Finnish court dismissed the case against the Eagle S captain and crew, ruling prosecutors failed to prove intent.
January 2025. An undersea fiber-optic cable connecting Latvia and the Swedish island of Gotland malfunctioned. Sweden seized the Maltese-flagged bulk vessel Vezhen on suspicion of sabotage. A Swedish prosecutor later ruled the breach accidental and released the ship. February 2025. Cinia, the Finnish telecom operator, detected damage to the C-Lion1 cable between Germany and Finland — the same cable severed in November — at a location east of Gotland.
New Year’s Eve 2025. At 4:53 a.m., Finnish telecom company Elisa detected a disruption to its cable running from Helsinki to Tallinn. Finnish police seized the cargo vessel Fitburg, en route from Russia to Israel, on suspicion of sabotaging the cable by dragging its anchor. Five days later, Latvian authorities boarded another ship suspected of damaging a telecom link to Lithuania.
Seven incidents in the Baltic Sea between late 2023 and early 2026. The pattern is consistent: cable damage occurs near vessels with Russian port connections or links to Russia’s shadow fleet, investigations are hampered by the complexity of international maritime law, flag-state jurisdiction, and opaque ship ownership structures, and prosecutions either fail for lack of provable intent or remain unresolved. Lithuania’s foreign minister, Gabrielius Landsbergis, summarized it: there had been essentially zero incidents in 20 years, and suddenly after Russia’s full-scale invasion of Ukraine, they recur every month.
Why the cables are so hard to protect
The Baltic Sea is relatively shallow — an average depth of about 55 meters — which makes its cables more accessible to anchors and more vulnerable to deliberate interference. Up to 4,000 ships pass through daily. The combination of shallow water, dense shipping traffic, and proximity to the Russian ports of St. Petersburg and the Kaliningrad enclave makes the Baltic what analysts at the Royal United Services Institute call the “Achilles heel” of European infrastructure.
But the problem isn’t limited to the Baltic. In early 2024, Houthi attacks in the Red Sea area severed three major submarine cables — AAE-1, Seacom, and EIG — disrupting an estimated 25 percent of data traffic between Europe and Asia. Repairs took months. In March 2024, multiple cable cuts off West Africa caused massive service disruptions in Côte d’Ivoire, Liberia, and Ghana. Tonga has experienced three major cable disruptions since 2019, each one taking the island nation largely offline.
The structural vulnerability is straightforward. Cables are long, immobile, clearly charted, and land at fixed points that are publicly known. Over 70 percent of cable faults are accidental — fishing nets, anchors, earthquakes, even shark bites — which gives deliberate saboteurs built-in plausible deniability. The global cable repair fleet consists of 62 vessels, most of them aging, and by 2040 nearly half will reach end of life while total cable kilometers are projected to increase 48 percent. Repair times range from days to months depending on location, damage severity, and vessel availability. The Estlink 2 power cable cut on Christmas 2024 wasn’t repaired until August 2025 — a seven-month outage for a critical power interconnection between two NATO allies.
International law compounds the problem. Under the UN Convention on the Law of the Sea, freedom of navigation limits what navies can do in international waters or even within exclusive economic zones. A ship dragging its anchor through a cable zone isn’t committing a clear act of war — it’s committing an ambiguous act that could be negligence, weather, mechanical failure, or sabotage, and proving which requires forensic evidence from the seabed and cooperation from flag states that may not be forthcoming. Russia’s shadow fleet vessels operate under flags of convenience — Cook Islands, Malta, Cameroon — registered in jurisdictions with minimal regulatory oversight. The ownership structures involve shell companies layered across multiple countries. By the time investigators identify the vessel, board it, and attempt prosecution, the legal process has absorbed more resources than the sabotage cost to execute.
The Russian strategy
This isn’t random. Russian military doctrine has explicitly identified critical civilian infrastructure as a strategic target since the 1990s. The Bulletin of the Atomic Scientists described the Baltic cable incidents as “expressions of a new Russian strategy” rooted in the idea that the “anthropogenic shell of modern society” — the fragile infrastructure on which economies depend — is the West’s structural weakness. From 2000 onward, Russia has invested in modernizing its undersea capabilities, and a comprehensive Swedish investigation published in April 2023 documented a decade of large-scale Russian activities mapping critical infrastructure in the North and Baltic Seas.
The strategic logic is asymmetric and efficient. With a handful of shadow fleet tankers — ships that cost Russia nothing because they’re already evading oil sanctions — Moscow can force NATO to commit frigates, aircraft, naval drones, and intelligence resources to guarding thousands of kilometers of cable routes. When sabotage occurs, the shallow Baltic and the energy dependencies of small nations like Estonia, Latvia, and Lithuania amplify the impact. NATO launched “Baltic Sentry” in January 2025 — patrols, aircraft, naval drones, national surveillance assets — but as the operation’s own commanders acknowledge, the Baltic Sea is larger than it looks, they can’t be everywhere, and the response authority rests with individual coastal states, not NATO.
The cost-benefit ratio is lopsided in Russia’s favor. Dragging an anchor costs nothing. Repairing a severed power cable costs months and millions. Prosecuting the crew requires proving intent in a court system designed for peacetime negligence, not hybrid warfare. And every month that European allies spend debating jurisdiction and legal authority is a month that demonstrates what Landsbergis fears most: that NATO’s collective response mechanism isn’t fast enough or decisive enough for gray-zone operations that don’t cross the threshold of armed attack.
Beyond the Baltic
The vulnerability is global. Approximately 80 percent of U.S. military communications travel through the same commercial submarine cables that carry civilian internet traffic. Landing stations — the shore facilities where cables converge before connecting to terrestrial networks — are critical chokepoints. A handful of locations in the United Kingdom, France, Egypt (near the Suez Canal), Singapore, and the eastern United States handle disproportionate shares of global traffic. The Atlantic Council warned that authoritarian governments, particularly China, are reshaping the internet’s physical layout through companies that control cable infrastructure, potentially gaining better control of chokepoints and espionage access.
There are roughly 150 to 200 cable faults globally every year — about three to four per week. Most are genuinely accidental. The challenge is distinguishing the one deliberate cut from the 199 accidents, in real time, with enough legal certainty to justify a response, in waters governed by international law that prioritizes freedom of navigation over infrastructure protection. The cables that carry 97 percent of the world’s intercontinental data are defended by a 62-ship repair fleet, a patchwork of national jurisdictions, and an international legal framework written for an era when the most valuable thing on the ocean floor was fish.
We cover the geopolitics of undersea infrastructure — from the Baltic cable wars to Red Sea disruptions to the strategic chokepoints where cables, pipelines, and shipping lanes converge — across our Off The Map course, where the physical geography that most people never think about turns out to determine which countries stay connected and which ones go dark.