explainers

‘Incredibly difficult to prove’ Two Baltic Sea Internet cables were damaged within 24 hours. Was it Russian ‘hybrid warfare’ or just a coincidence?

Source: Meduza

Early last week, European telecommunications companies reported damage to two underwater Internet cables in the Baltic Sea. The first incident, involving a cable connecting Lithuania to Sweden, reportedly occurred on the morning of Sunday, November 17. The second, affecting a cable between Germany and Finland, was reported the following morning. While the full extent and nature of the damage remain unclear, some European officials were quick to suggest sabotage, and law enforcement agencies from multiple countries have launched investigations. The Danish navy is reportedly shadowing a Chinese-registered ship called the Yi Peng 3, which appears to have been near the sites of both outages when they occurred. To help put this incident in context, Meduza spoke to Katja Bego, an expert on the geopolitics of undersea cables and a senior research fellow in Chatham House’s International Security program.

This interview has been edited and abridged for length and clarity.


Sunday, November 17, 2024

A telecommunications cable running between Lithuania and Sweden is damaged at around 10:00 a.m., according to a spokesperson from the cable’s operator, the Swedish company Telia.

Monday, November 18

A fault is detected in another telecommunications cable, this one connecting Finland to Germany, at 4:04 a.m., according to the Finnish company that runs the cable. The Finnish and German foreign ministers release a joint statement expressing concern over the incident: “Our European security is not only under threat from Russia‘s war of aggression against Ukraine, but also from hybrid warfare by malicious actors.”

Tuesday, November 19

German Defense Minister Boris Pistorius says that the damage to both cables looks like an act of sabotage and a “hybrid action” but said it’s unclear who to blame. He adds that “nobody believes that these cables were cut accidentally.”

Finland announces it’s launched a police probe, and the Swedish Prosecution Authority says it’s investigating “sabotage.”

Two U.S. officials tell CNN they believe the incidents were caused by “anchor drag from a passing vessel.”

Wednesday, November 20

Swedish police say a Chinese cargo ship off the coast of Denmark is “of interest”. Danish officials say its navy is tracking a Chinese-registered ship, the Yi Peng 3. Tracking sites show that the Yi Peng 3 left the Russian port of Ust-Luga on November 15 through the Baltic and passed by both cables around the times they are thought to have been severed.

China dismisses the notion that it was involved, saying it “has consistently and fully fulfilled its obligations as a flag state and requires Chinese vessels to strictly abide by the relevant laws and regulations.” Kremlin spokesperson Dmitry Peskov says it’s “absurd to continue to blame Russia for everything without any reason.”

Media reports and statements from the companies that operate these cables described the damage in varying terms: a “fault was detected,” or the cables were “disrupted,” “severed,” or “cut.” Were these cables actually cut in half? How thick are they?

Undersea cables are not especially thick — often not thicker than a garden hose — though they can have extra insulation on them when they are laid in places where they are more likely to get damaged — for example, nearer to shore, or in areas with heavy fishing. Damage to cables is not especially rare; faults like the one we have seen in the Baltic Sea last week happen about a 150–200 times a year, and can cause the cable to be fully cut in half, or see so much damage they are no longer usable.

The investigation is ongoing — repair ships are now physically on site to see the extent and nature of the damage, and begin the repair process. For them, it doesn’t matter much whether the damage was deliberate or not: a fault is a fault, and the cable owners will want it repaired as soon as possible.


The bitter truth is that events in Russia affect your life, too. Help Meduza continue to bring news from Russia to readers around the world by setting up a monthly donation.


Is the main reason this incident is attracting so much attention the fact it happened twice in two days?

I think the incident is seeing so much coverage because of its location — an incident like this near a geopolitical hotspot like the Baltic will always attract attention, especially as it follows in the wake of several very recent warnings by NATO members, calling out suspicious Russian behavior near key cables and energy pipelines. 

The fact that two cables were damaged at the same time unsurprisingly makes this even more salient of a story, as many people assume this must necessarily mean it was deliberate — because what are the odds two cables were damaged so soon after another? The German defense minister suggested as much himself.

But it is actually not so rare for multiple cables to accidentally break at the same time. During the now quite famous outage earlier this year in the Red Sea, when a ship hit by Houthi rebels caused significant damage to cables, three were damaged.

What is perhaps a bit peculiar about the current situation is that there appears to have been a quite significant time lag and larger distance between the two faults. But that too is not indisputable proof that this was a deliberate action. 

What are some high-profile examples of undersea cables being weaponized in the past? 

The most famous examples that we have of this happening at scale are during World War I and World War II. This was particularly important in World War I, when Britain was able to cut Germany out of undersea telegraph communications network for effectively all of the war. Since the world wars, we have seen fewer cable sabotage attempts, or least not many that have been publicly acknowledged to have been deliberate.

That started to change around 2015, when we first first began to see things like NATO warnings about Russian ships behaving suspiciously around undersea cables. Since the start of the full-scale invasion of Ukraine, especially, we have begun to see a large uptick in incidents that are widely speculated to have involved deliberately sabotage or gray-zone activities.

We have for example seen incidents near the Shetland Islands, Svalbard and near some Norwegian military bases in the high north. But perhaps the most famous example of cable damage near Europe is the incident involving damage to the Balticconnector and several undersea communications cables, which happened last year. The parallels with last week’s events are quite interesting: both involved ships tied to China, both (likely) involved anchors, and in both cases analysts have been quick to point to possible Russian involvement (though that remains unproven in both cases). 

The problem with these incidents is that it’s incredibly difficult to prove intent. And it’s quite hard to attribute responsibility. Something happens and either you don’t know who did it, or if you do, you don’t know if they did it on purpose or just made a mistake — for example, if a fishing ship dropped its anchor in the wrong place. And that makes these cases very tricky. 

Germany and Finland seem to suspect Russia. Doesn’t it seem far-fetched that China would be involved or would sign off on participating in an action like this in the Baltic Sea? How would that coordination even work in theory?

I suppose that is perhaps the most peculiar aspect of both this incident, and last year’s Balticconnector incident too. If both these cases involved deliberate sabotage, and were coordinated together with Russia, that is of course a very concerning escalation. China has been active in the cyber and other domains in Europe, but this type of highly visible physical attack would in my view be of quite a different category.

And while we are speculating: is it really that likely that Russia and China would turn to a cargo ship with its transponder on for this kind of operation? On the other hand, one could suggest that this does provide plausible deniability, which is often one of the key ingredients of these kind of gray-zone actions.  

It is therefore important to be careful with jumping to conclusions. It takes time to investigate these situations. A maintenance ship has to physically go to the site of the fault and figure out what happened exactly. Incidents with ships accidentally damaging cables with their anchors are furthermore not rare, it is not easy to prove intent in these cases.

Many security experts, and also politicians, have been quick to call this incident sabotage. And that may turn out to be correct, but the truth is that we currently don’t yet know what happened here.

Do we know if there were Russian crew members on the Yi Peng 3?

There was initially a lot of media speculation that suggested the Yi Peng 3’s captain was Russian. But from what we know so far, that probably wasn’t true. I read an interview in the Swedish media with the owner of the company that owns the ship, which suggested the crew consisted of 20 Chinese crew members and that the captain too, is Chinese.

It is true that Russia has been doing this kind of thing in various domains — threatening to damage cables, hovering near cables with naval ships or spy ships, these sort of things have been happening far too often recently. But that does not necessarily mean that Russia was involved in this particular incident. The most direct, proven Russian connection so far, at least as far as I’m aware, is that the Yi Peng 3 picked up cargo in Russia. More information on this front may of course still emerge as we find out more details over the coming weeks and months. 

What other details or points do you feel haven't been reported very well or deserve mention?

I think it’s interesting and worth noting the discrepancy between what the industry is saying and what the security community is saying about this incident. Industry is generally very skeptical that this was deliberate sabotage. These kinds of faults are not uncommon and they argue that all the circumstances point to this just being a rather routine incident. The security community is instead quick to call it sabotage. I think there are probably enough suspicious aspects to this specific case to at the very least investigate whether there was some deliberation involved here, but for now it is best to wait for more information before a call can be made either way.  

One novel aspect of this specific incident we can already analyse, however, is that several Baltic-adjacent NATO members were immediately quite comfortable in suggesting that this potentially was a case of sabotage. If you compare it to the Balticconnector incident last year, where you saw a lot of politicians and navies treating that incident with quite a lot of caution; they didn’t immediately act as forcefully, they didn’t immediately stop the ship suspected to have been involved. But this time, they immediately jumped into action, with the Yi Peng 3 now anchored off the Danish coast, and closely monitored by the Danish navy. There has been a lot more attention in the past couple years to the protection of maritime infrastructure, and a lot of efforts to improve coordination between navies to act on this sort of thing and try to deter these kinds of acts better. Their actions over the past week suggest a change in posture to being more forceful in calling out and acting on potential hybrid attacks. 

Interview by Sam Breazeale