Digital Infrastructure as a Terrorist Target: The Emerging Threat to Undersea Cables and Internet Exchange Points

The disruption of undersea telecommunications cables in the Baltic Sea during late 2024 renewed institutional attention to a category of critical infrastructure that protective security planners have historically treated as a peripheral concern. Whether those incidents reflected deliberate state-adjacent sabotage, opportunistic interference, or coincidental damage remains contested, but the effect on analytical posture has been measurable: threat assessment teams across EU and Five Eyes jurisdictions are now revisiting the degree to which digital backbone infrastructure — undersea cables, terrestrial fibre trunk routes, and internet exchange points — features in the targeting calculus of both state-directed actors and ideologically motivated non-state networks.

Why Digital Backbone Infrastructure Attracts Targeting Interest

The appeal of digital infrastructure as a target class is not difficult to understand from an adversarial perspective. A relatively small number of physical chokepoints carry an extraordinary proportion of global internet traffic. Approximately 95 per cent of international data transits undersea cable systems; the remainder relies on a comparably concentrated set of terrestrial trunk routes and satellite links. Internet exchange points, where autonomous networks peer and exchange traffic, are similarly concentrated — a handful of major IXPs in Frankfurt, Amsterdam, London, and Stockholm handle volumes that, if disrupted, would degrade connectivity across entire regions rather than individual organisations.

This concentration means that the ratio of disruption achieved to operational complexity required is, from a targeting perspective, highly favourable. A single cable cut in a shallow coastal approach — where cables are most accessible and least protected — can affect millions of users and impose measurable economic cost within hours. For accelerationist networks seeking to generate systemic societal disruption, or for jihadist planners seeking high-visibility impact, that calculus is not invisible.

The threat is not homogeneous. State-adjacent actors, including intelligence services operating through deniable maritime assets, represent one tier. Ideologically motivated non-state actors represent a distinct and analytically separate tier, with different capability ceilings, different targeting selection logic, and different indicators of pre-attack activity. Conflating the two produces assessments that are imprecise in both directions.

Vulnerability Characteristics: Where the Exposure Concentrates

Undersea cables are not uniformly vulnerable along their entire length. The threat surface concentrates at specific points: cable landing stations, where submarine systems come ashore and connect to terrestrial networks; shallow coastal approaches, typically within the 200-metre depth contour, where cables are accessible to divers or small vessels without specialist equipment; and repair vessel chokepoints, where the limited global fleet of cable repair ships creates a secondary vulnerability in recovery timelines.

Cable landing stations present a particularly coherent target profile. They are fixed, identifiable from open-source mapping, often located in relatively isolated coastal or semi-industrial settings, and their physical security posture varies considerably across jurisdictions. Several stations serving transatlantic and intra-European routes sit within perimeters that would not satisfy the protective security standards applied to comparably critical energy infrastructure. This asymmetry has been noted in EU-level infrastructure resilience reviews, though remediation has proceeded unevenly.

Internet exchange points present a different but complementary vulnerability profile. As data centres and colocation facilities, they are typically better physically secured than cable landing stations, but their logical architecture — the peering relationships and routing configurations that govern how traffic flows — introduces a distinct attack surface. Physical access to an IXP facility, even briefly, could enable interference with routing hardware or the introduction of monitoring equipment. The insider threat vector at IXP-adjacent facilities is an area that warrants closer analytical attention than it currently receives in most national threat assessment frameworks.

Indicators of Targeting Interest in Non-State Actor Communications

Open-source monitoring of extremist forums and encrypted channels over the past 18 months indicates a gradual but discernible increase in discussion of telecommunications infrastructure as a target category. This material ranges from ideologically framed incitement — framing cable disruption as economically damaging to Western states — through to more operationally specific content referencing cable route maps, landing station locations, and vulnerability assessments drawn from publicly available academic and industry literature.

The indicators most relevant to protective security planners fall into several categories worth distinguishing:

• Conceptual targeting interest: forum posts, manifestos, or instructional content framing digital infrastructure as a legitimate or high-value target, without operational specificity.

• Open-source reconnaissance signals: queries or shared links referencing cable route databases, IXP facility addresses, or coastal access points near landing stations.

• Capability-seeking behaviour: discussion of maritime access methods, diving equipment, or the acquisition of cutting or disruptive tools consistent with subsea interference.

• Precursor activity near fixed infrastructure: physical surveillance indicators at cable landing stations or IXP-adjacent facilities, including unusual vehicle activity, photography, or access attempts.

The volume of conceptual targeting interest currently exceeds the volume of operationally specific material by a considerable margin. This is consistent with a threat that is in an early ideation phase for non-state actors, rather than one where operational planning is advanced. However, the trajectory — from ideological framing to operational specificity — is a familiar pattern in target development, and the current distribution should not be read as an indicator of low near-term risk.

Terriscope's curated monitoring of infrastructure-adjacent extremist content has flagged a modest but statistically notable increase in this category of material since mid-2023, with the Baltic incidents appearing to have functioned as an amplifier for pre-existing targeting narratives rather than as an originating cause.

Jurisdictional and Coordination Gaps in Protective Coverage

The protective security challenge for digital backbone infrastructure is compounded by a fragmented ownership and regulatory landscape. Undersea cables are predominantly owned by private consortia — increasingly including hyperscale technology companies operating proprietary systems — which places them outside the direct regulatory perimeter of most national critical infrastructure protection frameworks. The EU's NIS2 Directive and the Critical Entities Resilience Directive have extended the formal scope of infrastructure protection obligations, but implementation timelines and enforcement postures vary considerably across member states.

Maritime jurisdiction adds a further layer of complexity. Cable systems transiting the exclusive economic zones of multiple states, or lying in international waters, fall under a patchwork of legal frameworks that complicates both protective responsibility and incident response authority. The 1884 International Convention for the Protection of Submarine Telegraph Cables remains the foundational instrument, but it predates the current threat environment by more than a century and provides limited operational guidance for contemporary protective security planners.

Within Five Eyes jurisdictions, the degree of formal information sharing on infrastructure threat intelligence varies. Bilateral arrangements under existing signals and security cooperation frameworks provide some coverage, but the integration of private sector cable operators into threat intelligence flows remains inconsistent. Operators often receive general threat advisories rather than the specific, actionable intelligence that would enable proportionate protective measures at the most exposed nodes.

Implications for Analytical and Protective Security Posture

For counter-terrorism analysts, the primary near-term task is maintaining adequate coverage of the ideological and operational signals that precede physical targeting activity, while avoiding the analytical error of treating state-adjacent sabotage incidents as a reliable proxy for non-state actor capability or intent. The two threat tiers share a target set but diverge sharply in their indicators, timelines, and the collection methodologies best suited to tracking them.

Protective security planners should prioritise a physical security audit of cable landing stations against current standards, with particular attention to perimeter integrity, access control, and surveillance coverage at sites serving high-volume transatlantic or intra-European routes. The disparity between the security posture of these facilities and that of comparably critical energy infrastructure is a structural gap that does not require a sophisticated threat actor to exploit.

The current threat picture for non-state actor targeting of digital backbone infrastructure is best characterised as elevated conceptual interest with limited demonstrated operational capability. That assessment is subject to rapid revision: the infrastructure is accessible, the targeting rationale is coherent across multiple ideological frameworks, and the amplifying effect of even a partially successful attack on societal confidence in digital connectivity would be disproportionate to the physical means required. Analysts and planners who wait for the threat to mature before adjusting their coverage posture are accepting a structural lag that the target set does not afford.