Rethinking Submarine Cable Cybersecurity in the Age of SMART Cables technology and the NIS2 EU Directive – The Future is Just Around the Corner!

Imagine a network of nerves running across the ocean floor, silently pulsing with the world's heartbeat—each strand transmitting trillions of data, fueling economies, enabling global communication, and protecting national security. These cables, though invisible to most, are the backbone of the digital economy, supporting everything from financial transactions to military communications. However, beneath these "calm waters," lies a fragile system,?now classified as critical infrastructure under the NIS2 Directive (Article 2(2)(d)), vulnerable to cyberattacks, natural disasters, and geopolitical sabotage.

With the introduction of the NIS2 Directive by the European Union,?the approach to securing subsea cables has expanded beyond physical protection to embrace cybersecurity as a core component of resilience (Article 21(1)). Operators of these critical infrastructures must adopt advanced cyber risk management strategies to protect against the increasingly sophisticated threats posed by both physical and digital attacks. NIS2 calls for infrastructures to go beyond basic measures, requiring the integration of new technologies, such as SMART Cables (Science MonitoringAnd Reliable Telecommunications), to create dynamic,?“cyber-aware” ecosystems?that enhance real-time incident detection and response.

Historically, subsea cables were treated merely as passive channels for data transmission. However,?in the current digital environment, these cables have assumed a central role as essential components of each country’s digital sovereignty (Article 3). Any disruption, even brief, can have catastrophic consequences, halting financial transactions or interrupting critical national defense communications. The NIS2 Directive addresses this new reality by expanding its scope to include operators of essential services like subsea cables (Article 2), making them a vital part of the EU’s cyber defense framework.

One of the key advancements introduced by NIS2 is the robust cyber risk management mandate (Article 18(2)). It requires operators of critical infrastructure, including subsea cables, to implement sophisticated cyber risk management measures to mitigate emerging vulnerabilities and ensure rapid response to both physical and cyber threats. This?regulatory framework focuses on long-term resilience, urging operators to prioritize not only protection but also?the ability to quickly recover from attacks and other disruptions.

A crucial component of meeting the NIS2 requirements is the adoption of SMART Cable technology. These cables are equipped with advanced sensors that can monitor their surroundings in real-time, detecting changes such as seismic movements or temperature variations that might signal imminent threats.?By incorporating these technologies, operators can not only detect physical vulnerabilities but also digital threats, such as malware or unauthorized access attempts, aligning with the Directive’s call for?“cyber-aware ecosystems” (Article 18(3)).

In line with this article, these cables operate in cyber-aware ecosystems, not only transmitting data but also generating critical information about their operational status, contributing to a distributed and adaptive defense network (Article 11).

Real-time monitoring and rapid incident response are further emphasized in NIS2, particularly in?Article 21(4) and 21(2), which makes these capabilities mandatory for critical infrastructure operators. The Directive promotes?a coordinated approach?across the EU, encouraging collaboration between member states and operators to share threat intelligence and establish proactive defense mechanisms.?This interconnectedness strengthens the collective resilience of Europe’s critical infrastructures, including subsea cables.

Today's maritime threat landscape encompasses more than physical damage to submarine infrastructures - on and under the sea (economic[1], environmental[2], political[3], technological, and infrastructural security challenges[4], as well as food security[5], scientific research and resource exploration,[6] and maritime navigation and transport[7].

The NIS2 Directive recognizes the evolving nature of threats (Article 16(1)), including ransomware attacks, malware infiltrations, and covert operations aimed at intercepting or corrupting data flowing through subsea cables (Article 21). These cyberattacks, if successfully coordinated, can cause devastating disruptions to the global economy. Under NIS2, a?multi-layered cybersecurity approach?(Article 18?and Article 21) ensures that such threats are detected and addressed swiftly, protecting global communications channels and minimizing the risk of widespread failure.

Real-time monitoring and response systems, now mandatory under Article 21, ensure that submarine cable operators can quickly detect threats and act effectively to avoid significant disruptions (Article 18). Moreover, this regulatory framework promotes the sharing of threat information among operators and Member States, enabling the creation of a coordinated and proactive defense system, strengthening the collective security of critical infrastructures.

Another critical aspect of SMART Cables is their multifunctionality.?In addition to enhancing cyber resilience, these cables contribute to environmental monitoring and protection, aligning with NIS2’s vision of critical infrastructures playing a broader role in the sustainable management of resources.?SMART Cables, equipped with environmental sensors, can monitor ocean conditions, detect pollution, and even alert authorities to illegal activities like unregulated fishing, reinforcing the EU’s commitment to protecting both digital and environmental frontiers. This dual functionality also supports?a sustainable blue economy?by providing real-time data on marine ecosystems[8].

By performing these environmental monitoring functions, SMART cables can alert about climate changes and contribute to the protection of sensitive marine ecosystems. This multifunctional evolution of subsea cables reflects the vision of NIS2, which advocates a holistic approach to protecting critical infrastructures.

However,?the implementation of NIS2 presents significant challenges (Article 22(1)), particularly in terms of modernizing existing infrastructures.?Upgrading subsea cables to meet the directive’s requirements for cyber and environmental resilience demands substantial financial and technological investments. Risk management, real-time monitoring solutions, and intelligence sharing will require deep modernization of protection systems, which many operators are currently ill-equipped to handle.

Despite the challenges of implementing NIS2, the benefits are undeniable. By fostering a coordinated, intelligence-sharing approach among member states and infrastructure operators, the directive enhances?cybersecurity?and can contribute to broader goals, including?environmental sustainability?when viewed in conjunction with other EU frameworks. The?Marine Strategy Framework Directive (Directive 2008/56/EC), for instance, emphasizes the need for good environmental status of marine waters, which SMART cables equipped with environmental sensors can help achieve through real-time monitoring of ocean conditions. Similarly, the?Common Fisheries Policy (Regulation (EU) No 1380/2013)?seeks to combat illegal, unreported, and unregulated (IUU) fishing, an objective that can be supported by SMART cables that monitor illegal maritime activities.

This modernization of infrastructure builds trust among nations and strengthens both the global digital environment and the sustainability of marine ecosystems, ensuring the resilience of critical infrastructures against emerging threats. Furthermore, by aligning with the?EU Blue Economy Strategy, which promotes the sustainable use of ocean resources for economic growth while protecting marine ecosystems, the integration of cybersecurity and environmental monitoring through SMART technology not only secures data flows but also supports the preservation of marine environments.

In my point of view, the?NIS2 Directive (Articles 18, 21, and 22) and the integration of SMART technology into subsea cables?represent not only a critical advancement in protecting global communications but also a unique opportunity to address environmental challenges. By adopting a?resilient, adaptive security approach, operators can ensure the continuity of essential services while?contributing to environmental protection through real-time monitoring of marine ecosystems.

Under NIS2, supported by a holistic vision, Europe is leading the way in modernizing critical infrastructures, balancing?digital security with environmental sustainability, and?creating a safer, more stable global future.

?

[1] Piracy and theft remain significant threats in various regions worldwide, especially in the Gulf of Guinea. This criminal activity has a direct and negative impact on trade and maritime transport, resulting in substantial economic losses and increased security costs for companies operating along these routes. Disruption to international trade is another growing concern. Cyber or physical attacks on maritime infrastructure can cause serious interruptions to global trade. Congestion at ports or strategic routes, such as the blockage of the Suez Canal, demonstrates how these interruptions can have deep economic consequences, affecting supply chains and global goods flow. Illegal, unreported, and unregulated (IUU) fishing poses a direct threat to the economy and the sustainability of fisheries resources. This illegal practice affects the income of coastal communities and compromises the long-term viability of fishing industries, exacerbating unregulated ocean exploitation

[2] Pollution and environmental disasters, such as oil spills, chemical leaks, and the increasing presence of marine debris (such as plastics), have devastating effects on marine environments. These disasters severely impact industries that depend on marine ecosystems, such as fishing and tourism, threatening biodiversity and local economies. Ocean acidification, caused by carbon dioxide absorption, is altering ocean chemistry. This phenomenon negatively impacts coral reefs and marine biodiversity, affecting food chains and, consequently, coastal economies that rely on these natural resources.

[3] Sovereignty conflicts in strategic maritime zones, such as the South China Sea, pose a serious geopolitical threat. These areas are crucial for the control of natural resources, such as oil, gas, and fisheries, as well as affecting international navigation routes, exacerbating tensions between nations. Maritime terrorism is another emerging threat. Terrorist organizations use maritime routes to carry out attacks and illegally traffic weapons and people. Strategic infrastructures, such as ports, pipelines, and subsea cables, are potential targets, increasing the global security risk. Cyber interference has become an increasingly greater threat with the digitalization of maritime operations. Cyberattacks on ships, port systems, and subsea cables can disrupt global trade and communications, causing severe economic and operational damage

[4] Sabotage and espionage of submarine infrastructures also represent a major concern. Subsea cables, responsible for most global communications, are vulnerable to physical sabotage and cyberattacks. Any disruption to these critical infrastructures can have global economic and security consequences. Technological obsolescence puts older maritime systems at risk. With the advancement of technology, older navigation and communication systems become vulnerable to failures and attacks, requiring constant modernization of maritime infrastructure to ensure security

[5] Overfishing and the destruction of marine habitats, such as coral reefs and spawning grounds, threaten the food security of millions of people who depend on marine resources. The degradation of these ecosystems compromises the long-term sustainability of fisheries and livelihoods. Changes in fishing patterns, caused by climate change, affect the migration of marine species, jeopardizing traditional fisheries resources. This change can generate new economic and geopolitical tensions as countries compete for resources that were once abundant.

[6] Interference in oceanic scientific research is often limited by political and security issues, especially in disputed areas. This restriction hinders the development of new technologies and the sustainable exploration of underwater resources, compromising scientific progress. The exploitation of natural resources in the maritime environment, such as oil, gas, minerals, and renewable energy, can lead to conflicts of interest and environmental damage. Without proper regulation, these activities can have negative social and ecological impacts, affecting both local communities and ecosystems

[7] Autonomous navigation presents new challenges in the maritime sector. The introduction of autonomous ships requires the creation of a robust legal and regulatory framework to ensure cybersecurity and safety on maritime routes, as this new technology may revolutionize navigation and transport

[8] More info: Marine Strategy Framework Directive (MSFD) – Directive 2008/56/EC; Common Fisheries Policy (CFP) – Regulation (EU) No 1380/2013 and EU Blue Economy Strategy.