This post was updated on February 1.
As the world watches the Kremlin’s military build-up along the Ukrainian border, the Irish military is worried about Russian naval activity in its own backyard. That’s where Russian exercises are set to take place dangerously close to strategic undersea communications cables that represent an overlooked element of a potential Russian escalation: an effort to blind the world to events unfolding in Ukraine.
Armed with a sophisticated set of cyber capabilities, the Russian government has long relied—even compared to a cyber power like China—on destructive attacks that degrade or destroy systems, such as the one that shut off power grids in Ukraine in 2015. Not to mention the large network of actors, from state agencies to front companies to recruited cybercriminals, who conduct a range of cyber and information operations against the Putin regime’s enemies. But Russia’s weaponization of tech isn’t just about code and keyboards: If attackers can damage, destroy, or merely cut power to physical internet infrastructure, such as undersea cables, they can disrupt internet communications in a target area to cause public panic and unrest, undermine economic activity, and disrupt the flow of government and citizen communications.
That’s now a distinct possibility if Russia escalates further in Ukraine.
Recent history suggests as much. When Russia illegally invaded and annexed Crimea in 2014, one of its first actions was to cut a cable linking the peninsula to the outside world. This disrupted internet connectivity provided the Kremlin another point of leverage over the region and limited the world’s visibility into the early phases of the “grey zone” conflict (a term used to denote a conflict that falls below the threshold of war). This shows that the Kremlin recognizes the importance of the physical dimensions of online control and coercion. Domestically, for example, the state has moved to exert more control over physical internet infrastructure by forcing companies to install more surveillance and filtering technology. And when digital mechanisms of control fail or are insufficient, the state turns to physical coercion of citizens and foreign tech employees.
The last two decades of Russian military doctrine have also witnessed a growing emphasis on the importance of software, hardware, and cognitive control in modern conflict. This outlook isn’t lost on Western officials. Most recently, the head of the United Kingdom’s armed forces warned that Russian naval activity could threaten submarine cables and allow Moscow to disrupt global internet traffic.
Scenarios for slashing
In the current crisis, observers should watch the one submarine cable that carries global internet traffic directly into Ukraine: the Kerch Strait Cable, laid in 2014 by Rostelecom, the Russian state-owned telecommunications company. After the annexation, Crimean internet service providers (ISPs) began using the cable to route internet traffic through Russia. Because the most immediate impact of cutting it would be to internet communications in Crimea itself, the Kremlin may be less likely to damage this cable.
Yet if the standoff over Ukraine intensifies, the Kremlin might calculate that such a move is worth the risk if it would disrupt internet communications in the rest of the country, too. In that scenario, Russian military and intelligence assets in Crimea could have their internet access disrupted. But at the same time, it could create panic in the rest of Ukraine and limit the international community’s visibility into further Russian actions—well in line with the Kremlin’s willingness to accept some costs to invade and forcibly exert control over Ukraine.
Ukrainian internet traffic is also carried over land-based cables, such as fiber-optic, cross-border communication lines. The Russian military could physically damage, hold hostage, or cut power to internet service provider facilities (which deliver internet traffic to users) and internet exchange points (which exchange traffic between ISPs). These physical components in Ukraine carry global internet traffic, so disrupting them would impact the international sphere and force some traffic to get routed around Ukraine, but the worst effects would be felt within the country as these components primarily deliver traffic to Ukrainians.
In the most globally damaging scenario, the Russian military could target any of the dozens of submarine cables linking other parts of Europe to the global internet—and which, by extension, may carry traffic originating in (and destined for) Ukraine. For instance, there are sixteen submarine cables touching Ireland, where Russia is about to stage “naval exercises,” and cutting some of those cables—which connect to Norway, the United Kingdom, Iceland, and the United States—would damage the flow of global internet traffic and could take several hours or even days to repair. It could also considerably distract those countries from other world events.
Alongside preparing for damaging Russian cyber operations against Ukraine, as well as countries that Russian President Vladimir Putin considers to be pro-Ukraine, Kyiv and its allies must prepare for the potential targeting of internet cables. Moscow knows that information is vital in a crisis—and that controlling or entirely disrupting its flow can provide important strategic advantages.
Justin Sherman (@jshermcyber) is a nonresident fellow at the Cyber Statecraft Initiative in the Atlantic Council’s Scowcroft Center for Strategy and Security.
An earlier version of this article incorrectly characterized an internet cable Russia cut in 2014. It was not a submarine cable.