Skip to main content

Lack of Attribution as Critical Infrastructure is Damaged Again in the Baltic Sea

Isabella Hannen
Damage to the Balticconnector pipeline

Only a couple weeks after the anniversary of the Nord Stream explosions another incident affecting critical undersea infrastructure in the Baltic Sea took place. In the early morning of October 8, a Finnish gas company, Gasgrid, reported a drop in pressure of the Balticconnector pipeline caused by a leak. In addition to the pipeline, which runs between Finland and Estonia, it was discovered that two undersea telecommunications cables nearby were also damaged, all around the same time. While we cannot talk about a deliberate attack by either a state or private actor yet, as the investigation is still ongoing, the lack of being able to establish attribution in cases of possible hybrid aggression unfortunately seems to be the norm rather than the exception.

Both undersea cables and pipelines generally fall under the definition of critical infrastructure as the services they provide are critical for telecommunication and energy transmission. Damage, both intentional and unintentional, to critical infrastructure could have massive implications on land-based systems. For instance, the island of Tonga was cut off from the internet for almost a week in January 2022 when its only communications cable was damaged in an earthquake. The undersea cables are also critical from a strategic point of view as they can transport sensitive or classified information. In case of damage, the equipment would have to be retrieved from the seafloor, potentially from great depths, to ensure the information doesn’t fall into the wrong hands. Targeting key pipelines in this sensitive energy market could have a significant impact on energy supply and prices.

After the Balticconnector incident NATO’s Secretary General Jens Stoltenberg expressed NATO’s support for Finland and Estonia and said that NATO will mount a ”determined” response if a deliberate attack is proven. Following the incident NATO also announced that it has increased its presence in the area. On its own, increasing NATO presence in the area is unlikely to have enough of a deterrent effect to stop future attacks. It is impossible to physically monitor thousands of kilometers of pipelines and cables across multiple oceans, and malign actors know it. Therefore, in addition to increased manpower, it is crucial that more efforts are focused on developing technology for tracking vessels and for undersea surveillance equipment like autonomous sensors. 

In recent years Russian “ghost ships” have been suspected of mapping critical infrastructure sites in the Baltic Sea. ”Ghost ships” are vessels that have turned off their Automatic Identification System (AIS) signal which is typical for warships, other government vessels and civilian vessels that try to hide their movements. In order to be able to map out their navigation patterns, development of satellite imagery is vital. The Norwegian startup Vake is tracking ghost vessels that navigate with their AIS signal turned off. They have especially been following the movements of the Russian navy vessel Admiral Vladimirski, which according to reports has been sighted navigating above the Balticconnector pipeline earlier this year. It has also gotten attention on its previous trips when it has been navigating around both undersea infrastructure and offshore wind farms in the Baltic and North Sea. 

balticconnector and data cables
Location of the Balticconnector pipeline and the two data cables which were damaged on October 8, 2023.

At this point of the investigation into the Balticconnector incident, a shipping vessel flying Hong Kong's flag, called Newnew Polar Bear, is thought to have caused the incident by dragging its anchor over the cables and the pipeline. While it is doubtful that Chinese actors would have an incentive to attack critical infrastructure in the Gulf of Finland, experts are speculating about the possibility of the crew being bribed by Russian actors. Due to the presence of the Russian navy vessel Admiral Vladimirski earlier this year nearby and the knowledge of Russia’s vast capabilities of targeting infrastructure on the deep seabed it is not unfounded to suspect Russia’s possible involvement. 

During the year after the Nord Stream explosions the international community has taken steps to better protect critical infrastructure. NATO has announced a Critical Infrastructure Coordination Cell in January of 2023 which aims to “improve information sharing and exchange best practices between NATO Allies, partners, and the private sector”. At the Vilnius Summit 2023 leaders agreed to establish NATO’s Maritime Centre for the Security of Critical Undersea Infrastructure within NATO’s Maritime Command. Most recently, the Digital Ocean Vision initiative was formally endorsed by NATO’s defense ministers, along with the Swedish defense minister, on October 12 and will build on the previous efforts by enhancing maritime situational awareness through a range of assets like satellites and autonomous systems both under and above the surface.

Additionally we have seen EU-NATO collaboration through the establishment of the EU-NATO Task Force on Resilience of Critical Infrastructure which was launched in March 2023. The task force focuses on cooperation in four areas; energy, digital infrastructure, transport and space. Spatially it is not limited to the maritime domain but special focus is paid to this area post Nord Stream. This ”special focus” is likely to continue now as critical infrastructure is damaged again in the Baltic Sea. 

The task forces and coordination cells which have been set up are clearly proof that more attention is being paid to threats to critical undersea infrastructure. The Balticconnector incident has shown us that Finland and Estonia are resilient to damage caused to its infrastructure. The data traffic from the damaged cable was immediately rerouted to another cable. In order to compensate for the loss of energy imports from the Balticconnector pipeline, Finland operationalized an LNG terminal in the port of Inkoo, which was built last year with this specific type of threat in mind. Although the damage from the Balticconnector incident was minor due to the resilience of these two states, it is alarming that within a very short amount of time two major pipelines have been targets and attribution remains difficult.

With the current geopolitical tensions in the Baltic Sea, and the unlikeliness of Russia decreasing its activities in the area, it is crucial to stay vigilant and focus on how to be more proactive to defend critical infrastructure. Even though there are mechanisms in place to take over for the damaged infrastructure, if the incident proves to be a deliberate attack, it is an attack on state sovereignty. Therefore, it is critical to develop mechanisms to be able to establish attribution, which would allow for a clear response from affected countries.

About the Author

Isabella Hannen

Isabella Hannén

Staff Assistant Intern, Global Europe Program
Read More

Global Europe Program

The Global Europe Program addresses vital issues affecting the European continent, US-European relations, and Europe’s ties with the rest of the world. We investigate European approaches to critical global issues: digital transformation, climate, migration, global governance. We also examine Europe’s relations with Russia and Eurasia, China and the Indo-Pacific, the Middle East and Africa. Our program activities cover a wide range of topics, from the role of NATO, the European Union and the OSCE to European energy security, trade disputes, challenges to democracy, and counter-terrorism. The Global Europe Program’s staff, scholars-in-residence, and Global Fellows participate in seminars, policy study groups, and international conferences to provide analytical recommendations to policy makers and the media.  Read more