Submarine cables – a limit to openness

Cross-border telecommunication connections are vital for Finland’s security of supply. Submarine cables transfer enormous quantities of data along the seabed. They carry practically all international communications.

The sabotage of the Nord Stream gas pipelines on the floor of the Baltic Sea raised concerns about whether the telecommunications cables in the sea could face the same treatment.

National security and cybersecurity issues have been important considerations in the development and construction of submarine cable networks from the outset. A critical failure of any submarine cable is highly unlikely. However, if this were to occur, the internet’s routing protocols would automatically put the data traffic on a different path. All the main routes have backup links, and there are several cable connections.

Over a year ago, the Ministry of Transport and Communications (Traficom) issued a regulation significantly enhancing the protection of submarine cables at their landing points. The requirements were justified by the importance of communication services and international connections to society. The more stringent security requirements significantly increased costs for telecoms companies.

The regulation requires new submarine cables to be buried at a depth of at least two metres between the water’s edge and the nearest beach manhole. If the coastal soil does not allow burial, due to bedrock, for example, the cable must be protected by means such as encapsulation. New cables must also be buried at the sea bottom at a depth of one metre at least 500 metres away from the landing point. If this is not possible, they must be protected, for example, by using sandbags.

Last spring, it came to light that while the protection rules were being tightened, the precise location of the submarine cables was revealed by one of Traficom’s online services. Unlike international maps such as the Submarine Cable Map, the agency’s service provided highly accurate location data on the landing points of submarine cables.

The information system was built in response to the INSPIRE Directive, which entered into force in 2007 to prevent marine traffic from damaging critical infrastructure. The Directive was implemented into Finnish law as the Act on Spatial Data Infrastructure. According to this Act, material can be classified as confidential for reasons such as public safety. In addition, public authorities administering geospatial data could impose conditions on the viewing, transfer or use of geospatial datasets. However, no such conditions were imposed, and the information remains freely accessible.

From the industry’s standpoint, it seems very peculiar that companies are obligated to take such extensive measures to protect submarine cables on the grounds of securing vital infrastructure. All the while, the locations of the cables are disclosed in full detail in a publicly accessible data bank.

The directive on the locations of submarine cables was apparently not implemented in the same way in Denmark and Estonia, which do not have a publicly accessible data bank revealing the locations of the cables.

As far as the existing cables are concerned, the cat is already out of the bag. If any malicious actors are interested in the information, they have surely already saved it somewhere. However, it would make sense not to disclose the locations of new cables quite so openly. Critical infrastructure and national security must be protected.