Securing Submarine Cables Against Emerging Cybersecurity Threats

Submarine cables, the backbone of global connectivity, are responsible for transmitting over 99% of international data traffic. However, their critical role also makes them a prime target for cybersecurity threats that span physical, logical, and geopolitical domains. In a recent episode of the TeleGeography Explains the Internet podcast, Ferris Adi, Chief Information Security Officer at Trans Americas Fiber System, provided valuable insights into the evolving threat landscape and strategies to protect these indispensable assets. Here’s an in-depth look at the discussion and its far-reaching implications.

The Complex Threat Landscape of Submarine Cables

Submarine cable systems face unique vulnerabilities stemming from shared vendor platforms, insufficient end-to-end encryption, and inadequate role-based access controls. A single exploit, such as an unsecured vendor API or an unsigned firmware update, can lead to disastrous outcomes, including regional outages and manipulation of data traffic. Adding to the complexity, these cables traverse multiple jurisdictions, necessitating compliance with various regulatory standards that often differ by region.

In regions like the Americas, recent developments such as the FCC’s Notice of Proposed Rulemaking treat submarine cable cybersecurity as a national security priority. Operators are now required to implement comprehensive risk management plans and demonstrate compliance through annual certifications. However, enforcement remains inconsistent on a global scale. Experts like Adi emphasize the importance of proactively embedding security measures at every operational layer, exceeding regulatory mandates to ensure systemic resilience.

From Prevention to Resilience: Preparing for Breaches

A paradigm shift is occurring in the approach to cybersecurity. Adi points out that while preventing every security breach is impossible, organizations can minimize damage through robust incident response strategies. Key components include detailed preparation, predefined stakeholder roles, routine tabletop exercises, and rigorously tested backup systems. The ability to detect threats early and respond effectively often distinguishes a contained incident from a full-scale crisis.

Good communication is another vital element of resilience. Establishing clear protocols for internal coordination and public communication can prevent confusion and misinformation during a breach. Companies with strong, transparent response systems better maintain customer trust and operational stability even in the face of challenges.

AI and Quantum Computing: The Next Frontier in Cybersecurity

As technology advances, so do the tools of both defenders and attackers. Artificial intelligence (AI) has become a double-edged sword. Cybercriminals are leveraging AI to execute sophisticated phishing attacks and create adaptive malware, while cybersecurity teams use it to analyze telemetry data and uncover hidden threat patterns. This ongoing arms race underscores the need for innovative defense strategies.

Quantum computing, though still in developmental stages, presents a longer-term but highly significant threat. Once operational, quantum technologies could nullify current encryption methods. The “harvest now, decrypt later” strategy employed by attackers—stealing encrypted data in anticipation of quantum decryption—calls for immediate risk assessments. Organizations must evaluate where sensitive data resides, how long it requires protection, and whether their cryptographic systems are future-ready.

Cybersecurity as a Business Imperative

Cybersecurity is no longer a siloed technical issue but a core business consideration. As Adi explains, for submarine cable operators, trust is the cornerstone of their business model. Selling secure and reliable data transport services depends on making cybersecurity a shared responsibility across all levels of the organization. From the boardroom to IT teams, everyone must understand that cyber risks directly translate to business risks.

Ultimately, securing submarine cables entails more than just adopting advanced technical solutions. It requires a holistic shift in mindset—treating cybersecurity not merely as a cost center but as a critical enabler of business continuity and growth. By fostering cross-functional collaboration, investing in resilience-focused strategies, and staying ahead of the evolving threat landscape, submarine cable operators can safeguard their infrastructure and maintain the trust of a connected world.