The Internet is a battlefield – and its weakest point lies under the sea

How conflict is extending beyond cyber-attacks to target the internet’s physical backbone

Conflict is no longer confined to systems on the internet; it is increasingly targeting the physical backbone of the internet itself, reflecting an intensification and expansion of existing patterns, where conflict unfolds not only through cyber operations, but also through the physical infrastructure that supports global connectivity and everyday societal functions.

Past attacks

Cyber operations targeting critical systems are not new. They have taken multiple forms from attacks on critical infrastructure such as Stuxnet, a malicious computer worm, targeting Iranian nuclear facilities to the exploitation of ‘internet trust services’ for espionage, as seen in the 2011 cyberattack on Dutch security firm DigiNotar breach. This in addition to targeted compromises affecting individuals and communication channels as with the case of the recent hack of the FBI director Kash Patel's personal emails. What is now emerging is a growing focus on the internet’s underlying connectivity infrastructure itself, particularly submarine cables, fundamentally altering both the scale and nature of the risk.

In today’s geopolitical landscape, threats are often met with counter-threats. When the United States and Israel signalled the potential targeting of Iranian energy infrastructure, Tehran responded with warnings that extended beyond oil and shipping routes to include communication networks.

A continuation of strategic warnings

This hasn’t emerged overnight. It’s the result of several technological shifts that I have been tracking over the past few years:

• Supply chains as vectors: In my analysis of the Beirut pager explosions, I explored how apparently trusted hardware (supplied in this case by a Budapest company called BAC consultancy) can be turned into a "remote-controlled time bomb". What this incident really showed is that supply chains are no longer just logistics—they’ve become active vectors of conflict.
• AI as a strategic asset: I previously highlighted how Artificial Intelligence has become a strategic tool in global geopolitics, fuelling a modern-day "Cold War". As AI becomes more integrated into defence strategies, the need for high-speed, constant data flow through physical infrastructure becomes even more critical. The growing importance of ‘actionable intelligence’ is particularly evident in conflicts such as Ukraine, often described as the first AI-enabled war.
• The evolution of cyber revenge: Years ago, I warned that Iran’s cyber capabilities were shifting focus from standard IT networks to the physical control systems used in utilities and oil refineries. The uncomfortable question is whether these ambitions could extend to critical connectivity infrastructure, including the submarine cables that carry the vast majority of global internet traffic. Iran is an accomplished cyberpower; it has targeted the US for cyber revenge attacks for at least a decade. Some notable successes have been Las Vegas Sands Casino and deleting high profile websites.

The hidden battlefield: submarine cables

At the centre of this vulnerability are submarine fibre optic cables. The Strait of Hormuz, famously known as a global energy chokepoint, is equally a "digital corridor”. A massive volume of data flows through a handful of cables in this volatile region, including: Falcon: A regional "ring" linking the Gulf states, Egypt, and India. AAE-1 (Asia-Africa-Europe-1): A massive data highway connecting the East to the West via the Middle East. 2Africa: One of the world’s largest subsea projects, designed to link billions of people.

These vulnerabilities are not confined to a single region. Similar chokepoints exist globally, from the Red Sea and the Baltic to the Taiwan Strait, highlighting how concentrated and interdependent global connectivity has become. There is also growing interest in land-based fibre routes as alternatives to maritime chokepoints. While these can reduce exposure to risks at sea, they introduce new geopolitical dependencies and raise concerns around surveillance, interception and strategic influence over data flows. Similar dynamics are already visible in energy infrastructure, where instability in maritime chokepoints such as the Strait of Hormuz and the Red Sea is driving renewed interest in alternative land-based routes.

The fragility of the deep

Despite their importance, these cables are far more exposed than most people realise. In coastal areas, they often lie in shallow waters, sometimes only tens of meters deep. While historical damage usually comes from ship anchors or fishing nets, a conflict environment introduces a more calculated risk: asymmetric sabotage.

The same maritime capabilities used to disrupt shipping—naval mines, underwater drones, or even commercial vessels dragging anchors with "plausible deniability"—could be used to disrupt these critical connections.

Not a blackout, but a regional shock

We need to be precise about the stakes here. A total global internet "blackout" is unlikely because the network is built with redundancy. However, that resilience is unevenly distributed. For regions like the Middle East that rely on a few high-capacity "chokepoint" routes, the impact of a physical breach would be immediate. This could lead to increased latency and congestion as traffic is rerouted through longer paths, delays in financial transactions and cloud-based services, and even the use of disruption itself as a form of strategic signalling.

Can satellites fill the gap?

In the event of a cable breach, satellite constellations such as Starlink are often cited as a fallback. As I noted in my discussion on Internet kill switches, governments often try to control the “edge” of networks to disrupt connectivity.

However, subsea and terrestrial fibre cables will continue to carry the vast majority of global traffic, particularly for cloud and AI workloads. Satellite systems are better understood as a complementary layer rather than a direct substitute. Even large constellations would require significant scaling to match the capacity of fibre-based infrastructure.

This points to a broader need for layered resilience, where multiple technologies (fibre, satellite and alternative routing) work together to ensure continuity in the face of natural disasters, technical failures or conflict. However, such an approach also increases system complexity, requiring robust coordination, testing and validation to ensure these layers function effectively under stress. It also raises questions around accountability and responsibility, as managing and securing this infrastructure spans multiple actors, becoming a major issue particularly in conflict scenarios.

While elements of existing models, such as the distributed responsibilities seen in internet service provision, offer a partial parallel. Unlike ISP networks which are typically governed within national regulatory frameworks, the global and transnational nature of subsea and terrestrial infrastructure, spanning multiple jurisdictions and security contexts, introduces greater challenges in coordination, accountability and enforcement.

Why this matters

Responsibility for protecting this infrastructure is inherently fragmented, spanning states, private operators and international bodies, with no single authority able to enforce rules globally. While international frameworks such as the Law of the Sea provide some protection for submarine cables, their effectiveness in conflict can be limited in practice - enforcement is complicated by attribution challenges, jurisdictional ambiguity and the dual-use nature of digital infrastructure. As is often the case with critical infrastructure governance, the challenge lies less in the existence of rules than in their enforcement. In practice, securing this infrastructure relies on a combination of surveillance, attribution and deterrence often backed by military capability. However, this introduces a strategic dilemma: efforts to secure critical infrastructure, particularly in contested regions, risk further militarising these environments and potentially escalating tensions rather than containing them.

This governance gap has broader implications. Modern societies assume reliable and constant connectivity. But as digital infrastructure becomes a primary target, that assumption becomes a liability.

Protecting the internet therefore requires a “seabed-to-space” strategy:

1. Diversifying subsea cable routes away from traditional maritime chokepoints.
2. Enhancing monitoring and detection to distinguish between accidental damage and deliberate sabotage by state actors—or, in more limited cases, capable non-state actors.
3. Recognising digital infrastructure as a pillar of national security, on par with power grids and water supplies.

In this emerging landscape, the most critical vulnerabilities are not always visible. They lie on the seabed—quietly carrying the data that keeps the world running yet increasingly sitting at the centre of geopolitical risk. This shift exposes how fragile our global stability really is, and how much it depends on infrastructure never designed to withstand conflict.

_______________________________________________

Dr Mahdi Aiash is an Associate Professor of Computer Science and Cybersecurity at Middlesex University. He is a leader for the cyber security research group and a Director of Technology Safety & Digital Security at CATS², heading research at the intersection of cybersecurity, AI, and societal impact.

His expertise spans AI-driven defence, offensive security, and next-generation cyber threats. He has contributed to UK Government-funded initiatives and supported national cyber workforce capability-building programmes, strengthening resilience and digital safety across the UK.

Find out more about cyber security at Middlesex University.