This article is written by Chitra R. Devi.
INTRODUCTION:
Cybersecurity has emerged as a critical concern in the modern era due to the increasing dependence of the global community on the Internet and web-based ICT. “The aggregation of tools, policies, security concepts, safeguards, guidelines, risk management strategies, actions, training, best practices, assurance, and technologies employed to safeguard the cyber environment and the assets of organisations and users.” That’s how the International Telecommunications Union (ITU) defines cybersecurity.
Submarine communication cables, vital for data transfer and global connectivity, are hosted by the world’s oceans. Despite their critical role in supporting our digital infrastructure, these cables have raised many questions about maritime security, jurisdiction, and potential legal consequences. Transmitting telecommunication signals across underwater distances, submarine cables are crucial components of the infrastructure that allow global communication and data exchange. A complex system of fiber-optic lines laid out on the ocean floor allows for the constant transfer of data, voice communications, and other digital information, including that found on the internet. These connect different continents. The complex integration of engineering and technology shown in the installation of submarine cables demonstrates how far humanity has come in overcoming obstacles in the underwater environment.
Submarine cables are absolutely essential to the functioning of the global economy and to our everyday lives. They are essential for modern connectivity because without them, major services like the internet, international telecommunications, military operations, and financial transactions would not be possible. Over 95% of all international communications are transmitted by satellites, which is a common misconception. Given the strategic importance of submarine cables, increased security measures and international cooperation have been put in place to protect these essential assets from possible disturbances, interruptions, and dangers.
Submarine cable networks have been expanded and improved in response to the rising demand for data services and high-speed internet in recent years. The introduction of new materials and technologies, along with advancements in cable design, are enhancing the capabilities of these systems. That way, these systems will be able to withstand the test of time and keep up with the expanding needs of international communication.
The susceptibility of these submerged structures to both man-made and natural dangers puts their very survival at risk. The cables face serious dangers from piracy, illicit fishing, deep-sea mining, and acts of sabotage. There are a number of new cybersecurity risks that could affect submarine cable systems, despite their importance to the communications infrastructure.
There has been growing concern about the possibility of state or non-state actors intentionally disrupting submarine cable systems since September 11, 2014. These events on September 11, 2014, have only served to heighten this worry. Underwater cable systems are not immune to cyber assaults, especially those that target the network management systems that keep the cables running. Dismantling cable landing stations and underwater cables on purpose is also part of this.
Submarine cables are not only susceptible to damage, but they can also be utilised for electronic espionage and intelligence gathering. The current digital era places a great emphasis on the flow of international data, making it essential to have a comprehensive understanding of the legal complexities surrounding submarine cables, maritime security, and jurisdiction.
SUBMARINE CABLE INDUSTRY:
Two brothers, Jacob and John Brett, formed the British corporation known as the English Channel Submarine Telegraph Company. Their crowning glory was the first submarine cable, which they sunk between Dover and Calais in 1850. The widespread belief that telegraphs facilitated trade and economic activities attracted private investment, which drove the industry forward. The Brett Brothers’ proprietary business model had a profound effect on the development of the industry and is still widely used today.
During its early stages, the majority of the submarine telegraph cable network was owned and operated by British companies, with assistance from the Empire. On the flip side, other countries, like Russia, France, and Germany, followed Britain’s lead and used their control over large sections of the world’s telegraph cable network to gain strategic and military advantages in the war. They (the other powers) set out to break the British monopoly by laying cables of their own. Other countries started looking into wireless telegraphs and other alternatives to British cables so they could rely less on them. This played a role in the telegraph’s downfall. [1]
There are a number of private cable companies that serve different cities. Within the cable industry, there are two main types of cable companies. Those who own or are in charge of the cable system should be considered first. Private companies, investment banks, or national telecoms could make up these groups. The second kind of cable companies are the ones that supply the cables. Submarine cable construction, operation, and maintenance are the purview of these businesses. Cable joint suppliers provide the necessary equipment to replace damaged cables with new ones, marine service providers provide specialised vessels for cable installation operations, and system suppliers are in charge of the design, planning, and manufacturing of the cable system.
A trade group focused on protecting cables was established in 1958 with the name International Cable Protection Committee (ICPC). Participating members own, operate, or provide services for over 97% of the world’s international submarine cable systems. The International Council for Political Cooperation (ICPC) welcomed governments as members in 2010, increasing the number of governments with a sufficient number of representatives. In order to keep the submarine cable network intact, the International Cable and Power Corporation (ICPC) works with other seabed users, governments, and international organisations to provide recommendations on different issues pertaining to the cables.
THE INTERNATIONAL LEGAL REGIME GOVERNING SUBMARINE CABLES:
It didn’t take long for submarine cables to be acknowledged as a valuable public asset in need of regulation and protection. During the seven worldwide gatherings that took place from 1863 to 1913, the topic of protecting underwater cables was deliberated more than 81 percent The international community passed four pieces of legislation between 1884 and 1982. The responsibilities and privileges of states in relation to underwater cables were discussed in these treaties. To be more precise, what follows is included: (1) the 1884 Cable Convention, also known as the Convention for the Protection of Submarine Telegraph Cables, (2) the 1958 Geneva Convention on the High Seas, (3) the 1958 Convention on the Continental Shelf, and (4) the 1982 United Nations Convention on the Law of the Sea, often known as “UNCLOS.” When it comes to protecting underwater telegraph cables, no other gathering compares to the 1884 Cable Convention. Protecting cables situated outside of states’ territorial waters was the principal goal of the convention. Forty states are currently signatories to the convention and have ratified it.
Two massive treaties that cover a wide range of maritime law are the 1958 Geneva Conventions on the High Seas and the Continental Shelf and the United Nations Convention on the Law of the Sea (UNCLOS). Underwater cables are presumed to be governed by the UN Convention on the Law of the Sea (UNCLOS) for the purposes of this article.
The ratification of the 1982 UN Convention on the Law of the Sea was a watershed event in the development of global diplomacy and law. A “constitution for the oceans” consisting of 320 articles and 9 annexes was negotiated over the course of nine years by more than 140 states, 6 non-independent states, 8 national liberation movements, 12 specialised agencies, 19 IGOs, and a number of UN quasi-autonomous entities. Also involved were twelve specialised agencies. In addition, 167 states are presently parties to the Convention, and 169 have ratified it. One goal of the UNCLOS is to establish a “legal order for the seas and oceans” by outlining who has the power to legislate in certain areas and what duties coastal states and other maritime users have to bear. There are three distinct types of maritime zones: those under territorial sovereignty, which include the territorial sea, archipelagic waters, and straits used for international navigation; those outside sovereignty but under national jurisdiction, such as the Exclusive Economic Zone and the Continental Shelf; and those beyond national jurisdiction, which include the high seas and the deep seabed.
The freedom to install, repair, and maintain submarine cables, as well as the rights and responsibilities of states regarding their safeguarding, are outlined in the United Nations Convention on the Law of the Sea (UNCLOS). Where the cable activities take place determines the breadth and depth of these rights and responsibilities.
THE PROTECTION OF SUBMARINE CABLES:
Safeguarding submarine cables has been a source of concern for the international community ever since the 1884 Cable Convention was adopted. This concern has been there ever since the cable convention started. In order to safeguard submarine cables within their territorial sea, coastal states have the explicit power to enact laws and regulations pertaining to innocent passage. This paves the way for coastal nations to safeguard underwater cable systems. In addition, they can pass legislation that will protect submarine cables in their territorial waters. The United Nations Convention on the Law of the Sea (UNCLOS) states that coastal states are not required to establish rules and regulations to safeguard submarine cables within their territorial waters.
The responsibility for protecting cables outside of territorial waters, specifically in the EEZ, continental shelf, and high seas, is clearly outlined in the United Nations Convention on the Law of the Sea (UNCLOS). Articles 113–115 of the UNCLOS, which are derived from three articles of the Cable Convention of 1884, deal with the protection of underwater cables while they are in international waters. Submarine cables placed in the continental shelf or exclusive economic zone are also covered by these regulations, as outlined in Article 58 (2).
Under Article 113 of the UNCLOS, states are obligated to impose penalties on individuals or vessels flying their flags or subject to their jurisdiction who wilfully or negligently damage underwater cables in international waters. Any behaviour with the intent to or likelihood of violating these laws or regulations is subject to enforcement. On the other hand, it won’t cover harm that people cause who were already taking all the necessary measures to prevent it, particularly after they tried to save lives or their boats. Damage to submarine cables, whether intentional or accidental, is now within a state’s criminal jurisdiction, thanks to Article 113. In line with the established principles of international law regarding extraterritorial jurisdiction, this extension of jurisdiction is only applicable to vessels flying the flag of the state while at sea or within the exclusive economic zone (EEZ). This also applies to citizens of the country who carry out these kinds of crimes. [1]
Every state is required by UNCLOS Article 114, which is based on Article IV of the 1884 Cable Convention, to establish rules and regulations regarding the responsibility of cable owners for expenses related to repairs for cables that are damaged during installation or maintenance.
Article 115, which is based on Article VII of the 1884 Cable Convention, states that every state must pass rules and regulations to make sure that the owners of submarine cables compensate the owners of ships whose captains give up fishing gear like nets and anchors to protect the cables. This provision is contingent upon the shipowner taking all reasonable precautions prior to the sacrifice.
THE LAW OF CYBERATTACK:
There is no agreed-upon definition of “cyberattack,” but the words “cyberwarfare” and “cybercrime” are frequently used interchangeably. The USA Department of Defense’s Dictionary of Military Terms defines the term “computer network attack” (abbreviated as “CNA”) as “actions executed via computer networks to disrupt, deny, degrade, or destroy information stored in computers and computer networks… or the computers and networks themselves.” Furthermore, NATO has also agreed to this definition, adding that “a computer network attack constitutes a category of cyber-attack.”
The use of Computer Network Operations (CNO) to ensure the efficient use of our own systems and networks while simultaneously obstructing the adversaries’ effective use of their computers, information systems, and networks is defined by the Joint Chiefs of Staff as network warfare. Cyber network defence (CND), cyber network exploitation (CNE), and cyber network attack (CNA) are all part of this umbrella term.
According to the US National Research Council, cyberattacks are “intentional actions to modify, interrupt, mislead, diminish, or obliterate computer systems or networks, or the information and/or programs contained within or traversing these systems or networks.” Some have proposed the following definition of cyberattack as the gold standard: Any attempt to undermine the operation of a computer network in order to achieve political or national security goals is referred to as a cyber-attack.
Intentional attacks on underwater cables lying on the ocean floor, cable landing sites, or the network management systems controlling cable operations would be classified as cyber-attacks according to the definitions given above. The next thing to consider is whether cyberattacks are governed by international law and, if so, if this law provides a reliable framework for protecting cables located beneath the ocean bottom.
Much debate has arisen over whether and to what extent international law applies to cyber assaults. In the end, unlike traditional battlefields, cyberspace is totally man-made. Public and private entities around the world share equal responsibility for its inception, upkeep, ownership, and operation. It also changes all the time to accommodate new technologies. Cyberspace is devoid of geographical, political, or biological constraints, allowing for the instantaneous transmission of information and electronic payloads between any source and any destination linked via the electromagnetic spectrum. Despite the ease with which governments, non-state entities, private corporations, and individuals can access cyberspace, IP spoofing and botnets make it harder to reliably identify and attribute cyber activities.
The swiftness and anonymity of cyberattacks make it difficult to determine state responsibility and differentiate between the acts of nation-states, criminals, and terrorists, which is a major obstacle to developing a suitable legal framework to control a cyberattack that violates international law. The development of such a framework is inherently difficult, and this is an example of that.
Academics and industry experts disagree on whether or not international law applies to cyberattacks. From its establishment in 2004, the UN Governmental Group of Experts (GGE) on Information and Telecommunications Developments in the Context of International Security has been examining the relevance of international law to the use of ICT by states. The relevance of the rules of war to cyberattacks was a particular area of contention. These rules include jus ad bellum, which specifies the circumstances that may lead to war, and jus in bello, which lays out the principles that govern the conduct of warfare. The United States Department of State’s Legal Advisor Harold Koh made it clear in September 2012 that cyberspace is subject to the same rules of international law that govern warfare. A peaceful, open, secure, and accessible environment for information and communication technology is essential for maintaining peace and stability, according to the General Government Executive, who made this claim in June 2013 in reference to international law, specifically the United Nations Charter. While it is possible to use some corpora of international law to counter cyberattacks, doing so is a patchwork approach that does little to address the security threats that these attacks pose.
There may be some loopholes that the rules of war can fix concerning the wilful destruction of underwater cables, cable landing sites, and interruptions to network management systems, which include both real and virtual domains. To justify using force, the jus ad bellum principle is invoked. To start with, it must be recognised that the United Nations Charter states in Article 2(4) that UN Members “shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any State, or in any other manner that is inconsistent with the purposes of the United Nations.” The idea is further bolstered by customary international law’s adherence to the principle of non-intervention in the internal affairs of states.248 The use of force is strictly forbidden, although there are two exceptions to this rule. The Security Council has the authority to authorise collective security operations in situations involving aggression, breaches of peace, or threats to peace, as stated in Article 39 of the Charter.
According to Article 51, states have the inherent right to defend themselves, either individually or collectively, when they are attacked by armed forces. For this reason, the Security Council can authorise the use of force against the responsible state if it determines that the intentional cutting of underwater cable systems constitutes a “threat to international peace and security or an act of aggression.” But if intentional disruption of submarine cable systems is considered a “armed attack,” then a state or states have the right to defend themselves.[1]
While this is certainly a pressing matter, these principles do not go far enough in protecting this important communications infrastructure. If such an assault were to be deemed a “threat to international peace and security” or a “armed attack,” the states and/or the Security Council would be obliged to take action. When there is no tangible proof of intentional intrusion into the network management systems of submarine cables, this situation could become extremely challenging. And it doesn’t even address the issue of non-State actors intentionally damaging cable systems; it just assumes that the attackers are easily identifiable. The third point is that states must follow the rules of conventional international law when they use force in response to an armed attack that intentionally disrupts cable systems. This is in accordance with the principles of necessity and proportionality stated in jus ad bellum. The use of force should be reserved for situations where all other diplomatic avenues have been exhausted, and any reaction should be proportional and not go overboard. We must act immediately on this matter. This clarifies why states can only implement a certain number of responses. If cyberattacks progress to armed attacks, decision-makers will have to figure out how to measure the direct and indirect effects of damage on computer networks compared to more traditional types of damage if they want to know what to do legally.[2]
International telecommunications law may include cyberattacks, including intentional damage to cable systems, in addition to the laws of war regulating interstate relations. When it comes to establishing global norms for the IT sector, the primary UN body responsible is the International Telecommunication Union (ITU). Priority one for the group is the global distribution of radio spectrum and satellite orbits, and secondary is the development of technical standards to ensure interoperability of various networks and technologies. The International Telecommunication Union (ITU) has not issued any rules or standards that specifically deal with protecting cable systems from intentional damage. However, the International Telecommunication Union (ITU) has established a number of rules and guidelines that might be relevant to cyberattacks that use the electromagnetic spectrum or international telecommunications networks.
CYBERSECURITY CHALLENGES:
Undersea cables can withstand physical hazards like anchor damage and natural catastrophes, but they are still susceptible to cybersecurity risks. Due to their lengthy journey through international waters, the cables are inherently vulnerable to a range of malevolent activities, including espionage and sabotage. Submarine cables are particularly vulnerable to cyberattacks that aim to intercept them. It is possible that state and non-state actors may try to intercept and eavesdrop on data transmitted through these cables due to the proliferation of advanced surveillance technologies. When bad actors are able to breach security measures and access private data through communication channels, it puts national security and individual privacy at risk.
A major reason to be worried is the likelihood of sabotage. Due to their strategic importance, adversarial entities that aim to disrupt communications and destabilise economies are likely to consider submarine cables as attractive targets. One definition of “sabotage” is the intentional destruction of cable infrastructure, while another defines it as the use of cyber intrusions to disrupt network operations.
The decentralised nature of submarine cable networks further complicates the enforcement of cybersecurity regulations. Because they pass through international waters, regulating and monitoring operations along submarine cable routes is challenging. This is in contrast to infrastructure located on land, which may be subject to the authority of specific countries. Malicious actors can take advantage of security holes and go undetected due to the lack of centralised control.
CONCLUSION:
Submarine cables enable the worldwide communication networks that support contemporary civilisation; they are dubbed the “lifelines” of the digital age. Cyber threats pose serious dangers to national security and economic stability, and their critical importance makes them particularly vulnerable to these threats. To protect the infrastructure of submarine cables from possible damage and mitigate the effects of these risks, strict cybersecurity protocols must be enforced.
Working together, stakeholders can safeguard underwater cables and guarantee the unwavering dependability and robustness of communication networks worldwide. Data encryption, network monitoring, increased physical security, more routing options, easier collaboration, and regulatory oversight can all help achieve this goal. Protecting submerged cables is an important strategic and technical concern in today’s globally linked world. Prioritising cybersecurity and resilience measures allows for the safeguarding of vital pathways for global communication and trade. The digital future will be protected for generations to come if this is done.