Executive Summary
The integrity of Western critical maritime infrastructure (CMI) faces escalating threats from state-sponsored and hybrid aggression, underscoring an urgent need for robust protective measures. The tragic downing of Malaysia Airlines Flight MH17 in 2014 by a Russian Buk missile, which killed 298 innocent people, serves as a profound and enduring lesson. Despite conclusive international investigations establishing Russia’s responsibility, its persistent denial highlights a significant challenge: the ability of state actors to evade accountability through plausible deniability and information warfare in grey zone conflicts. This report examines the evolving threat landscape to CMI, drawing parallels with the MH17 experience, and proposes a comprehensive, multi-layered framework. This framework advocates for strengthening legal frameworks, enhancing attribution capabilities, investing in advanced technological solutions, fostering deeper intelligence sharing, and promoting concerted international and public-private cooperation to build both deterrence and resilience against these complex and ambiguous threats.
1. Introduction: The Imperative of Maritime Infrastructure Protection
The global maritime domain is the lifeblood of modern economies and societies, facilitating the continuous delivery of essential services such as energy and communication, particularly the internet (16). Western nations, in particular, are profoundly dependent on this critical maritime infrastructure (CMI) for their national security, economic stability, and public welfare (8, 55, 64). Over 80% of international trade by volume, and a staggering 97% of global data flows, are transported through submarine cables and shipping lanes (5, 20, 55). This foundational reliance makes CMI an increasingly attractive target for adversaries seeking to exert influence, disrupt economies, or project power without triggering overt military conflict.
The MH17 Tragedy: A Stark Reminder of State Aggression and Accountability Gaps
The downing of Malaysia Airlines Flight MH17 on 17 July 2014 over Eastern Ukraine serves as a chilling precedent for state-sponsored aggression operating below the traditional threshold of declared war. All 298 innocent people on board were killed when the aircraft was struck by a Russian Buk missile [User Query]. Subsequent international investigations, notably by the Joint Investigation Team (JIT), conclusively established that the missile system belonged to Russia’s 53rd Anti-Aircraft Missile Brigade and was transported from and returned to Russian territory. Despite overwhelming evidence and years of global outrage, Russia has consistently refused to accept responsibility, engaging in denial and deflection, even as international courts have convicted Russian nationals involved [User Query].
This persistent denial, even in the face of irrefutable forensic evidence, illuminates a critical challenge in contemporary geopolitical conflicts: the difficulty of establishing and enforcing accountability for actions conducted in the “grey zone.” The MH17 disaster, as detailed in its investigation, exposed a significant authority vacuum in dealing with such international threats (7). The circumstances of the crash, occurring amidst a bilateral conflict, complicated the investigation, requiring cooperation from a state (Russia) that was simultaneously accused of involvement and withholding evidence (7). The process demonstrated how forensic facts can be overshadowed by competing narratives and a “blame game” driven by television viewing habits and geopolitical antagonism, rather than objective evidence (19). This means that even with clear technical identification of a perpetrator, political will and public perception can significantly obstruct the path to accountability. This challenge is not unique to air disasters but is a defining characteristic of hybrid warfare and grey zone aggression, where actors deliberately operate below clear thresholds of armed conflict to avoid legal repercussions and facilitate denial. The ability of perpetrators to evade accountability through plausible deniability and sophisticated information warfare weakens the international rule of law and encourages further aggression.
Report Structure and Objectives
This report aims to analyze the evolving threat landscape to Western CMI, drawing direct parallels with the MH17 experience. It will propose a comprehensive framework for protecting this vital infrastructure, recognizing the complex interplay of physical, cyber, and hybrid threats. The subsequent sections will define CMI, detail the current threat environment, extract critical lessons from the MH17 tragedy concerning attribution and accountability, examine existing international legal and cooperative frameworks, and finally, present actionable strategies for enhanced protection.
2. Defining Critical Maritime Infrastructure and its Strategic Importance
Critical maritime infrastructure (CMI) encompasses a broad array of assets, systems, and networks essential for a country’s functioning, security, and economic stability (55). Its strategic importance is multifaceted, touching upon national security, economic prosperity, energy security, and global communication.
Types of Maritime Infrastructure: Hard and Soft
CMI can be broadly categorized into “hard” (tangible) and “soft” (information) infrastructure (14).
“Hard” infrastructure includes:
- Ports and Logistics Facilities: Cranes, wharves, dredged channels, locks, dams, and the broader logistics facilities that are integral to supply chain operations (14, 55, 73). Ports and naval bases are also crucial for the deployment and support of military operations (55).
- Offshore Energy Infrastructure: Offshore oil and gas platforms, undersea pipelines, and increasingly, offshore wind farms and their connecting power cables (9, 27, 55).
- Undersea Communication Cables: The vast network of fiber optic cables that carry the overwhelming majority of the world’s international internet traffic (11, 27, 70).
“Soft” or “information” infrastructure refers to the systems and networks that support maritime operations and freight movement. These include satellite systems, Automatic Identification System (AIS), VHF radio, real-time oceanographic data systems like NOAA’s Physical Oceanographic Real-Time System (PORTS), integrated marine safety information services, and common data standards for seamless data exchange (14). Investment in information technology can even mitigate limitations in hard infrastructure by facilitating more efficient use of existing assets (14).
Economic, Security, and Societal Significance
The importance of CMI cannot be overstated:
- National Security: Ports and naval bases are vital for military mobilization and response to threats. Maritime surveillance and security systems monitor borders against illegal activities such as smuggling, human trafficking, and piracy, maintaining national and global safety (12, 55).
- Economic Stability: CMI forms the backbone of global trade, with over 80% of international trade volume carried by sea. Efficient ports and shipping lanes ensure the smooth flow of goods, which is essential for economic prosperity and the stability of supply chains (5, 20, 55).
- Energy Security: Offshore platforms and undersea pipelines are key components for importing and exporting oil, gas, and other energy resources. Their security and resilience are crucial for preventing energy shortages and maintaining stable energy supplies for domestic and industrial consumption (9, 55). Offshore wind farms are also an increasingly important part of the energy mix, connected to grids by undersea power cables (27).
- Communication: Undersea fiber optic cables are the primary conduits for global data flows, carrying 99% of international internet traffic. Their disruption can significantly affect communication networks, economic activity, and public welfare worldwide (10, 11, 70).
Vulnerabilities of CMI
Despite its critical importance, maritime infrastructure possesses inherent vulnerabilities. A significant portion of this infrastructure is controlled or operated by private entities, which complicates protection, threat detection, and regulation (9, 64). This often creates a “responsibility gap,” where governments expect private companies to handle security, and private entities assume the same of governments, leading to fragmented and inconsistent security efforts (9).
Furthermore, seabed activities are rapidly transforming due to the proliferation of advanced undersea technology, such as remotely operated devices (16). While these advancements offer new possibilities for defense, they also enable adversaries to capitalize on existing vulnerabilities (16). The vastness and interconnectedness of the maritime domain inherently create an extensive attack surface, making comprehensive protection a formidable challenge (4, 13). The very features that make CMI indispensable for global prosperity—its interconnectedness, vastness, and the efficiency derived from private sector operation—paradoxically render it uniquely susceptible to disruption. This dynamic means that increasing global interdependence through CMI simultaneously increases systemic vulnerability to disruption by both state and non-state actors, leading to potentially widespread and cascading effects from localized incidents.
3. The Evolving Threat Landscape in the Maritime Domain
The maritime domain is increasingly a new frontline for geopolitical competition, characterized by a complex array of physical, hybrid, and cyber threats. These threats are evolving in sophistication and intent, moving beyond traditional concerns to target the fundamental arteries of global commerce and communication.
3.1 Physical and Hybrid Threats
Sabotage of Undersea Cables and Pipelines:
Recent years have witnessed a concerning rise in deliberate physical sabotage targeting critical undersea infrastructure. Incidents like the 2022 Nord Stream pipeline explosions and recurring cable cuts in the Baltic Sea and near Taiwan highlight this escalating threat (9, 10, 21, 67). While definitive attribution for such incidents can be challenging, they often align with the strategic objectives and deep-sea capabilities of state actors like Russia and China (67). For instance, Chinese crude ships have been observed maneuvering suspiciously over cables near Taiwan, and a Chinese-owned cargo vessel was accused of damaging an undersea fiber-optic cable (9, 67). More recently, the Iran-linked Houthi rebels’ attacks in the Red Sea are suspected of causing damage to critical internet cables supplying Europe and Asia, demonstrating the vulnerability of subsea infrastructure to non-state actors linked to hostile states (10, 15, 70). These acts, whether attributed or not, underscore the fragility of these vital connections.
Attacks on Offshore Energy Platforms and Ports:
Offshore energy assets, including oil and gas platforms and wind farms, represent critical, high-stakes targets due to their importance for energy security (9, 22). Risks to these installations include vessel impact, structural damage, mechanical failure, and environmental pollution (22). Ports and shipping lanes, the gateways of global trade, face a diverse range of threats. Beyond traditional concerns like piracy, armed robbery, and kidnapping (e.g., in the Gulf of Guinea), there are growing challenges from sophisticated criminal activities. These include drug, arms, human, and waste trafficking, as well as the smuggling of counterfeit goods, often facilitated by bribery or intimidation of port officials (12, 53). Sabotage actions, whether from military opponents, paramilitary organizations, or terrorist groups, can severely disrupt logistics and cause significant economic harm (53). The 2024 collision of a large container ship with the Baltimore Francis Scott Key Bridge, while an accident, vividly illustrates the catastrophic impact physical incidents can have on port infrastructure and global supply chains (13, 53).
State-Sponsored Harassment and “Shadow Fleets”:
The period since the late 2010s has seen a radical increase in state-linked attacks and harassment of merchant vessels (9, 35). Historical precedents, such as the Iran-Iraq “Tanker War” of the 1980s, demonstrated aggression against merchant shipping as a tool of war (35). More recently, Iran and Israel have engaged in proxy attacks on vessels in the Strait of Hormuz, and Russia’s invasion of Ukraine has led to attacks on merchant vessels in the Black Sea (35). China’s actions in the South China Sea and Taiwan Strait, involving “inspection flotillas” and maritime militias to harass vessels, represent “grey zone tactics” that deliberately blur the lines of conflict (18, 35). These actions aim to enforce unilateral territorial claims or exert pressure without escalating to overt armed conflict. A significant challenge also comes from the “shadow fleet” of unregistered or fraudulently registered, uninsured, and substandard vessels engaged in sanctions evasion, arms transfers, illegal fishing, and illicit trade, posing a substantial threat to maritime security and governance (3, 10, 20).
A concerning trend in these physical and hybrid threats is the weaponization of ambiguity and impunity. Adversaries are increasingly exploiting the vagueness of international law and the inherent difficulty of attribution to conduct aggressive acts without triggering a full military response. While hybrid threats traditionally relied on plausible deniability, recent acts of sabotage, such as those impacting Baltic Sea cables, have shown a shift towards deliberate visibility and apparent indifference to exposure (24). This suggests that some actors are no longer solely seeking to deny involvement but are demonstrating their reach, impact, and impunity. This more aggressive posture aims not just for disruption but also to test Western resolve and assert control over critical global arteries, operating in a “legal no-man’s-land” to sidestep strong legal repercussions (18, 24).
3.2 Cyber Threats to Maritime Systems
The maritime industry’s rapid digital transformation, driven by increased automation and interconnectedness, has opened a vast new attack surface, making it a prime target for sophisticated cyberattacks (13, 50).
Vulnerabilities in IT/OT Systems and Supply Chains:
Ports and vessels have increasingly come to rely on automated information technology (IT) and operational technology (OT) systems (13, 57). However, many of these systems are not updated as frequently as other commercial software, leaving vulnerabilities unpatched long after they are discovered by malicious actors (57). Furthermore, low levels of cyber supply chain visibility and non-standardized cybersecurity risk management practices hamper the private sector’s understanding of risk and diminish its ability to react quickly to incidents (13, 57).
Ransomware, GPS Spoofing, and Data Breaches:
Cyber incidents in the maritime sector have surged alarmingly, with attacks rising by 900% in recent years (50). Notable examples include the 2021 Colonial Pipeline ransomware attack, linked to Russian hackers, which disrupted fuel supplies and affected ports (12, 59). The 2017 NotPetya ransomware attack on Maersk caused weeks of disruption and incurred costs between $250 and $350 million, highlighting the devastating financial and operational impact of such attacks (33, 50). Common attack vectors include:
- Phishing and Spear-Phishing Attacks: These deceptive emails and messages are the most prevalent entry point into maritime organizations’ networks, tricking staff into revealing sensitive information or downloading malware (50, 62).
- GPS Spoofing and Jamming: Attackers can manipulate GPS signals to mislead maritime navigation systems about a vessel’s location or route, potentially leading to accidents or unauthorized detours (12, 50, 62). North Korea, for instance, has disrupted regional shipping and air corridors by interfering with navigation systems (12, 59).
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks: These attacks overload a ship’s or port’s networks with traffic, rendering them unable to process legitimate requests and potentially leading to operational failures (50, 62).
- Supply Chain Compromises: Malicious actors can infiltrate the maritime industry through less secure elements in the supply chain, such as compromised software updates or hardware components, to gain access to wider network systems (62). The Crowdstrike outage in July 2024, a software glitch that temporarily shut down operations at ports worldwide, exemplifies this vulnerability (12, 13, 59).
- Data Breaches: Unauthorized access to confidential data, including cargo details, ship schedules, or crew personal information, can lead to operational manipulations or facilitate piracy (50, 62).
The Challenge of Cyber Attribution:
Identifying the threat actor behind a cyberattack is crucial but fraught with difficulty. Technical analysis for cyberattack attribution requires high skill, experience, and access to up-to-date Cyber Threat Intelligence (CTI) (34). Attribution results often contain elements of uncertainty, as skillful attackers actively work to hide or remove traces of their operations and mislead investigators (34). The interplay between various actors—including state and non-state—in hybrid maritime warfare is complicated, and the use of “victim-tailored malware” or evolving malware versions further obscures the origin of attacks (24, 34).
Cyberattacks are not merely criminal acts but represent a primary tool for state-sponsored hybrid aggression, enabling disruption, espionage, and potential control over critical maritime systems. The increasing sophistication and frequency of these attacks, coupled with the inherent challenges of attribution, solidify the digital domain as a critical new frontline for geopolitical competition. These attacks directly target the “arteries of contemporary industrial power”—energy and data—underscoring their strategic significance (24).
4. Lessons from MH17: Addressing Aggression Below the Threshold of War
The MH17 tragedy offers profound lessons for the West in confronting aggression that deliberately operates below the threshold of conventional armed conflict, particularly concerning attribution and accountability.
Attribution in Transboundary Incidents: The MH17 Case Study
The investigation into MH17 by the Dutch Safety Board (DSB) and the Joint Investigation Team (JIT) faced immense challenges. The crash occurred in a war zone, complicating evidence retrieval, and required cooperation from Russia, a state accused of involvement and withholding evidence (7). This case vividly demonstrated that beyond the technical identification of the missile and its origin, the process of assigning blame became an intense struggle over narratives (19). Competing storylines quickly congealed on Russian and Ukrainian television, influencing public belief regardless of forensic facts and reproducing geopolitical antagonism (19). This highlights that technical attribution, while essential, is insufficient alone for the political and strategic purposes of deterring and responding to such events (40).
The experience of MH17 underscores that attribution is not merely a technical exercise but a strategic imperative. The ability to credibly and publicly identify the perpetrator of an attack, despite efforts at plausible deniability, is fundamental to establishing accountability, countering disinformation campaigns, and enabling effective deterrence and response. Without robust attribution capabilities and the political will to act on them, adversaries will continue to exploit the “operational sweet spot” of hybrid warfare, where actions are designed to avoid clear legal repercussions.
The “Operational Sweet Spot” of Hybrid Warfare and Plausible Deniability
Hybrid warfare is characterized by the coordinated and synchronized use of violent and non-violent instruments of power, often circumventing detection and attribution, and operating below the threshold of conventional armed military conflict (3). This approach deliberately exists in a “legal no-man’s-land” between peacetime and armed conflict, blurring the lines between military and law enforcement activities at sea (1, 18). This “operational sweet spot” allows actors to sidestep strong legal repercussions and deny responsibility, frequently by employing irregular forces, commercial ships, or non-state actors to obscure state participation (1, 18). The use of irregular forces and cyber or information operations makes it particularly difficult to pinpoint who is responsible, thereby hindering effective countermeasures (15).
Implications for Maritime Infrastructure: From Airspace to Seabed
The lessons learned from MH17—particularly concerning the challenges of attribution, the impact of state denial, and the critical need for international cooperation in complex, politically charged investigations—are directly transferable to the maritime domain. Attacks on undersea cables, pipelines, and other CMI often exhibit similar characteristics: covert actions, plausible deniability, and the exploitation of legal ambiguities (9, 21, 24, 27). The vastness, depth, and often remote nature of the maritime domain can make physical attribution even more challenging than in airspace. The difficulty of identifying perpetrators responsible for offshore infrastructure attacks poses a significant hurdle, as the interplay between various state and non-state actors is highly complicated (4, 15).
5. International Legal and Cooperative Frameworks for Maritime Security
Protecting critical maritime infrastructure relies heavily on a complex web of international laws, treaties, and cooperative frameworks. While these provide a foundational structure, they face significant challenges in addressing the ambiguities inherent in modern hybrid threats.
5.1 Foundations in International Law
The United Nations Convention on the Law of the Sea (UNCLOS):
Adopted in 1982 and entering into force in 1994, UNCLOS is often referred to as the “constitution of the oceans” (15). It is foundational to maritime governance, covering crucial areas such as maritime transit rights, the definition of territorial waters (extending twelve nautical miles from coastlines), and Exclusive Economic Zones (EEZs, extending two hundred nautical miles beyond territorial waters) (15, 29, 38). UNCLOS is considered essential for the protection of critical undersea cables, providing the legal certainty necessary for the planning, development, maintenance, and protection of global telecommunications networks (11). Without UNCLOS, the ability of telecom companies to operate and protect these vital systems would be significantly hampered (11).
However, UNCLOS also presents challenges in the context of modern threats. It defines piracy as violent acts committed “for private ends” (28, 30, 54). This definition complicates the attribution of politically motivated attacks, such as those by the Houthis in the Red Sea, as piracy, thereby hindering the application of traditional enforcement jurisdiction (28).
IMO Conventions and their Role:
The International Maritime Organization (IMO), established in 1948, has adopted numerous conventions aimed at improving the safety, security, and environmental sustainability of the global maritime industry (15, 45). Key conventions include:
- International Convention for the Safety of Life at Sea (SOLAS), 1974: This is the cornerstone safety treaty for global shipping, setting minimum standards for the construction, equipment, and operation of ships (15, 21, 45). Importantly, SOLAS requires all ships to be provided with a ship security alert system and mandates that Contracting Governments ensure port facility security assessments are carried out and that port facility security plans are in place (21).
- International Convention for the Prevention of Pollution from Ships (MARPOL): The most important international regulation for preventing marine pollution from ships (21, 45).
- International Convention on Maritime Search and Rescue (SAR), 1979: Establishes an international framework for search and rescue operations at sea, defining responsibilities of coastal states and guidelines for cooperation (15, 45).
- Convention on the International Regulations for Preventing Collisions at Sea (COLREG): Establishes navigational rules for preventing collisions (45).
Challenges in Applying Traditional Law to Hybrid Threats:
The existing international legal framework, primarily designed for clear-cut peacetime or wartime scenarios, is often ill-equipped to address the ambiguities of hybrid warfare. The legal framework is less robust when it comes to taking operational action against hybrid threats (17). Hybrid warfare deliberately “thrives on the vagueness of current international laws,” exploiting gaps where there is no universal agreement on what constitutes an armed conflict or an attack, blurring the lines between military and law enforcement activities at sea (1, 18). The concept of “military activities” in the Law of the Sea and the applicability of “law enforcement or conduct of hostilities rules” in hybrid contexts are complex and debated, creating an “operational sweet spot” for adversaries to operate below the radar of outright armed conflict (1, 18). This situation necessitates that the West actively work towards clarifying legal norms and thresholds for state responsibility in hybrid attacks, potentially through new treaties or by strengthening customary international law, to close these “legal no-man’s-lands” and enable more decisive responses.
5.2 Multilateral Cooperation and Intelligence Sharing
Recognizing the transnational nature of maritime threats, international cooperation and robust intelligence sharing are paramount.
NATO’s Role in Maritime Security and Undersea Infrastructure Protection:
NATO’s 2022 Strategic Concept identifies maritime security as “key to our peace and prosperity,” encompassing deterrence, defense, crisis prevention, and cooperative security (63). The Alliance conducts maritime activities in specific regions, such as Operation Sea Guardian in the Mediterranean and Baltic Sentry in the Baltic Sea, to enhance situational awareness and counter destabilizing acts (63). In a significant step, NATO created a Critical Undersea Infrastructure Coordination Cell in February 2023 to map vulnerabilities, share best practices, and foster engagement with industry and key military and civilian stakeholders (36, 63, 66). NATO is also rigorously testing uncrewed surface vessels (USVs) for persistent and comprehensive situational awareness, capable of detecting and tracking vessels, including the “Russian shadow fleet,” in strategic waters (3, 69).
The European Union Maritime Security Strategy (EUMSS):
Revised in 2023 to adapt to geopolitical changes, the EUMSS provides a comprehensive framework for the EU’s actions in maritime security (43). It aims to safeguard freedom of navigation, protect maritime infrastructure, and respond to evolving threats like piracy, cyberattacks, environmental degradation, and hybrid threats (43). The strategy emphasizes a cross-sectoral approach, functional integrity, respect for international law, and maritime multilateralism (43). It specifically calls for enhanced protection of undersea cables, pipelines, ports, and ships, aligning with EU initiatives like the Critical Entities Resilience Directive and NIS2 Directive (43). Actions under the EUMSS include stepping up activities at sea (e.g., the EU’s Operation Aspides in the Red Sea (15, 40)), cooperating with partners (including deepening EU-NATO cooperation), enhancing maritime domain awareness (MDA) through networks like MARSUR, and boosting capabilities (31, 40).
G7 Initiatives and Declarations:
The G7 Foreign Ministers have consistently reaffirmed their commitment to a free, open, and secure maritime domain based on the rule of law (3, 20). They express deep concern over growing risks, including strategic contestation, threats to freedom of navigation and overflight, and illicit shipping activities (3, 20). The G7 focuses on securing undersea cable networks, combating transnational organized crime and terrorism (including piracy and human trafficking), and strengthening maritime law enforcement capabilities (3, 20). They are committed to enhancing cooperation with industry to mitigate risks, reduce bottlenecks, and strengthen repair capacities to improve the overall resilience of critical undersea and maritime infrastructure (10, 20).
Enhancing Maritime Domain Awareness (MDA) and Intelligence Integration:
Maritime Domain Awareness (MDA) is defined as the effective understanding of anything associated with the maritime domain that could impact the security, safety, economy, or environment of a nation (41, 49). It is a key component of an active, layered maritime defense (47). The U.S. National Maritime Domain Awareness Plan (NMDAP) provides a framework for collaboration and information sharing among a broad spectrum of stakeholders, including federal, state, local, tribal, territorial, academic, private sector, and international partners (41, 49). Maritime Information Sharing (MIS) initiatives, such as those in the East, South, and West Pacific, strengthen MDA and intelligence sharing regionally by enabling partner data sharing with governments and other stakeholders like INTERPOL (6, 65).
Intelligence integration, leveraging the diverse expertise of intelligence and law enforcement communities, is a foundational priority for effective MDA (47, 49). Fusion centers play a crucial role as mechanisms for exchanging information and intelligence, coordinating tips and leads, and improving the ability to counter crime and terrorism by analyzing data from various sources (48). Given that much of CMI is privately owned and operated, effective protection cannot rely solely on government efforts. Deeply integrated public-private partnerships for intelligence sharing and threat assessment are essential to bridge the “responsibility gap” that often exists between governments and private companies regarding security (9). This collaboration is vital for ensuring comprehensive MDA and enabling timely, coordinated responses to threats, requiring overcoming historical barriers to information exchange and fostering trust.
Table 1: Key International Conventions and Their Relevance to CMI Protection
| Convention Name | Year Adopted/Entered into Force | Primary Focus | Key Provisions Relevant to CMI Protection | Relevance to Hybrid Threats |
|---|---|---|---|---|
| UNCLOS | 1982 / 1994 | Law of the Sea | Defines territorial waters (12nm), EEZs (200nm), transit rights; provides legal basis for undersea cables. Defines piracy as “for private ends”. (11, 15, 29, 32) | Challenges in attributing politically motivated attacks as piracy, creating legal ambiguities. (28) |
| SOLAS | 1974 / 1980 | Safety of Life at Sea | Sets minimum safety standards for ship construction, equipment, and operation; requires ship security alert systems; mandates port facility security assessments and plans. (21, 45) | Provides foundational safety and security measures, but needs augmentation for sophisticated cyber/hybrid attacks. |
| MARPOL | 1973 / 1978 | Prevention of Pollution from Ships | Regulates prevention of pollution from accidental or operational causes by ships. (21, 45) | Indirectly relevant by promoting responsible maritime operations; pollution from sabotage is a major concern. (12) |
| SAR | 1979 / 1985 | Maritime Search and Rescue | Establishes international framework for search and rescue operations; defines responsibilities of coastal states. (15, 45) | Critical for responding to incidents resulting from attacks, ensuring safety of seafarers. |
| COLREG | 1972 / 1977 | Preventing Collisions at Sea | Establishes navigational rules for preventing collisions. (45) | Ensures safety of navigation, reducing accidental damage that could be exploited or mistaken for malicious acts. |
6. Strategies for Enhanced Maritime Infrastructure Protection
Protecting Western maritime infrastructure in the face of evolving hybrid threats requires a comprehensive, multi-layered approach that integrates robust deterrence, enhanced resilience, and cutting-edge technological solutions.
6.1 Deterrence Strategies
Deterrence aims to discourage unwanted behavior through proactive measures (23). In the maritime context, this involves influencing an adversary’s decision-making calculus by demonstrating that the potential costs of an attack outweigh the potential gains.
Deterrence by Denial: Making Attacks Infeasible.
Deterrence by denial seeks to discourage an action by making it infeasible or unlikely to succeed, thereby denying a potential aggressor confidence in achieving its objectives (12, 25, 39). This strategy is generally regarded as more reliable than deterrence by punishment because it focuses on strengthening defenses and demonstrating a credible capability to defeat an attack in near real-time (12, 25). It places greater emphasis on precision strike and damage-infliction capabilities to prevent an adversary from achieving its goals (12). For CMI, this translates into robust monitoring, rapid response capabilities, and physical security measures that make successful sabotage difficult and costly for the adversary, undermining their confidence in a successful outcome.
Deterrence by Punishment: Imposing Costs and Accountability.
Deterrence by punishment involves threatening severe penalties in response to an attack, aiming to influence the opponent’s strategic calculus by demonstrating grave consequences (3, 13). However, its effectiveness against hybrid threats is often limited due to the inherent challenges of attribution and the credibility gap in executing severe retaliation for actions that fall below the threshold of overt conflict (3, 25). The difficulty in definitively attributing hybrid attacks can make the threat of punishment less credible, as the target state may hesitate to follow through on threats if the perpetrator’s identity is ambiguous (25).
Tailoring Deterrence to Hybrid Threats:
A “whole-of-society” approach is required to counter hybrid threats, combining military and civilian capabilities to strengthen resilience (42). New forms of deterrence for hybrid threats extend beyond traditional military responses. These include “deterrence through norms,” which seeks to affect the cost calculus of those challenging certain standards of behavior; “delegitimization,” a form of punishment through naming and shaming and stigmatization; and “entanglement,” which leverages cross-domain interdependencies between states (3). Effective deterrence against hybrid threats fundamentally necessitates the capability to detect and attribute attacks, coupled with the political will to respond proportionally and decisively (3).
The analysis suggests a critical shift in the deterrence paradigm for CMI: the primacy of denial. Given the nature of CMI—its vastness, often remote locations, and significant private ownership—it is a challenging target for traditional deterrence by punishment. However, it is amenable to deterrence by denial through technological advancements and rapid response mechanisms. This means prioritizing investments in robust defensive measures, real-time monitoring, rapid repair capabilities, and advanced attribution systems that make successful attacks infeasible or immediately detectable and reversible. By doing so, the West can undermine an adversary’s confidence in achieving their objectives through such means, making attacks on CMI less attractive.
6.2 Building Resilience
Resilience in the context of CMI refers to the ability to withstand, recover from, and adapt to disruptions, ensuring the continuous flow of essential services.
Absorptive, Restorative, and Adaptive Capacities:
Port resilience, a key aspect of CMI resilience, is defined by three core capacities (30):
- Absorptive Capacity: The ability to absorb a disruption using existing infrastructure and services while maintaining the same level of service. This involves robustness (technical and engineering designs to withstand disruptions like storms), redundancy (ability to accelerate operations or store additional inventory), and visibility (real-time information to support decision-making during disruptions, such as diverting cargo) (30).
- Restorative Capacity: The ability to recover from a specific disruption to a similar or even improved level of service. This includes preparedness and the mobilization of resources to contain and abate the disruption, followed by recovery efforts to return to normal operational states. Disruptions can also become “learning events” that lead to capacity gains and more efficient operations (30).
- Adaptive Capacity: The ability to change operations and management in anticipation of or in reaction to a disruption. This involves flexibility (adjusting operations to mitigate disruptions, e.g., changing schedules), agility (rapid response, including workforce cross-training), collaboration (routing cargo through different terminals or ports), and communication (informing stakeholders of changes and processing third-party information) (30).
Diversifying Routes and Strengthening Supply Chains:
Enhancing port resilience can involve strategically improving shipping route networks, diversifying routes to mitigate risks, and strengthening overall network robustness (6). This includes establishing direct connections between low-resilience ports and major hubs, and adding additional secondary and short-distance links to bottleneck ports to transform them into more integrated hubs (6). Addressing cyber supply chain vulnerabilities and promoting secure, resilient digital communications networks are also crucial for overall resilience (10, 13).
Public-Private Partnerships in Security and Risk Mitigation:
Given that the majority of maritime infrastructure is privately owned or operated, coordinated efforts and cross-border cooperation between energy companies, utilities providers, governmental agencies, and international organizations are essential for effective security and risk mitigation (9, 16). This collaboration should focus on implementing robust monitoring mechanisms, establishing proactive security barriers, and developing standardized security protocols to detect and respond to potential threats in real-time (9).
6.3 Technological Solutions for Monitoring and Defense
Technological advancements are critical enablers for protecting CMI, offering unprecedented capabilities for surveillance, anomaly detection, and rapid response.
Advanced Undersea Cable Monitoring:
New initiatives are revolutionizing the monitoring of undersea cables. The Science Monitoring And Reliable Telecommunications (SMART) Subsea Cables initiative aims to equip transoceanic telecommunications cables with sensors to provide novel and persistent insights into the state of the ocean and detect potential disturbances (10, 52, 60). Technologies such as Distributed Acoustic Sensing (DAS) detect acoustic vibrations along submarine cables, alerting operators to potential risks from nearby anchoring or fishing activities, enabling proactive intervention before damage occurs (51, 58). Other crucial monitoring techniques include Optical Time Domain Reflectometers (OTDR) and impedance testing for identifying and locating cable faults (51, 58). These systems provide 24/7 alarm capabilities for cable threats, helping minimize accidental damages and reduce maintenance costs through preventive measures (58).
AI and Machine Learning for Anomaly Detection and Predictive Maintenance:
Artificial intelligence (AI) and machine learning (ML) are transforming maritime security by enabling the analysis of vast amounts of historical and real-time data from various sources, including Automatic Identification System (AIS) and satellite data (26, 29, 55, 56, 57, 61, 68). These technologies can detect anomalies in vessel behavior, such as unexpected course changes, erratic movements, or the presence of “dark vessels” (vessels that switch off tracking signals to evade detection) (9, 26, 29, 32). AI algorithms are inherently more efficient at image recognition and identifying patterns in data than human analysts, significantly reducing the burden on operators and enabling faster, better decisions (29, 68). Beyond anomaly detection, AI and ML can optimize shipping routes, predict maintenance needs for vessels and infrastructure, enhance overall safety, and streamline port operations, leading to increased efficiency and reduced operational costs (57, 61, 71).
Unmanned Maritime Systems (USVs, UUVs) for Surveillance and Inspection:
Unmanned Maritime Systems (UMS) are becoming indispensable tools for maritime security. Uncrewed Surface Vessels (USVs) are being rigorously tested by NATO (e.g., Task Force X Baltic) for persistent and comprehensive situational awareness, capable of precisely detecting, tracking, and identifying all vessels traversing strategic waters, including commercial cargo, military vessels, and the “Russian shadow fleet” (38, 69). Unmanned Underwater Vehicles (UUVs), which include Autonomous Underwater Vehicles (AUVs) and Remotely Operated Vehicles (ROVs), are crucial for inspecting and maintaining underwater infrastructure such as pipelines, cables, and offshore wind farms (36, 52, 61, 74). These systems can survey for mines, conduct underwater surveillance, and perform complex tasks below the ocean surface without requiring human presence, thereby enhancing safety by eliminating risks associated with deploying human divers in hazardous environments (36, 52). They provide high-precision data acquisition and can transmit real-time data for timely decision-making (52).
Cybersecurity Enhancements for Ports and Vessels:
Given the pervasive cyber threats, implementing robust cybersecurity measures across all maritime sectors is vital. This includes establishing secure system architectures, developing comprehensive Cybersecurity Plans and Cyber Incident Response Plans, and mandating regular cybersecurity training for both crew members and shore-based staff (23, 50, 72). Technical controls such as strong authentication, endpoint security, secure log management, and network segmentation are essential to protect against various cyber threats (72). The US Coast Guard, for instance, enforces strict cybersecurity requirements for owners and operators in the US maritime industry (9, 72).
Physical Security Measures:
Complementing technological solutions, traditional physical security measures remain critical for ports and other fixed infrastructure. These include implementing physical access control measures such as biometric scanners, keycard access systems, security guards, and physical port locks to restrict unauthorized access to sensitive areas and network devices (11, 66, 75, 76).
A critical consideration in the adoption of these advanced technologies is their dual-use nature. While emerging technologies like AI, ML, and unmanned systems offer unprecedented capabilities for protecting CMI, they also represent a double-edged sword. Adversaries can rapidly adopt and weaponize these same technologies, often at lower cost, to exploit vulnerabilities and conduct hybrid attacks. For example, the Houthis have demonstrated the use of relatively inexpensive drones and missiles, and even uncrewed boats, for aggressive purposes (15). Western protection strategies must therefore not only invest in these technologies for defense but also anticipate and counter their malicious application by state and non-state actors, recognizing that advancements in undersea technology also enable adversaries to capitalize on existing vulnerabilities (16).
Table 2: Emerging Technologies for CMI Protection and Their Applications
| Technology Category | Specific Technology | Primary Application in CMI Protection | Benefits |
|---|---|---|---|
| Undersea Monitoring | SMART Cables | Equipping telecom cables with sensors for ocean monitoring and disturbance detection. (10, 52, 60) | Novel insights, persistent monitoring, early warning. |
| Distributed Acoustic Sensing (DAS) | Detecting acoustic vibrations along submarine cables from anchoring/fishing. (51, 58) | Proactive intervention, fault location, 24/7 threat alarms. | |
| Optical Time Domain Reflectometers (OTDR) / Impedance Testing | Identifying and locating cable faults. (51, 58) | Precise fault detection, rapid response. | |
| AI and Machine Learning | AI/ML Anomaly Detection | Analyzing AIS, satellite, and sensor data to detect suspicious vessel behavior (e.g., erratic movements, “dark vessels”). (26, 29, 32, 56, 59, 60) | Enhanced situational awareness, early warning of illicit activities, reduced human analyst burden. |
| Predictive Maintenance | Analyzing sensor data from ships and infrastructure to predict equipment failures and maintenance needs. (57, 61) | Proactive maintenance, reduced downtime, optimized operations. | |
| Route Optimization / Port Operations | Analyzing weather, currents, cargo demand to optimize shipping routes and port resource allocation. (57, 61) | Increased efficiency, reduced fuel consumption, improved safety, reduced port congestion. | |
| Unmanned Systems | Uncrewed Surface Vessels (USVs) | Persistent surface surveillance and reconnaissance, detecting and tracking vessels. (38, 61, 69) | Comprehensive situational awareness, reduced human risk in hazardous areas. |
| Unmanned Underwater Vehicles (UUVs – AUVs, ROVs) | Inspecting and maintaining underwater pipelines, cables, and offshore wind farms; surveying for mines. (36, 52, 61, 74) | Enhanced safety, precision data acquisition, cost-effectiveness, deep-sea access. | |
| Cybersecurity | Secure System Architectures / Incident Response Plans | Designing resilient IT/OT systems and establishing protocols for responding to cyberattacks. (23, 50, 64, 72) | Business continuity, minimized disruption, rapid recovery. |
| Cyber Threat Intelligence Platforms | Integrating and sharing real-time threat intelligence. (34) | Proactive defense, understanding attacker TTPs, guiding security procedures. | |
| Technical Controls (Authentication, Network Segmentation) | Implementing robust digital security measures. (72) | Reduced attack surface, prevention of unauthorized access. |
7. Recommendations for the West
Protecting Western maritime infrastructure from the complex and ambiguous threats of hybrid warfare, as highlighted by the MH17 tragedy, requires a strategic, multi-faceted approach. The following recommendations outline key areas for action:
- Strengthening Legal Frameworks for Hybrid Aggression: The West should actively advocate for clearer international legal definitions and thresholds for hybrid attacks that operate below the armed conflict level, building upon and clarifying existing frameworks like UNCLOS. This includes exploring mechanisms for holding states accountable for actions conducted through proxies or with plausible deniability, directly applying the lessons learned from MH17’s attribution challenges. Furthermore, developing and promoting international norms and best practices for responsible state behavior in the maritime cyber domain is crucial to establish clear boundaries and deter malicious activity.
- Enhancing Attribution Capabilities and Accountability Mechanisms: Significant investment is required in advanced technical attribution capabilities for both physical and cyber attacks on CMI. This involves leveraging cutting-edge AI, forensic expertise, and deep-sea exploration technologies. Concurrently, robust intelligence integration platforms must be developed that combine all-source data—including open-source information, classified intelligence, and private sector data—to create a comprehensive and real-time maritime domain awareness picture. Crucially, Western nations must cultivate the political will and diplomatic tools necessary to publicly attribute attacks and impose meaningful consequences, even when faced with sophisticated state denial and disinformation campaigns.
- Investing in Advanced Surveillance and Defense Technologies: Prioritizing research, development, and deployment of next-generation monitoring technologies for undersea cables and pipelines, such as advanced SMART cables and Distributed Acoustic Sensing (DAS), is essential for early warning. The expansion of AI and machine learning for real-time anomaly detection in maritime traffic, predictive maintenance of infrastructure, and optimizing response efforts will significantly enhance proactive defense. Accelerating the development and integration of Unmanned Maritime Systems (USVs and UUVs) for persistent surveillance, inspection, and rapid intervention in remote or hazardous areas will provide critical eyes and hands in the vast maritime domain. Moreover, mandating and rigorously enforcing cybersecurity standards across all maritime sectors—including ports, vessels, and supply chain partners—with regular vulnerability assessments and incident response drills, is non-negotiable.
- Fostering Deeper International and Public-Private Cooperation: Strengthening multilateral cooperation through existing alliances and partnerships like NATO, the EU, and G7 is paramount. This includes enhancing intelligence sharing, conducting joint exercises to test response protocols, and coordinating responses to CMI threats. Recognizing the private sector’s critical role in CMI ownership and operation, establishing formal and trusted public-private partnerships for sharing threat intelligence, best practices, and developing joint security protocols is vital to bridge existing responsibility gaps. Promoting cross-border and cross-sectoral collaboration will address jurisdictional gaps and ensure rapid, coordinated responses to incidents.
- Developing Comprehensive Resilience Plans: Implementing “all-hazards” resilience strategies for CMI is necessary, focusing on building absorptive, restorative, and adaptive capacities. This involves investing in redundancy and diversification of critical maritime routes and communication pathways to minimize the impact of disruptions. Developing clear, actionable emergency response protocols and ensuring adequate resources for rapid repair and recovery of damaged infrastructure are essential. Regular stress tests and simulations across the entire maritime ecosystem will help identify vulnerabilities and continuously improve response mechanisms.
Conclusion: Securing the Blue Economy in an Era of Great Power Competition
The MH17 tragedy serves as a potent reminder that state-sponsored aggression can manifest in ambiguous forms, demanding new approaches to security and accountability. The maritime domain, with its vital but vulnerable infrastructure, is increasingly a new frontline in this evolving geopolitical landscape. The West’s profound reliance on this “blue economy” for trade, energy, and communication necessitates a paradigm shift from reactive measures to a proactive, multi-layered strategy.
Protecting Western CMI requires integrating legal clarity to address the ambiguities of hybrid warfare, technological superiority to enhance monitoring and defense, robust intelligence to ensure comprehensive maritime domain awareness, and unparalleled international and public-private cooperation to build collective strength. By prioritizing deterrence by denial, building comprehensive resilience, and enhancing attribution capabilities, the West can safeguard its vital maritime interests and uphold the international rule of law against the complex and evolving threats of hybrid warfare. The ability to deter, defend, and recover from deliberate acts of aggression in the maritime domain is not merely a matter of national security, but a fundamental prerequisite for global stability and prosperity.