From Pulse by Dize Kandu
There is a sentence buried on page seventeen of the U.S. Strategic Subsea Cables Act of 2026 that I cannot stop thinking about.
It quotes NATO: undersea cables carry an estimated ten trillion dollars in transfers every day, and around ninety-five percent of global data flows are transmitted through them.
The number is doing the work of an argument.
You read it and you feel, viscerally, that something so vital must be protected and whatever protection looks like, it must be worth the cost.
That is how doctrine gets written now.
Not with tanks, not with treaties, but with statistics placed so precisely that the conclusion appears to arrive on its own.
I have been watching the subsea cable file for a while as a maritime security professional, but also as someone who lives in a country where several of the world's critical digital arteries surface.
What is happening in Washington right now is not, properly speaking, a cable protection bill.
It is the quiet legislative reclassification of a global commercial network into a strategic military asset, and it is being done through a door almost no one is watching: the door of narrative.
What the Act Actually Does
Let me walk through the legislation, because most of the summaries floating around have been written by people who read the press release and stopped there.
The Strategic Subsea Cables Act of 2026, introduced in March by Representatives Wilson and Meeks with Senate companions from Shaheen and Barrasso, pairs with H.R.2503, an export control bill that industry analysts have already started calling "the shield" to the Act's "sword."
The shield keeps subsea cable manufacturing and maintenance technology out of Chinese hands, accelerating what submarine industry observers describe as a formal split between "trusted" Western cable supply chains and "untrusted" Chinese ones.
The sword, this new Act, does four things.
It mandates sanctions against any foreign person who intentionally damages undersea infrastructure.
It creates ten full-time State Department positions dedicated to cable diplomacy, with instructions to work the International Cable Protection Committee harder and to build a multinational fleet of dedicated repair ships.
It establishes a presidential interagency committee to coordinate U.S.cable policy across the Department of State, Homeland Security, the Department of War, the Department of Commerce, and others.
And it requires federal agencies to share threat information directly with private cable operators, who are, let us remember, commercial telecommunications companies.
Read those four elements together, and something becomes clear that the summaries do not state.
The Act is not designed to protect cables.
It is designed to enroll them.
A commercial fiber-optic line laid by a consortium of private carriers becomes, under this framework, a node in an American-led enforcement architecture, one whose operating concept is sanctions, whose intelligence-sharing moves in one direction, and whose legal theory rests on intentional state-sponsored sabotage.
And here is where the architecture starts to show its seams.
Of the roughly six hundred active cables on the planet, around four private firms; SubCom (United States), Alcatel Submarine Networks (France), NEC (Japan), and HMN Technologies (China), manufacture and install the overwhelming majority.
Consortiums own most of the cables.
Landings are scattered across dozens of jurisdictions.
The repair fleet, such as it is, is chronically undersized and aging.
No single government commands this system.
No single government can.
The Act does not attempt to build shared governance; it attempts to install U.S. jurisdiction over the parts that can be reached through sanctions, licensing, and the threat of private litigation.
It is, functionally, a workaround for the fact that the actual system is bigger than any one state.
Juha Martelius and the Inconvenient Problem of Evidence
Which brings me to a name most people in the defense community outside Europe have never heard.
Juha Martelius is the director of Supo, Finland's Security and Intelligence Service, an agency whose sole job is to understand what is actually happening on and under the water between Finland and Russia.
In March of this year, Supo published its National Security Overview for 2026, and Martelius put something on the record that Washington has not yet fully absorbed.
Direct quote, publicly delivered: "Our understanding has been that there has been no deliberate Russian state activity in the background.
It is a very broadly shared view in the other European intelligence community."
Let that sit for a moment.
The sword, this new Act, does four things.
It mandates sanctions against any foreign person who intentionally damages undersea infrastructure.
It creates ten full-time State Department positions dedicated to cable diplomacy, with instructions to work the International Cable Protection Committee harder and to build a multinational fleet of dedicated repair ships.
It establishes a presidential interagency committee to coordinate U.S.cable policy across the Department of State, Homeland Security, the Department of War, the Department of Commerce, and others.
And it requires federal agencies to share threat information directly with private cable operators, who are, let us remember, commercial telecommunications companies.
Read those four elements together, and something becomes clear that the summaries do not state.
The Act is not designed to protect cables.
It is designed to enroll them.
A commercial fiber-optic line laid by a consortium of private carriers becomes, under this framework, a node in an American-led enforcement architecture, one whose operating concept is sanctions, whose intelligence-sharing moves in one direction, and whose legal theory rests on intentional state-sponsored sabotage.
And here is where the architecture starts to show its seams.
Of the roughly six hundred active cables on the planet, around four private firms; SubCom (United States), Alcatel Submarine Networks (France), NEC (Japan), and HMN Technologies (China), manufacture and install the overwhelming majority.
Consortiums own most of the cables.
Landings are scattered across dozens of jurisdictions.
The repair fleet, such as it is, is chronically undersized and aging.
No single government commands this system.
No single government can.
The Act does not attempt to build shared governance; it attempts to install U.S. jurisdiction over the parts that can be reached through sanctions, licensing, and the threat of private litigation.
It is, functionally, a workaround for the fact that the actual system is bigger than any one state.
Juha Martelius and the Inconvenient Problem of Evidence
Which brings me to a name most people in the defense community outside Europe have never heard.
Juha Martelius is the director of Supo, Finland's Security and Intelligence Service, an agency whose sole job is to understand what is actually happening on and under the water between Finland and Russia.
In March of this year, Supo published its National Security Overview for 2026, and Martelius put something on the record that Washington has not yet fully absorbed.
Direct quote, publicly delivered: "Our understanding has been that there has been no deliberate Russian state activity in the background.
It is a very broadly shared view in the other European intelligence community."
Let that sit for a moment.
Source: Dmitri Fedotkin/ERRThe country that lost the Estlink 2 power cable on Christmas Day 2024.
The country that seized the Eagle S tanker, spent months investigating it, charged its officers with aggravated criminal mischief, and then watched its own courts struggle with the fundamental legal question of whether anchor drag outside territorial waters could even be prosecuted as sabotage under existing law.
The country that knows exactly how to run a cable incident to ground, because it has done it, that country, through the agency best positioned to know, is saying: slow down.
Not every cable fault is a hybrid warfare attack.
And labeling every incident as Kremlin-directed sabotage, Supo warns explicitly in its assessment, "may actually amplify the fear and perceived reach of Russian power, which serves Russian strategic interests."
In intelligence terms, this is a devastating observation.
Finland is essentially telling the rest of the Western alliance that the narrative around subsea cable incidents is running ahead of the evidence, and that the narrative itself is doing Moscow's work for it.
There is a deeper technical point embedded in Supo's caution that deserves attention.
The Baltic Sea, where most of the recent incidents have clustered, sees an enormous volume of commercial traffic through shallow, cable-dense waters.
Of the roughly 150 to 200 cable faults that occur worldwide every year, the overwhelming majority are caused by fishing trawlers and anchor drops in waters under two hundred meters.
Seven cable cuts in the Baltic between November 2024 and January 2025 sounds alarming, and it is.
But it is also statistically consistent with what happens when shadow fleet vessels, poorly maintained, crewed by people working under opaque ownership structures, operating tankers with documented equipment failures transit one of the world's most cable-dense shallow seas.
Some of those incidents are almost certainly deliberate.
Some are almost certainly not.
Distinguishing between the two requires forensic patience that a sanctions-driven policy framework actively discourages.
The Eagle S case is the case study nobody wants to talk about.
Finnish prosecutors could not prove intent.
They pivoted to a clever argument, that operating a vessel so poorly maintained that its windlass could malfunction constituted criminal recklessness but the court was unmoved on the jurisdictional question of damage occurring in the exclusive economic zone rather than territorial waters.
The tanker was eventually released.
The crew returned home.
The cable was repaired.
And Finland was left with a legal system that had tried, in good faith, to prosecute suspected cable sabotage under the rule of law and run aground on structural limitations that international maritime law never contemplated when it was written.
The Strategic Subsea Cables Act does not solve that problem.
It routes around it.
If the courts cannot prove intent, sanction the ship's beneficial owner.
If the flag state is useless, target the registry itself.
If the evidence is ambiguous, let the cable owner file a civil suit that does not require the same burden of proof.
This is not the rule of law being strengthened.
It is the rule of law being supplemented by the rule of unilateral economic pressure, and the supplement is quickly becoming the main instrument.
The Attribution Problem
Here is the gap that most Western defense commentary is refusing to address.
It is not a question of whether Russia has the capability and intent to damage subsea infrastructure.
It plainly does.
The GUGI fleet, Russia's Main Directorate for Deep Sea Research, maintains special-purpose vessels at Olenya Guba that are explicitly designed for seabed operations, including deep-diving submersibles, oceanographic surveillance ships, and nuclear-powered auxiliary submarines built for exactly this kind of work.
The reconnaissance patterns in the Baltic are real and have been documented for years.
No serious analyst disputes any of that.
The question is whether a legislative and sanctions architecture should be built on the assumption that every incident is confirmed sabotage, when the country with the most operational experience is telling us that sometimes a dragged anchor is a dragged anchor, and sometimes a windlass really does malfunction on a rusty tanker owned by a brass-plate company at a Dubai hotel address.
There is, of course, a middle category that deserves its own scrutiny: incidents that are not state ordered but are state tolerated, recklessness that Moscow neither commands nor prevents because the resulting chaos serves its interests regardless of who initiated it.
That distinction matters enormously, and it is precisely the kind of distinction that a sanctions first framework is structurally incapable of drawing.
This matters because attribution, once codified into policy, becomes self-reinforcing.
Every subsequent incident gets read through the attributed framework.
Every ambiguity resolves in favor of the conclusion already reached.
Supo has seen this before, in a different context, admittedly, but the institutional memory is relevant.
Finnish intelligence spent much of the Cold War learning how to distinguish between what Moscow was actually doing, what Moscow wanted Helsinki to think it was doing, and what Helsinki's allies were projecting onto the relationship.
That kind of analytical discipline is rare, and it is exactly what the current moment requires.
The American framework does not have that discipline built into it.
It has the opposite: a bipartisan consensus that adversary attribution is politically cheap and politically useful, combined with a legal architecture that rewards speed over accuracy.
It is not a question of whether Russia has the capability and intent to damage subsea infrastructure.
It plainly does.
The GUGI fleet, Russia's Main Directorate for Deep Sea Research, maintains special-purpose vessels at Olenya Guba that are explicitly designed for seabed operations, including deep-diving submersibles, oceanographic surveillance ships, and nuclear-powered auxiliary submarines built for exactly this kind of work.
The reconnaissance patterns in the Baltic are real and have been documented for years.
No serious analyst disputes any of that.
The question is whether a legislative and sanctions architecture should be built on the assumption that every incident is confirmed sabotage, when the country with the most operational experience is telling us that sometimes a dragged anchor is a dragged anchor, and sometimes a windlass really does malfunction on a rusty tanker owned by a brass-plate company at a Dubai hotel address.
There is, of course, a middle category that deserves its own scrutiny: incidents that are not state ordered but are state tolerated, recklessness that Moscow neither commands nor prevents because the resulting chaos serves its interests regardless of who initiated it.
That distinction matters enormously, and it is precisely the kind of distinction that a sanctions first framework is structurally incapable of drawing.
This matters because attribution, once codified into policy, becomes self-reinforcing.
Every subsequent incident gets read through the attributed framework.
Every ambiguity resolves in favor of the conclusion already reached.
Supo has seen this before, in a different context, admittedly, but the institutional memory is relevant.
Finnish intelligence spent much of the Cold War learning how to distinguish between what Moscow was actually doing, what Moscow wanted Helsinki to think it was doing, and what Helsinki's allies were projecting onto the relationship.
That kind of analytical discipline is rare, and it is exactly what the current moment requires.
The American framework does not have that discipline built into it.
It has the opposite: a bipartisan consensus that adversary attribution is politically cheap and politically useful, combined with a legal architecture that rewards speed over accuracy.
The Classical Problem: What a Cable Actually Is
There is an older debate hiding underneath this new one.
In classical international law, subsea cables are commercial infrastructure, and their protection has been governed since 1884 by a convention whose enforcement mechanism is basically "the courts of the flag state will probably do something, eventually."
UNCLOS adds some overlay but does not fundamentally change the commercial character of the assets.
The Strategic Subsea Cables Act does not amend either framework.
What it does instead is create a parallel, unilateral enforcement regime grafted onto commercial assets, one where the U.S.
government shares "threat information" with private operators, imposes sanctions on suspected saboteurs, and encourages cable owners to pursue private lawsuits against anonymous defendants in the style of Google's recent "Does 1 through 25" case, a civil action in which the company sued unnamed defendants operating fraudulent online advertising schemes linked to Chinese networks, using discovery mechanisms to unmask anonymous actors.
CSIS has been admirably candid about this framework, calling it "deterrence by detection" and "deterrence by punishment," and crediting it with a novel virtue: eliminating "plausible deniability."
I understand the appeal.
I really do.
Faced with a string of cable incidents in the Baltic and growing nervousness about Chinese behavior in the South China Sea, something has to be done.
But "deterrence by detection" is only as good as the attribution regime underneath it.
And if Finland, whose intelligence service is paid to be paranoid about exactly this question, is publicly saying the attribution is shakier than the headlines suggest, then what the Act is actually deterring may not be sabotage.
It may be deniability itself.
Which is a different, more interesting, and considerably more aggressive thing.
Deniability, in the grammar of international relations, is what allows states to act in the grey zone without triggering formal escalation.
Stripping it away sounds like a pure good, who, after all, is in favor of plausible deniability? The counter argument is not frivolous: deniability is also an enabler, the very mechanism that allows grey zone operations to continue without consequence, and reasonable analysts can disagree about which function predominates.
But in practice, deniability also functions as a shock absorber.
It creates space for quiet de-escalation, backchannel resolution, and the slow work of attribution that Finnish courts, for all their failures, have at least tried to do properly.
A regime that eliminates deniability through pre-attributed sanctions does not reduce hybrid warfare.
It simply relocates the escalation from the water to the courtroom, from the courtroom to the sanctions list, and from the sanctions list to wherever comes next.
What This Looks Like From Outside Washington
For countries positioned at the intersection of multiple cable corridors, Türkiye being one of them, with Mediterranean and Black Sea systems landing and transiting through our jurisdiction, a legislative architecture that converts commercial cables into strategic U.S.
assets is not a neutral development.
It is the extraterritorial extension of American maritime authority over infrastructure that touches our territorial waters, exclusive economic zones, and landing stations.
The Act does not ask Türkiye's permission to sanction a vessel that happens to drag its anchor near a cable running through our seabed.
It does not require coordination with the countries whose forensic intelligence services may have reached different conclusions about a given incident.
It simply installs Washington as the primary adjudicator of what counts as sabotage, what counts as accident, and what penalties attach to each.
Consider what this means in practice.
A Russian-linked tanker damages a cable in the Black Sea.
Under the Act, the U.S.
Treasury can move against the vessel's beneficial owner, freeze its assets, and pressure its insurers and classification society, all before a Turkish investigation has even begun.
Cable owners, many of them American companies, can file civil suits in U.S.
courts for damages that occurred in our waters.
Sanctions packages can be built on intelligence we did not participate in collecting and attribution judgments we did not review.
The enforcement architecture operates regardless of whether the coastal state agrees with the underlying analysis.
This is STRATCOM in legislative form, not the discipline of strategic communications as commonly understood, but its older sibling, the construction of an interpretive framework so dense, so pre-populated with conclusions, that disagreement sounds naive.
When every cable incident arrives with its attribution already attached, the policy response becomes automatic.
When the policy response becomes automatic, the policy framework becomes permanent.
When the policy framework becomes permanent, the cables themselves stop being commercial infrastructure in any meaningful sense.
They become something else.
They become a theatre.
And theatres, as anyone who has studied maritime security knows, are never neutral spaces.
What Can Be Done
What is to be done, then, by those of us who are not writing the legislation in Washington but who will have to operate inside its consequences?
First, build independent analytical capacity.
Every coastal state with significant cable exposure should develop its own forensic and attribution expertise, separate from whatever Washington's interagency committee decides to share.
Finland's Supo is a model precisely because it is willing to say "we do not see what you say you see." That kind of epistemic independence is now a strategic asset, not a diplomatic inconvenience.
For Türkiye specifically, with our existing maritime intelligence infrastructure and our geographic position at the chokepoints of two cable theatres, this capacity is achievable within a realistic timeframe if the institutional will exists to build it.
Second, insist on the older framework.
Subsea cables are commercial infrastructure under the 1884 convention and under UNCLOS.
They are also strategic in effect, yes, but collapsing the distinction between commercial and military in legal terms is exactly the move that allows unilateral enforcement to masquerade as international law.
Countries with cable landings should resist the collapse, not because sabotage is fine, but because the legal categories still matter and because once they are collapsed, it will be very difficult to uncollapse them.
International maritime law evolves at the speed of consensus, and unilateral reclassification by the most powerful actor in the system is not consensus.
Third, and this is the part that defense sector LinkedIn will find uncomfortable: recognize that "deterrence by detection" is a narrative weapon before it is a technical one.
The AI, the predictive analytics, the cued satellite imagery, all of it is real and useful.
I have no quarrel with the technology, and the detection architecture has produced real operational value in tracking vessel movements and identifying suspicious transit patterns that would otherwise go unnoticed.
But what gets detected depends on what you are looking for, and what gets reported depends on who is writing the press release.
A maritime security architecture in which only Washington gets to name the saboteurs is not a security architecture.
It is a content strategy with sonar attached.
Fourth, invest in regional cooperation that does not run through Washington.
The Mediterranean cable cluster, the Black Sea landings, the Red Sea transit routes through Egypt, each of these is a theatre where coastal states have direct interest and insufficient coordination.
The European Union's 2025 cable security action plan is a start, but it remains overwhelmingly Atlanticist in its framing.
What is missing is a genuinely regional attribution and response framework that reflects the intelligence priorities and legal traditions of the states whose waters actually hold the cables.
The Strategic Subsea Cables Act does not amend either framework.
What it does instead is create a parallel, unilateral enforcement regime grafted onto commercial assets, one where the U.S.
government shares "threat information" with private operators, imposes sanctions on suspected saboteurs, and encourages cable owners to pursue private lawsuits against anonymous defendants in the style of Google's recent "Does 1 through 25" case, a civil action in which the company sued unnamed defendants operating fraudulent online advertising schemes linked to Chinese networks, using discovery mechanisms to unmask anonymous actors.
CSIS has been admirably candid about this framework, calling it "deterrence by detection" and "deterrence by punishment," and crediting it with a novel virtue: eliminating "plausible deniability."
I understand the appeal.
I really do.
Faced with a string of cable incidents in the Baltic and growing nervousness about Chinese behavior in the South China Sea, something has to be done.
But "deterrence by detection" is only as good as the attribution regime underneath it.
And if Finland, whose intelligence service is paid to be paranoid about exactly this question, is publicly saying the attribution is shakier than the headlines suggest, then what the Act is actually deterring may not be sabotage.
It may be deniability itself.
Which is a different, more interesting, and considerably more aggressive thing.
Deniability, in the grammar of international relations, is what allows states to act in the grey zone without triggering formal escalation.
Stripping it away sounds like a pure good, who, after all, is in favor of plausible deniability? The counter argument is not frivolous: deniability is also an enabler, the very mechanism that allows grey zone operations to continue without consequence, and reasonable analysts can disagree about which function predominates.
But in practice, deniability also functions as a shock absorber.
It creates space for quiet de-escalation, backchannel resolution, and the slow work of attribution that Finnish courts, for all their failures, have at least tried to do properly.
A regime that eliminates deniability through pre-attributed sanctions does not reduce hybrid warfare.
It simply relocates the escalation from the water to the courtroom, from the courtroom to the sanctions list, and from the sanctions list to wherever comes next.
What This Looks Like From Outside Washington
For countries positioned at the intersection of multiple cable corridors, Türkiye being one of them, with Mediterranean and Black Sea systems landing and transiting through our jurisdiction, a legislative architecture that converts commercial cables into strategic U.S.
assets is not a neutral development.
It is the extraterritorial extension of American maritime authority over infrastructure that touches our territorial waters, exclusive economic zones, and landing stations.
The Act does not ask Türkiye's permission to sanction a vessel that happens to drag its anchor near a cable running through our seabed.
It does not require coordination with the countries whose forensic intelligence services may have reached different conclusions about a given incident.
It simply installs Washington as the primary adjudicator of what counts as sabotage, what counts as accident, and what penalties attach to each.
Consider what this means in practice.
A Russian-linked tanker damages a cable in the Black Sea.
Under the Act, the U.S.
Treasury can move against the vessel's beneficial owner, freeze its assets, and pressure its insurers and classification society, all before a Turkish investigation has even begun.
Cable owners, many of them American companies, can file civil suits in U.S.
courts for damages that occurred in our waters.
Sanctions packages can be built on intelligence we did not participate in collecting and attribution judgments we did not review.
The enforcement architecture operates regardless of whether the coastal state agrees with the underlying analysis.
This is STRATCOM in legislative form, not the discipline of strategic communications as commonly understood, but its older sibling, the construction of an interpretive framework so dense, so pre-populated with conclusions, that disagreement sounds naive.
When every cable incident arrives with its attribution already attached, the policy response becomes automatic.
When the policy response becomes automatic, the policy framework becomes permanent.
When the policy framework becomes permanent, the cables themselves stop being commercial infrastructure in any meaningful sense.
They become something else.
They become a theatre.
And theatres, as anyone who has studied maritime security knows, are never neutral spaces.
What Can Be Done
What is to be done, then, by those of us who are not writing the legislation in Washington but who will have to operate inside its consequences?
First, build independent analytical capacity.
Every coastal state with significant cable exposure should develop its own forensic and attribution expertise, separate from whatever Washington's interagency committee decides to share.
Finland's Supo is a model precisely because it is willing to say "we do not see what you say you see." That kind of epistemic independence is now a strategic asset, not a diplomatic inconvenience.
For Türkiye specifically, with our existing maritime intelligence infrastructure and our geographic position at the chokepoints of two cable theatres, this capacity is achievable within a realistic timeframe if the institutional will exists to build it.
Second, insist on the older framework.
Subsea cables are commercial infrastructure under the 1884 convention and under UNCLOS.
They are also strategic in effect, yes, but collapsing the distinction between commercial and military in legal terms is exactly the move that allows unilateral enforcement to masquerade as international law.
Countries with cable landings should resist the collapse, not because sabotage is fine, but because the legal categories still matter and because once they are collapsed, it will be very difficult to uncollapse them.
International maritime law evolves at the speed of consensus, and unilateral reclassification by the most powerful actor in the system is not consensus.
Third, and this is the part that defense sector LinkedIn will find uncomfortable: recognize that "deterrence by detection" is a narrative weapon before it is a technical one.
The AI, the predictive analytics, the cued satellite imagery, all of it is real and useful.
I have no quarrel with the technology, and the detection architecture has produced real operational value in tracking vessel movements and identifying suspicious transit patterns that would otherwise go unnoticed.
But what gets detected depends on what you are looking for, and what gets reported depends on who is writing the press release.
A maritime security architecture in which only Washington gets to name the saboteurs is not a security architecture.
It is a content strategy with sonar attached.
Fourth, invest in regional cooperation that does not run through Washington.
The Mediterranean cable cluster, the Black Sea landings, the Red Sea transit routes through Egypt, each of these is a theatre where coastal states have direct interest and insufficient coordination.
The European Union's 2025 cable security action plan is a start, but it remains overwhelmingly Atlanticist in its framing.
What is missing is a genuinely regional attribution and response framework that reflects the intelligence priorities and legal traditions of the states whose waters actually hold the cables.
The Argument, in the End
I will end with the sentence that started this piece.
Ten trillion dollars in transfers every day, ninety-five percent of global data.
Those numbers are real.
But they describe a commercial network that serves everyone, built mostly by four private companies, maintained by repair ships crewed by labour from a dozen countries, funded by consortiums that cross every geopolitical fault line on the planet.
It is one of the few genuinely shared pieces of infrastructure that the modern world still has.
The fact that my bank transaction and a Chinese financial transfer and a Russian diplomatic cable all ride the same fiber-optic strand for part of their journey is not a vulnerability to be eliminated.
It is a rare, dwindling piece of functional interdependence.
The question is whether we protect it as something shared, or whether we let it be drafted into somebody else's war.
Finland, quietly, is arguing for the former.
The Strategic Subsea Cables Act is quietly delivering the latter.
And the rest of us are going to have to decide, sooner than we think, which architecture we actually want to live inside.
No comments:
Post a Comment