Full Report
Submarine cables connecting Europe have suffered multiple incidents in recent years, which have raised awareness regarding the criticality and vulnerability of submarine cables carrying data or electricity. To address these concerns, the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy adopted the EU Action Plan on Cable Security on 21…
Analysis Summary
# Main Topic
The increasing criticality and vulnerability trajectory of submarine data and electricity cables connecting Europe, leading to the European Commission and High Representative's adoption of the EU Action Plan on Cable Security (21 February 2025).
## Key Points
- Multiple incidents involving submarine cables connecting Europe in recent years have heightened awareness regarding infrastructure criticality.
- The **EU Action Plan on Cable Security** was adopted on 21 February 2025 to coordinate actions for enhancing resilience.
- This plan follows the **Commission’s Recommendation 2024/779 on Secure and Resilient Submarine Cable Infrastructures**.
- The response outlines actions across the resilience cycle: prevention, detection, response and recovery, and deterrence.
- The Submarine Cable Infrastructures Expert Group was established to support the implementation, and it published an **EU risk assessment, including mapping and stress test guidance** in October 2025.
## Threat Actors
- No specific threat actors (nation-states or APTs) are identified in the provided context related to this specific action plan or the underlying incidents. The focus is on the threats necessitating the coordinated EU response.
## TTPs
- The context describes the *vulnerability* of the cables but does not detail specific Tactics, Techniques, or Procedures (TTPs) used in prior incidents.
- The Action Plan aims to address threats across the entire resilience cycle, suggesting an interest in TTPs related to **physical and cyber interference** with underwater infrastructure.
## Affected Systems
- Systems affected are **Submarine cables carrying data or electricity** connecting Europe.
- Specific infrastructure cited includes **data and power submarine cable infrastructures**.
## Mitigations
- **Policy/Strategy Implementation:** Adoption and execution of the EU Action Plan on Cable Security.
- **Compliance:** Following the Commission’s Recommendation 2024/779.
- **Risk Management:** Implementation of guidance from the EU risk assessment, including **mapping and stress test guidance**.
- **Resilience Cycle Focus:** Actions implemented across **prevention, detection, response and recovery, and deterrence**.
## Conclusion
Multiple recent incidents have exposed significant vulnerabilities in the network of submarine cables essential to Europe's data and power transmission. In response, the EU has formalized governance through the 2025 Action Plan and previous 2024 Recommendation. The immediate focus for entities involved should be adherence to the risk assessment, mapping, and stress testing guidance published by the Expert Group to immediately enhance resilience against physical and potential cyber threats.