Submarine cables carry over 99% of international data traffic and face unprecedented cybersecurity challenges that extend far beyond traditional network security.
In this episode of the TeleGeography Explains the Internet podcast, Ferris Adi, Chief Information Security Officer at Trans Americas Fiber System, recently shared insights on the evolving threat landscape and strategic approaches to protecting these vital assets.
Here are some key takeaways from the conversation.
Subscribe to get more episodes:
Apple | Amazon | Spotify | Stitcher | TuneIn | Podbean | RSS | YouTube
Submarine cable systems face threats across three critical domains: physical, logical, and geopolitical.
The challenge is compounded by shared vendor platforms lacking end-to-end encryption and role-based access controls. A single vulnerability—whether an unsigned firmware update or unsecured vendor API—can trigger regional-scale outages or traffic manipulation.
Submarine cables by nature cross multiple jurisdictions, creating a complex compliance environment. In the Americas, the FCC's recent Notice of Proposed Rulemaking signals a new era where cybersecurity is treated as a national security risk, requiring mandatory risk management plans and annual compliance certifications. However, global enforcement remains uneven.
While regions like Europe maintain stringent regulations similar to U.S. standards, other areas may have less developed or inconsistently enforced cybersecurity requirements. Adi's advice: don't wait for local regulations to catch up. Instead, embed security into every system layer and maintain strong partnerships with trusted vendors and local governments. The goal should be staying ahead of regulatory requirements rather than merely meeting minimum compliance standards.
The mindset around security breaches must shift from prevention-focused to resilience-focused thinking. "You cannot prevent every breach," Adi emphasizes, "But you can control the damage." A solid post-breach strategy starts with preparation: detailed incident response plans, well-defined stakeholder roles, regular tabletop exercises, and tested backup systems.
The difference between a manageable breach and a full-scale crisis often comes down to preparation and communication. Clear roles prevent confusion about who communicates with customers and media, while transparent internal communication keeps stakeholders informed at every step. Companies that detect threats early, isolate quickly, and recover with minimal disruption demonstrate true cyber resilience.
Looking ahead, AI presents both opportunities and challenges. While bad actors leverage AI for more sophisticated phishing campaigns and adaptive malware, defenders can use AI to analyze vast telemetry data and detect patterns humans might miss. However, this creates an ongoing arms race where offensive capabilities currently seem to have the advantage.
Quantum computing represents a longer-horizon but critical threat that could potentially break all current encryption methods. The "harvest now, decrypt later" approach means attackers are already stealing encrypted data in anticipation of quantum capabilities. Organizations must begin quantum risk assessments now, understanding where critical data resides, how long it needs protection, and what cryptographic systems they rely on.
Cybersecurity must evolve from a technical silo to a boardroom-level responsibility. Security resilience requires shared accountability across the entire organization, with every executive understanding that cyber risk equals business risk. For submarine cable operators, this is particularly crucial since they're selling secure transport—trust is the foundation of their entire business model.
Securing submarine cables requires not just technical solutions but a fundamental shift in how we think about cybersecurity: as an enabler of business rather than just a cost center, and as a shared responsibility rather than an IT problem.
Watch episode 1 in this cable series below, or check out the key takeaways here.
How do we understand and address the challenges facing the submarine cable maintenance sector? That's what Mike Constable of Infra Analytics and TeleGeography’s Lane Burdette and Alan Mauldin lay out in this landmark report. Download the report here.
Where are submarine cable stations located? What is the average number of cables per CLS? This analysis by Lane Burdette summarizes the data from TeleGeography’s new cable landing station (CLS) database. View and save the report.
Data and analysis on long-haul networks and the undersea cable market, with forecasts of international bandwidth supply, demand, prices, and revenues. Take a look at the platform here.
Data and analysis on international internet capacity, traffic, service providers, and pricing, with forecasts of IP transit service volumes, prices, and revenues by country and region. Check out how it works.