### REGISTER NOW ### for our vitally important 2-panel event “The Energy Crisis and Russian Aggression Against Ukraine – Key Challenges for the Central European Energy Sector”, on Thursday December 8, 13:00 – 17:00 CET (Address: Rue Belliard 40, 1040 Brussels). High-profile confirmed speakers include Kadri Simson, European Commissioner for Energy, EC; Leszek Jesień, Chairman of the Board, CEEP; Jerzy Buzek, MEP and former president of the European Parliament; Edvard Kozusnik, Deputy Minister for Trade and the Economy, Czech Republic; Cristina Lobillo Borrero, Director of Energy Policy, DG ENER; Pawel Stanczak, CEO, OGTSU (Ukrainian gas TSO); Lukas Trakimavičius, Subject Matter Expert, NATO Energy Security Centre of Excellence. How can we prioritise next steps to protect our common interest? A secure, affordable energy supply for all sectors means open discussion, co-ordination and planning right across the supply chain and into transmission and distribution networks. Chief representatives from suppliers, grid-operators, distributors and security experts gather with leaders from the EU’s policy-making institutions (national, EC and EP) to share their concerns and proposals at this critical moment. Click HERE to register [Promoted by CEEP] ###
Here, Frank Umbach at EUCERS, University of Bonn explains why the EU must now make “Critical Infrastructure Protection” a priority. He lays out the events that brought us here, namely Russia’s invasion of Ukraine and the subsequent sabotage of the Nord Stream pipelines, undersea cables, and targeted surveillance of European infrastructure. Russia is blamed as the culprit, and Umbach points at the response of the U.S., China and India to show the global implications of Europe’s security. A coordinated and robust response at both the EU and the national level is essential, says Umbach, not least because more than 80 percent of Europe’s critical infrastructure is in the hands of private companies.
On September 26 this year, Sweden and Denmark detected four leaks in the 1,224km-long undersea gas pipelines of Nord Stream 1 and 2, linking Russia to Germany and Europe, at four locations. Two of the blasts occurred in Sweden’s Exclusive Economic Zone (EEZ) and two in Denmark’s EEZ. Seismologists in Denmark and Sweden had already registered tremors as high as 2.3 on the Richter scale in the immediate vicinity of the leaks and excluded any earthquakes or other natural reasons for the identified tremors. Last summer, U.S. intelligence had already warned its allies of sabotage assaults on pipelines and other critical infrastructures (CIs).
Immediately afterwards, the governments of Sweden and Denmark announced that the leaks were the result of a deliberate sabotage as the four explosions were coordinated as well as planned and implemented. The blasts stopped the possibility of gas flowing from Russia to Germany through both pipelines. But it also caused the world’s single biggest leak of methane ever recorded (methane is a primary natural gas component and is up to 80 times more dangerous than CO2 for accelerating climate change).
A few days later, another sabotage happened: the fibre-optic communication cables of the German rail network at two different places, resulting in prolonged train and service disruption, had also been cut in a coordinated way by a calculated “malicious and targeted action”. It even affected international train connections. In both cases, the sabotage had been highly coordinated with some detailed knowledge which suggested that only a state actor could conduct those sophisticated attacks. One week prior to the pipeline sabotage, Norway observed unidentified drones at six offshore energy infrastructures of Norway’s oil and gas producer Equinor and three other facilities owned by other companies. Those drones are believed to have been flown from Russian vessels, suspected of “fishing for secrets”. Since the pipeline explosions, Norway fears another sabotage of its own oil and gas infrastructures as it has become Europe’s most important oil and gas suppliers during the Ukraine war.
Thus, the EU is facing increased threats towards its CIs amid the war in Ukraine and has heightened attention to new hybrid security risks as well as infrastructural resilience in particular. Both the European Parliament and the European Council had already agreed prior to the pipeline assault to deepen the legislative framework to strengthen the resilience of entities operating CIs and updating the EU’s 2008 CI directive. But the law might not come into effect until 2024.
### REGISTER NOW### “The Energy Crisis and Russian Aggression Against Ukraine – Key Challenges for the Central European Energy Sector”. DATE: Thursday December 8, 13:00 – 17:00 CET. ADDRESS: Rue Belliard 40, 1040 Brussels.
High-profile confirmed speakers include:
- Kadri Simson, European Commissioner for Energy, EC
- Leszek Jesień, Chairman of the Board, CEEP
- Jerzy Buzek, MEP and former president of the European Parliament
- Edvard Kozusnik, Deputy Minister for Trade and the Economy, Czech Republic
- Cristina Lobillo Borrero, Director of Energy Policy, DG ENER
- Pawel Stanczak, CEO, OGTSU (Ukrainian gas TSO)
- Lukas Trakimavičius, Subject Matter Expert, NATO Energy Security Centre of Excellence.
How can we prioritise next steps to protect our common interest? A secure, affordable energy supply for all sectors means open discussion, co-ordination and planning right across the supply chain and into transmission and distribution networks. Chief representatives from suppliers, grid-operators, distributors and security experts gather with leaders from the EU’s policy-making institutions (national, EC and EP) to share their concerns and proposals at this critical moment. Click HERE to register [Promoted by CEEP]
What are “Critical Infrastructures”?
Although the topic of critical infrastructure protection (CIP) is not really a new one, it has remained an expert discussion without any larger European debate about new vulnerabilities, risks, and effective countermeasures for enhancing the resilience of CIs.
Among security experts and for the European Commission, CIs are considered to be particularly vulnerable, as they are of paramount importance for the survival of the state and the maintenance of its vital state functions. CIs include information and telecommunications systems as well as the transport and traffic, energy supply, healthcare, financial and other sensitive services sectors. These CIs are characterised by a high degree of internal complexity and of interdependence and vulnerability.
At the same time, until a few years ago, the specific responsibilities, legal provisions and regulations between the member states within the EU-27 were very different, without there being common security standards, regulations and an obligation to report serious cyberattacks. This continues at the national level, especially in federal forms of government, as in Germany, between the federal and state levels as well as between different ministries. In addition, in Europe and Germany, more than 80 percent of all critical infrastructure is in the hands of private companies. This requires continuous and trusting cooperation between public authorities and the private sector. Until a few years ago, however, this was not sufficiently institutionally organised in any other EU country, nor were the respective responsibilities between the state and the private sector clearly regulated and consensually agreed.
Furthermore, despite raising awareness about CIP by the European Commission more than a decade ago, most of the newly initiated studies since 2008 on behalf of the European Commission had focused understandably on the new cybersecurity challenges of CIs – particularly of its critical energy infrastructures (CEIs) as all CIs are interconnected by a stable supply of electricity and secure access to the internet.
Although physical attacks on CIs have taken place throughout the world during the last 15 years, protection against physical attacks have rather been overlooked after Islamic terrorist attacks stopped happening in Europe. In addition, protection of undersea CIs such as pipelines, internet cables and electricity cables have not really been addressed by governments and industry as their protection is costly and demanding.
Official sabotage investigations and released information
Meanwhile, the four “powerful explosions” and “gross sabotage” attacks of the gas pipelines have been confirmed by the official preliminary investigations by the Swedish and Danish governments, due to the traces of explosives found. But both governments still stopped short of assigning official blame to any foreign state actor.
As some publicly released videos and images of underwater drones have highlighted in Denmark and Sweden, at least 50 metres of the Nord Stream-1 pipeline has been destroyed. The explosion and extensive damage have been so heavy that part of the pipeline has not just been totally destroyed but even buried deeper under the seafloor. These images suggest a heavy explosion with “several hundreds of kilos of explosives” which divers cannot transport by diving to the 70m deep lying pipelines or by using mini-submarines. Thus, the most discussed option is the use of sea mines which need to be transported by larger submarines (or ships). This limits the discussed scenarios and excludes any non-state actors.
Who is the state actor responsible for blasting the pipelines?
In both cases of the sabotage of the gas pipelines as well as the communication cables of the German rail network, Russia has been accused for being responsible, though some conspiracy theories from the Russian government and anti-US critics in the West have also said the U.S., the United Kingdom, Poland and Ukraine are responsible as they have always been long-time opponents of the Russian-German Nord Stream gas pipelines. They have also argued that Russia has no interest in bombing its own gas pipelines. But those conspiracy theories are not plausible as a confirmation would cause a major foreign policy crisis, including within the EU and NATO. Moreover, the German government ended the certification process of the Nord Stream-2 gas pipeline with Russia’s invasion into Ukraine, and then agreed to end all Russian pipeline gas imports by the end of 2024. Russia in return decreased all gas supplies via Nord Stream-1 from last summer and finally stopped all direct Russian gas exports at the end of last August. The U.S. had already become Europe’s largest source of LNG supplier during the last years and has further increased its LNG exports to Europe since last winter. Thus the U.S. has no strategic interest in sabotaging the Nord Stream pipelines any longer. If Washington did it, it would risk its position of being the EU’s and in the future Germany’s most important LNG supplier.
Furthermore, according to unofficial Norwegian and NATO sources, Russia has long experience of cutting undersea cables. It is also suspected of cutting cables for underwater acoustic sensors off the coast of northern Norway. But of course, the Kremlin has repeatedly dismissed any claims it destroyed the pipelines. However, Russia’s Main Directorate of Deep-Sea Research, known as “Gugi”, has a variety of spy and quasi-military ships and special submarines, including the world’s biggest submarine “Belgorod”. The mother submarine can be used for unusually deep-water operations and deploy mini-submarines, under-water drones and divers to cut undersea cables.
In this light and for various reasons, the Kremlin might have resorted to an enhanced hybrid warfare against Western CIs rather than any use of tactical or substrategic nuclear weapons in the escalating Ukraine war. At the most recent meeting of the UN Security Council on September 22, China for the first time showed very open criticism that “the Ukraine crisis is not in the interest of all parties.” Earlier, Russian President Putin admitted “some differences” on certain issues at the summit of the Shanghai Cooperation Organisation on September 15/16. China’s President Xi did not even attend the dinner for undisclosed reasons. In addition, Russian Security Council Chairman Patrushev had to fly to Beijing on September 19 to explain Russia’s recent nuclear threats to the West, which had caused concern in both China and India in the context of Russia’s partial mobilisation and annexation of Ukraine’s eastern oblasts. During the visit of the German Chancellor Olaf Scholz to Beijing at the beginning of this month, both sides condemned officially any Russian threats to use atomic weapons in Ukraine. Already prior to his visit, the U.S. had warned Russia of a “catastrophic response” by triggering Article V of the NATO treaty.
If a Russian sabotage can be confirmed, it will highlight a political signalling that Russia is willing to escalate the hybrid warfare against the West to influence Western political will and decision-making to stop all Western weaponry supplies to Ukraine and to give up all its sanctions against Russia – as the Russian president Vladimir Putin and other Kremlin representatives have repeatedly demanded officially from the West. Thereby, Russia also raises the question particularly for the EU countries whether they really have the political will for longer lasting and escalating economic as well as energy warfare against Russia. A confirmation would also interlink it with the escalating warfare against Ukraine’s CEIs and the increasing domestic pressure by Russian nationalists in the Kremlin’s power ministries. They have accused President Putin of conducting a half-hearted war against Ukraine and demanded an official declaration of war against the NATO countries.
Regardless of the attribution problems of the suspected sabotage assaults, they have highlighted the EU’s vulnerability of its CIs and the need for its protection.
Undersea CIs are a new frontier of warfare
Europe’s and the world’s dependence on a limited number of fibre-optic cables that form the global internet network and links the continents worldwide and islands, has become a rising security concern in the light of new geopolitical conflicts. At present, 95 percent of international internet traffic is transmitted by around 200 major undersea cables – each cable capable of data transfer at about 200 terabyte per second – supplemented by another 340. These cables carry an estimated US$10tn worth of financial transactions every day. They are interconnected at just 10 international, but vulnerable chokepoints.
While the attribution of gas pipeline sabotage and pipeline explosions might be difficult, the attribution of the cutting of cables could be even harder as they can also be damaged by earthquakes, vessels, and submarines.
The vulnerability not only results from sabotage, but also from spying by tapping the undersea cables. In this light, France adopted a “seabed warfare-strategy” last February.
The overall strategic importance of undersea CIs also includes undersea electricity cables. They are increasing annually alongside the expansion of offshore wind power or solar farms, which need electricity cables to connect them with the onshore grid network. Thus, the future electricity supply security of European and many other countries in the world depends increasingly on those offshore renewable energy sources and undersea electricity cables. Hence the safety, security and resilience of maritime and undersea CIs will become an ever more strategic importance for the EU as Russia’s hybrid warfare against Ukraine’s CEIs as well as its suspected sabotage of the Nord Stream pipelines and German communication cables underscore those new risks and vulnerabilities of Europe’s CIs.
As a result of the pipeline sabotage and suspected drone activities over its offshore oil and gas production sites, Norway and its NATO allies have increased the surveillance and maritime patrols to protect of its offshore oil and gas CIs in the air, on sea and even by tracking Russian submarines in its EEZ.
The European Commission’s newly proposed Council recommendation has invited member states to conduct risk assessments of and accelerate work to enhance the resilience of the EU’s CIs. It covers three priority areas: preparedness, response, and international cooperation with a priority on preparedness.
It proposes a more significant role for the Commission in tackling threats and enhancing interaction between the member states and third countries, particularly on CIs with cross-border relevance. It also includes the implementation of coordinated risk assessments under the revised Network and Information Security Directive (NIS2), which is a political agreement reached last May. It also calls on the member states to transpose both the revised NIS2 and the Directive on the Resilience of Critical Entities (CER). The latter aims to strengthen the capacity of states to protect their CIs against and respond to a range of security risks resulting from terrorist attacks to natural disasters.
But for coping with any increased hybrid warfare against Europe’s and transatlantic undersea internet cables, the EU needs not just new adequate regulations but also new capabilities for enhancing the resilience of its undersea CIs such as cables, including sufficient undersea internet, communication, and electricity cables as well as ships for conducting repairs in emergency situations in an era of rising geopolitical conflicts. Resilience needs to become an essential part of both CIP and the Western deterrence strategy against overall aggression by other major powers.
Frank Umbach is Head of Research at the European Cluster for Climate, Energy and Resource Security (EUCERS), Center for Advanced Security, Strategic and Integration Studies (CASSIS), University of Bonn