Seventeen fibre-optic cables thread through the Strait of Hormuz, carrying roughly 30 per cent of intercontinental data alongside a third of seaborne oil. The chokepoint everyone has been planning around for fifty years now carries two cargoes simultaneously. A paper published this week made the case formally that Hormuz is no longer simply an oil chokepoint, because the same strait moves data at strategic scale (Hormuz cable analysis, 2026). Disruption of either cargo would cascade into the other in ways that current policy frameworks treat as separate problems.
The pattern is current rather than emerging. The 2026 Middle East conflict has placed those 17 Hormuz cables directly in the path of any escalation that involves the strait. The Baltic Sea saw cable disruptions in late 2025 that triggered national-level responses from Finland, including the seizure of vessels suspected of dragging anchors across cable routes (Bulletin of the Atomic Scientists, 2026). Russian and Chinese surveillance vessels have been observed loitering near critical cable routes in the Indo-Pacific over the past eighteen months. Those incidents are now stable enough to constitute a strategic posture rather than a sequence of unrelated events.
The basic infrastructure facts deserve to be repeated because they are routinely underestimated. Approximately 97 per cent of intercontinental internet traffic and around 80 per cent of US military communications travel through physical cables on the ocean floor. The cables are fragile by industrial standards. Cables can be cut by mechanical accident or by deliberate action. Either causes an outage that takes weeks to repair when a specialised cable-laying vessel can be tasked to the location, and longer if access to the affected area is contested. There is no commercial redundancy at the scale of an entire intercontinental segment failing simultaneously, and the cable-laying fleet capable of repairing damage at speed is small and concentrated in a handful of countries. Calling the system “the cloud” creates an impression of distributed resilience that the underlying physical layer does not possess.
A Georgetown framework published in February ties the threat picture together analytically (Georgetown Journal of International Affairs, 2026). The framework argues that undersea cable threats have moved into what the authors call a “post-physical” context, in which cyber-attacks on cable landing stations and against the digital control systems that manage the infrastructure introduce attack vectors that did not exist a decade ago. Autonomous underwater vehicles add another vector for surveillance and physical disruption that did not exist at scale before. The post-physical context matters because it lowers the cost of attack. A state actor no longer needs a submarine to disable a cable. A skilled cyber-operator targeting a landing station may achieve a similar operational effect at a fraction of the resource commitment, and with significantly more deniability about the source of the action.
The ownership and financing landscape pulls a different concern into focus alongside the threat picture. China’s increasing involvement in financing and constructing submarine cable projects has heightened concerns among US allies about foreign control over critical digital infrastructure (Center for Strategic and International Studies, 2026). The specific concerns are surveillance access through landing stations and influence over how new cables are routed. The Indo-Pacific cable architecture has become the focus of strategic competition between the United States and its allies on one side and Chinese state-affiliated firms on the other. The competition is concrete rather than theoretical. It is shaping which cables get built and where they land, and which providers will maintain them under crisis conditions.
For Australia, the cable layer is inseparable from the broader Indo-Pacific maritime security picture. The India-Australia maritime security convergence captured under the SAGAR framing recognises that freedom of navigation in the Indian Ocean is a shared strategic interest. The digital dimension of that freedom, the security of the data transit infrastructure running through the same waters, has not yet received equivalent policy attention. The cable picture is largely missing from Australian public debate about Indo-Pacific strategy. ADF communications and Australian financial settlement systems both depend on the cable infrastructure for cross-border operations, and that dependence does not show up in the public discussion.
The European response is the most uncomfortable comparison for Australia. Finland responded to the Baltic disruptions with a coordinated national-level response involving military and civilian agencies under a shared incident framework. The Finnish response demonstrated that the institutional capacity to handle a cable crisis can be built when a country is taking the threat seriously enough to invest in the framework before the crisis happens. Australia does not yet have an equivalent framework. The cable infrastructure question is split awkwardly across Defence and Home Affairs on the public-security side, the Department of Communications and ACMA on the regulatory side, and the cable operators themselves on the commercial side. No single body holds the integration mandate.
I have written separately about a structurally similar pattern in civil defence and national mobilisation, where the 2026 NDS broadened the concept of National Defence to include critical infrastructure resilience but the operational arrangements have not yet caught up. The cable infrastructure problem is one of the clearest cases of that broadening waiting for follow-through. A separate piece on the gap between Australia’s defence AI policy and the operational tempo of modern electronic warfare applies here too: a cable crisis arriving alongside a regional contingency would not respect bureaucratic boundaries any more than a cognitive electronic warfare contest would.
Three policy implications follow from the cable picture. First, Australia needs a published cable infrastructure resilience strategy. That strategy should integrate physical protection of landing stations with cyber defence of the same landing stations, and an explicit institutional decision-making chain for incident response. Second, the procurement of new cable capacity should be evaluated against criteria that include the strategic ownership and operational maintenance arrangements of the proposed providers, beyond the per-bit cost alone. Third, the cable layer should be visible in Australian Indo-Pacific strategy at the same level as port access and freedom of navigation, because the data transit security that depends on the cables is now an instrument of strategic competition rather than a background utility.
For consultants and policy professionals working at the defence and critical infrastructure boundary, the cable problem is an emerging advisory domain in which Australian capability is presently shallow. Few Australian firms have deep expertise in submarine cable engineering paired with cyber defence of landing stations. National security incident response capability that integrates the two is rarer still. The opportunity to build that expertise is open, and the demand for it will increase rather than decrease over the next decade.
The internet has a coastline. Most of Australia’s policy treats it as if it does not, and the gap between the policy treatment and the threat picture is widening rather than narrowing. The most useful starting point would be to name the cable infrastructure problem in the same documents that already name energy security and fuel security alongside critical mineral supply chains, and to begin building the institutional capacity that the threat picture suggests is now required.
References
Bulletin of the Atomic Scientists. (2026, February). Seabed zero: Baltic sabotage and the global risks to undersea infrastructure.
Center for Strategic and International Studies. (2026). Invisible and Vital: Undersea Cables and Transatlantic Security.
Department of Defence. (2026). 2026 National Defence Strategy and Integrated Investment Program. Commonwealth of Australia.
Georgetown Journal of International Affairs. (2026, February). Critical Undersea Infrastructures: A Framework to Address Threats in a Post-Physical Context.
Hormuz cable analysis. (2026). The Strait of Hormuz undersea cable network and concentrated chokepoint risk. OpenAlex (Zenodo deposit).
Iran threatens 17 undersea cables carrying 30 per cent of global traffic. (2026). Asian Bureau of Hardware Security analysis.
Russell Buzby 
Leave a comment