ENERGY SECURITYNord Stream Pipeline Sabotage: How an Attack Could Have Been Carried Out and Why Europe Was Defenseless

By Christian Bueger

Published 5 October 2022

Whatever caused the damage to the Nord Stream gas pipelines in the Baltic Sea, it appears to be the first major attack on critical “subsea” (underwater) infrastructure in Europe. This raises the question of the vulnerabilities of European pipelines, electricity and internet cables, and other maritime infrastructure. Europe will have to revisit its policies for protecting them.

Whatever caused the damage to the Nord Stream gas pipelines in the Baltic Sea, it appears to be the first major attack on critical “subsea” (underwater) infrastructure in Europe. It’s now widely thought – not least by NATO – that the explosions that led to major leaks in the two pipelines were not caused by accidents. The alliance says they were a deliberate act of sabotage.

The attacks occurred in the exclusive economic zones of Denmark and Sweden and demonstrate the risks that Europe’s subsea infrastructures are facing. This raises the question of the vulnerabilities of European pipelines, electricity and internet cables, and other maritime infrastructure. Europe will have to revisit its policies for protecting them.

But it is still unclear how the attacks were carried out. The investigations will probably take months to complete, but there are two likely scenarios. A first option is that the attacks could have been carried out as an underwater operation using advanced submarine technology.

This implies that we are looking at a state and its navy. Although the attacks took place outside the territorial waters of the NATO members Denmark and Sweden, they could be interpreted as an act of war.

The second scenario is an operation launched from a privately owned surface vessel, such as a fishing boat being used as a platform for divers or submersibles to place explosives. In this case, the attack vessel was hiding in everyday maritime traffic.

This scenario points us to so called “grey-zone” tactics: an attack by a group acting indirectly on behalf of state interests. The involvement of any government will then be very difficult to verify. This scenario implies that the Nord Stream attack was likely to have been the first ever recorded grey-zone activity in the European subsea.

Grey-zone tactics are increasingly common at sea, and have been associated with the Iranian Revolutionary Guards seizing ships, or the Chinese fishing fleet advancing territorial claims.

Grey-zone tactics at sea have not been extensively studied, but similar tactics are well understood in the cyber domain. In that domain it is usually a hacker group operating formally “independent” from governmental agencies that carry out an attack.

The comparison to the cyber world is useful as it gives us insights into why the maritime domain is very vulnerable. The sea is more similar to cyberspace than first meets the eye.