Recent vulnerabilities concerning Finland’s cable infrastructure have come under scrutiny following the damaging actions of the vessel Eagle S, implicated in compromising significant undersea cables connecting Finland and Estonia. On December 25, 2024, the Estlink 2 cable was reported to have sustained damage allegedly caused by the Eagle S’s anchor, raising alarms about the security of Finland’s maritime communications.
According to the investigative journalism site Istories, the captain of Eagle S, Davit Vadatchkoria, is of Georgian descent and had been aboard since October. This incident has drawn significant media attention and raised questions about the robustness of Finland's cable infrastructure and the security of public data related to the location of these cables.
Elina Ussa, CEO of the Finnish telecommunications advocacy group Ficom, has been vocal about the need for improved policies around the transparency of infrastructure data. She criticized incumbent practices, stating, "Finland has been strong on open data, and this unfortunately also extends to the sensitive infrastructure. We have to take action here." Prior to this incident, information about the locations of undersea cables was readily accessible through platforms like the Oskari service, leaving the country's cable networks more exposed than many believed.
The crew on the Eagle S, which flies the Cook Islands flag and is owned by Caravella LLC based in Dubai, has faced scrutiny from Finnish authorities, resulting in several investigations. The police are treating the cable destruction as aggravated sabotage and interference, with some crew members identified as suspects and others as witnesses. A total of about 35,000 tons of unleaded gasoline was reported to be on board Eagle S at the time, indicating significant potential for environmental and infrastructural damage.
Interestingly, it was not only the physical incident at sea but also the larger narrative of data transparency and security practices within Finland's maritime sector came to the forefront. The ability of hostile entities to access sensitive information on cable locations was criticized by Ussa, who remarked on the unexpected accessibility of such details, highlighting the potential risks of publicly available information during times of geopolitical tension. The concern was particularly pronounced following Russia’s invasion of Ukraine, leading to renewed calls for stronger safeguards of infrastructure data.
Ussa expressed her astonishment at the public visibility of such sensitive information, saying, "This was unexpected, which became apparent only after the Russian invasion began. I feel this came as a surprise to officials as well." Her remarks stressed the need for moving toward stronger encryption practices to protect the integrity of Finland’s infrastructure, especially data relating to cable locations.
Janne Allonen, head of Traficom's cybersecurity center, commented on the matter, emphasizing the importance of these location details for preventing mishaps and ensuring maritime safety. He stated, "The idea has been for these details to be available for good, but obviously, when the information is public, it can also be used for malicious purposes." His remarks point toward the necessity of reassessing the openness of cable location data to safeguard against future incidents.
Since the incident with Eagle S, which has been detained by the authorities, discussions about the future of cable location transparency are underway. Ussa notes the current administration’s responsiveness toward this pressing concern, expressing hope for future amendments to how cable location data is handled. After the Russian invasion, it has become increasingly clear how delicate matters of transparency versus security truly are.
Endorsing the already established change, the recent energy efficiency law discussions reflect this shift, signaling relevant policy adjustments aiming to bolster national security by limiting sensitive data dissemination. For example, new regulations suggest exact addresses of data centers need not be disclosed publicly, limiting exposure.
Ussa suggested caution, asserting the need for judicious data sharing practices, noting, "We need to send signals indicating we're not willing to just hand out this information on silver platters anymore. New data should no longer be registered openly." This comprehensive focus on safeguarding Finland’s infrastructure reflects not only lessons learned from recent events but also the progress needed to adapt to heightened awareness of security threats.
The vulnerabilities surrounding Finland’s cable infrastructure expose significant gaps and raise serious questions about national security policies related to data openness and transparency. Finland’s approach must evolve to face increasingly complex threats, rethinking how valuable information about its infrastructure is shared publicly.