Christian Bueger

Keynote address at symposium of European Defence Agency


How can critical maritime infrastructure be better protected? On the 27th of April I addressed this questions at the 1st Symposium on Critical Maritime Infrastructure by the European Defence Agency. In my keynote I investigate the concept of critical maritime infrastructure and current proposals for enhancing their protection.

The concept of critical maritime infrastructures

Critical infrastructure continues to be a concept that is weakly defined. While definitions abound, which infrastructure is critical, and which one not, is highly context dependent. It is not a matter of technical considerations but of political choice.

Four key types of infrastructure in the maritime are often included in the discussion:

  • Energy infrastructure, including oil and gas platforms, windfarms, and the pipelines and electricity cables used to connect them to the land.
  • Communication infrastructure, that is the optic fiber cables through which digital data flows and on which the internet is based.
  • Shipping infrastructure, including ports, ships and the installations used for transporting goods.
  • Marine biodiversity: Given that for many countries marine ecosystems are vital for the economy and the population, nature can be included in a definition of infrastructure.

If and how these infrastructures (in particular the last one), are included in critical infrastructure protection highly differ across countries and regions. Importantly, these types of infrastructures are inter-dependent and what happens in one, does affect the other.

Such infrastructures can be subject to a wide range of threats, including:

  • Physical damages from deliberate acts of sabotage, accidents or natural disasters
  • Cyber attacks against the operating systems or connectivity.
  • Hybrid attacks in which different forms of attack are blended and the character of the attacks (e.g. whether it is deliberate) can be difficult to determine

Maritime infrastructures differ from those on land

Maritime and terrestrial infrastructures are often dealt with by the same policies or within the same programs. There are, however, fundamental differences, which imply that maritime infrastructures require specific and tailored protection.

First, the majority of maritime critical infrastructures involve a high level of legal complexity. The UN Convention on the law of the sea (UNCLOS) is the most fundamental legal regime. According to UNCLOS maritime infrastructures are situated in different zones, which gives countries particular legal responsibilities. The most important ones are the territorial waters, in which countries have full jurisdiction, the Exclusive Economic Zones in which countries have limited legal powers mainly pertaining to economic exploitation and environmental protection, and high seas, where regulatory powers are limited. The majority of maritime infrastructures involves more than one of these zones. If shipping is included under the concept of critical infrastructure protection, the picture further complicates, given the flag state principle of UNCLOS. Ships are under the jurisdiction of the state to which they are flagged, limiting the powers of coastal and port states. Depending on countries and regions, a phletora of other environmental or sector specific laws are relevant as well.

Second, the sea is a particular geo-physical environment. Maritime conditions, including the effect of weather and waves, but also the sheer vastness of ocean space, imply that infrastructures are more difficult to protect. Repairing failures is more costly, requires specialized equipment with limited availability and is highly weather dependent. Repair times are hence longer than those we find on land. Given there is less human activity at sea, and the scale of oceanic space, also surveillance is more difficult. If one includes underwater infrastructure, then these issues become even more prevalent, since in contrast to the surface, the subsea cannot be effectively monitored from the air or the maritime surface.

Third, the majority of maritime infrastructures are transnational, they connect or operate across more than one country. This is the most obvious for shipping given the main purpose of it is the trade across countries. Also data or electricity cables tend to pass through more than one country’s jurisdiction. This implies that countries need to collaborate in the protection of infrastructures through which they are connected. Protection of infrastructures at sea is hence highly dependent on the overall quality of relations between states, and if and how diplomatic relations consider infrastructures.

These conditions imply that tailored responses to maritime infrastructure protection are required that are likely to differ substantially from those on land.

How to protect maritime infrastructures

Since the September 2022 attacks on the North Stream pipeline in the Baltic Sea, much political attention has been given to critical maritime infrastructure protection. In Europe this has many useful proposals for improving protection. The current initiatives tend to have four components:

Cooperation between states and industry in order to develop best practices and exchange experiences and improve information sharing.

Surveillance and Maritime Domain Awareness programs aim at getting better in identifying suspicious activities and providing early warning mechanisms, including through better sensors and underwater capabilities.

Investments in repair capacities aim at reducing the likelihood of sabotage by decreasing the strategic value.

Exercises and so-called ‘stress tests” which aim at identifying the most vulnerable infrastructures and the damage caused by different scenarios.

Integration is not easy

The key challenge will however remain in how to identify and implement cross-sectoral responses to critical maritime infrastructure protection. The tasks sits between different policy fields and professions. It most notably sits between defence, diplomacy, maritime safety, maritime security, cyber security, and strategic autonomy, which is each a task handled by different departments, agencies and indeed also different groups of professionals.