Key takeaways:

- Preparedness part of resilience is a test in self-awareness and patience to practice endlessly.

- Vulnerability can also be reduced by preventing stratification of assets and balancing dependence.

- Deterrence by retribution is part of resilience building against hybrid threats.

Hybrid threats as a notoriously complex set of operations and strategic approaches have proven to be particularly difficult to plan for. This is because the attacker has an inherent advantage in that they can choose the target location, time, and the tools for the attack whereas the defender has to always secure all locations against all possible operations. The situation is particularly unfavorable in the case of critical undersea infrastructure because much of it lies outside territorial jurisdiction and defensive parameters. For these reasons, relying on defence isn’t an option and attackers know this, which highlights the importance of deterrence and general resilience.

Plausible and implausible deniability are part of hybridity. At times they are part of the function and sometimes just hedging against deterrence. Attributing the source of a hybrid attack does not help to defend anything, but it is good to do before retaliation, and it is often vital for third party relations. As such, attribution and other forms of strategic communication can influence resiliency in three ways: by helping to get disaster aid; balancing dependency by influencing suppliers on which both parties rely; and deterrence by ensuring that third parties and cyber vigilantism support the right side.

Resilience building aims at securing the continuous functioning of society. Resilience building against hybrid threats differs from disaster resiliency in that deterrence becomes a part of the picture. For this reason, resiliency against hybrid threats should be built targeting two things: very specific vulnerabilities (preparedness) and the threat source (deterrence). 

National preparedness is a test in self-awareness. Because everything cannot be secured, it is vital to know which vulnerabilities and dependencies are truly vital. This means production line- and component-level accuracy in preparing strategic stockpiles, backing-up source code, critical data, and blueprints in top security servers, and in maintaining situational awareness in where the know-how necessary for fixing disrupted systems is. Importantly, just having plans for all of this also isn’t enough, tireless practice is at least as important. A plan that isn’t enforceable in crisis timeliness is useless, but practice helps with simplifying it and it also helps key personnel to memorise it.

At a more general level, resilience building against hybrid threats can be summed in two strategic categories: preventing stratification of assets and balancing dependence. Preventing stratification can be achieved through reducing dependency, aka reducing the strategic value of an asset. In the case of critical maritime infrastructure, this means building capacity redundance, which is best done by maintaining older systems past their commercially viable service age to serve as emergency backup options, and by ensuring that the preliminary agreements with alternative suppliers have been signed. Balancing dependence means decreasing dependency on a risky supply and investing into what the other side depends on. In practice, this can mean subsidising alternative supply, blocking strategic asset grabs, and investing in the lock-in effects of what the attacker depends on.

Thus, resilience building against hybrid threats and geoeconomic statecraft are inherently interlinked, but as hinted above, there is also an important deterrence by retribution component. Indeed, retaliatory actions are an important counterpart to resilience building. Commonly retaliations are either public in the form of economic sanctions or well-hidden like asymmetric cyber sabotage, in which case it is the receiving nation’s decision whether to attribute retributions or not. Well-designed retaliation influences the associated cost-benefit calculus behind the hybrid strategy, just like hybrid attacks are designed to influence national policies. In this, hybrid is like any other avenue of statecraft.

Let’s now look at an example from the other side of the world, where Russia has repeatedly attacked Finnish and Baltic undersea infrastructure. The latest and most impactful attack happened already a year ago (December 25, 2024) when the Eagle S tanker dragged its anchor on the sea floor cutting the EstLink 2 electric cable and the C-lion1 data cable connecting Finland and Estonia. Because the timing can be verified to a second and satellite images easily identify present vessels, such operations rely on plausible deniability. For example, Eagle S was made in China, operated under the flag of the Cook Islands with a Georgian captain. It belonged to a UAE shipping company Caravella FZ LLC registered at a hotel in Dubai. The company had no other assets and was likely a straw owned by an Azerbaijani woman who also owned many other straw companies. The ship was also part of Russia’s so-called shadow fleet of uninsured ships trafficking sanctioned goods.

Just a month earlier a Chinese ship Yi Peng 3 had done a comparable but less costly attack, preceded by a series of similar attacks. Because of that, when Eagle S struck, Finland was ready. The ship was quickly seized and taken to a Finnish harbour, with crew incarcerated to wait adjudication. However, any consequences for Russia would have to come from retaliatory acts. Officially there were none.

In the case of the Eagle S attack and others like it, the target was likely the Baltic states’ ongoing works to synchronise their electric grid with the Continental European system. The project was completed on February 9^th, 2025, and the undersea sabotage attacks have since ceased. As Russia has not attributed any retaliatory actions, it is impossible to say whether they had any role in the decision to cease the attacks. However, it is reasonable to assume that the existence of redundancy in the electricity and data cable supply played a role in ensuring that Russia failed. At the very least they served to reduce the impact of the attacks. Fixing the infrastructure cost tens of millions of euros, and the price of electricity temporarily increased in the Baltic states, but because of redundance, no outages were caused nor functions disrupted.

South Korea is a veritable island similar to Finland in that the land border is far less usable than a coastline in terms of supply. Undersea connection to critical cloud services like internet traffic control, financial transaction verification, and cloud compute is critical for both nations. South Korea currently has 20 international subsea cables of varying capacity and presumably zero landline connections enabling connectivity. On top of that, the few intercontinental cables connecting East Asia with the U.S. where many critical servers reside are no less important.

These lessons indicate that to influence the cost-benefit calculus of a potential attacker against these strategic assets, Korea can: 1) ensure that data critical for continuous functioning of society, on which state and military capabilities also rely, are stored locally in such databanks that do not stop servicing the nation even during a major crisis. 2) Ensure that the required compute is similarly secured. 3) Practice tirelessly. 4) Invest in redundancy in digital connectivity. 5) Ensure sufficient retaliatory capabilities and political expertise to use them wisely. 6) Invest in hybrid preparedness statecraft to improve the required cost-benefit calculus capabilities to balance preparedness against the risks and to assess the viability of various retaliatory actions.