In recent years, the concept of national resilience has moved from the margins of policy debate to its centre. Governments across the NATO alliance and beyond have come to recognise that resilience, defined by the UK Government’s Resilience Action Plan as the ability to anticipate, assess, prevent, mitigate, respond to and recover from disruptive events, extends well beyond the traditional boundaries of defence and security. It encompasses energy systems, communications networks, transportation infrastructure and the full spectrum of critical national infrastructure upon which modern economies and societies depend.

This shift in thinking reflects an uncomfortable recognition: that the vulnerabilities of a nation are no longer measured solely by the strength of its armed forces.

They are measured equally by the robustness of the infrastructure that keeps the lights on, goods moving, data flowing and governments functioning. And increasingly, many of those vulnerabilities lie beneath the surface of the sea.

When infrastructure fails, nations feel it

The events of recent years have made this argument with uncomfortable clarity.

In September 2022, the deliberate destruction of the Nord Stream pipelines removed a significant portion of European gas transmission capacity overnight. Whatever the ultimate attribution, the strategic message was unambiguous: critical underwater infrastructure, however vital, is not beyond reach. The incident prompted urgent reviews of infrastructure vulnerability across NATO member states and accelerated conversations about resilience that had previously moved at a far more leisurely pace.

In the Baltic Sea, a series of subsea cable incidents throughout 2023 and 2024 disrupted communications links between NATO members and triggered the deployment of naval assets to monitor and protect infrastructure that had previously been considered low risk. Subsea cables carry approximately 95 per cent of global internet traffic and international data flows. When they are damaged, whether through accident, negligence or deliberate action, the consequences extend far beyond the immediate disruption. Financial systems, government communications, military command networks and civilian digital infrastructure all depend on their integrity.

In the Red Sea, Houthi forces demonstrated that relatively accessible technology could be used to threaten one of the world’s most strategically important maritime corridors. The disruption to global shipping that followed was a reminder that maritime infrastructure is not merely an economic asset, it is a component of national and international resilience whose loss carries consequences felt by consumers, industries and governments far removed from the point of attack.

These are not isolated incidents. They are a pattern, and that pattern is concentrating minds at the highest levels of government and industry.

Why Critical National Infrastructure (CNI) is so difficult to defend beneath the surface

Understanding the scale of the challenge requires an honest assessment of what critical maritime infrastructure actually comprises and why it matters.

Ports and commercial harbours are the arteries of national trade. The UK alone handles over 480 million tonnes of freight annually, the overwhelming majority of it passing through a small number of major port facilities. A successful attack on the underwater infrastructure of a major port, its quay structures, berthing systems, underwater pipework or navigation channels, could close that facility for days or weeks, with cascading effects on supply chains, manufacturing, retail and the wider economy.

Offshore energy installations, oil and gas platforms, floating production facilities and increasingly offshore wind farms, represent a growing share of national energy generation and supply. Their underwater infrastructure, including risers, export cables and mooring systems, is extensive, difficult to inspect routinely and largely unmonitored from a security perspective. Disruption to these assets does not merely affect the operator; it affects energy security at a national level.

Subsea communications cables are perhaps the most underappreciated component of national resilience. These systems are not redundant in any meaningful operational sense. Damage to a small number of cables serving a particular region or routing configuration can cause significant degradation to communications capacity, with effects that extend across sectors and borders.

Naval facilities require no such explanation for a defence audience, but their importance to national deterrence, operational capability and alliance commitments makes their protection a strategic imperative of the first order.

What these assets share, beyond their individual importance, is a common vulnerability: their underwater approaches are, in most cases, the least observed and least protected dimension of their security.

The threat below the waterline

The range of threats that can exploit that vulnerability has expanded considerably in recent years.

Combat divers and special operations swimmers remain relevant across a range of scenarios, particularly in the context of naval facility protection and port security. These threats are not new, but the capabilities available to adversaries, including closed circuit rebreathers, swimmer delivery vehicles and precision navigation systems, have continued to advance.

Autonomous underwater vehicles represent a qualitatively different and rapidly growing challenge. AUVs and UUVs can operate without a human operator in the immediate vicinity, can be pre programmed and launched from a vessel outside a security zone, and can approach a target from any direction and depth. Their acoustic signature is typically low. Their size makes visual detection unreliable. And their potential payloads range from intelligence gathering sensors to devices capable of causing physical damage.

Commercial AUV technology, originally developed for hydrographic survey and offshore inspection, has proliferated to the point where capable systems are now accessible to a far wider range of actors than was conceivable a decade ago. State actors have invested in purpose built systems for covert underwater operations. Below the state level, the barrier to entry has lowered considerably. Neither category of threat is well addressed by conventional surface focused security measures.

The underwater environment compounds these challenges further. Acoustic detection, the primary means by which underwater contacts can be identified at operationally useful ranges, is affected by water temperature gradients, salinity layers, background shipping noise and the physical characteristics of the operating environment. These factors vary between locations and can change significantly with season and weather. Effective underwater monitoring requires systems and operators calibrated to the specific conditions of each deployment, not generic solutions applied uniformly.

The cost of not looking

The consequences of inadequate underwater situational awareness are, at their most serious, irreversible.

An undetected approach to a naval vessel or port facility by a diver or autonomous system could result in the loss of a high value asset, disruption to critical operations or, in the worst case, casualties. The intelligence value of undetected reconnaissance, an AUV mapping the underwater profile of a naval facility or the layout of a subsea pipeline, may not be apparent until it informs a subsequent and more damaging operation. Damage to subsea infrastructure, particularly where no monitoring data exists to distinguish deliberate action from mechanical failure, creates not just an operational problem but an attribution problem, one that complicates response, recovery and deterrence.

The economic consequences of disruption to critical maritime infrastructure can be substantial. The reputational and political consequences, where a government or operator is seen to have failed to protect assets of national importance, compound them.

“An approaching threat could reach a critical asset undetected, simply because no one was looking beneath the surface.” Ioseba Tena, Chief Commercial Officer, Forcys

For many port authorities, offshore operators and even some naval facilities, that observation reflects the current reality. The underwater domain remains the dimension of their security for which they have the least visibility and, in many cases, no dedicated monitoring capability at all.

Proven solutions: What effective underwater security requires

Addressing this gap requires a clear understanding of what effective underwater security actually demands in operational terms, before any conversation about specific systems or technologies.

Persistent awareness is the foundational requirement. Underwater threats do not operate to predictable schedules, and periodic surveys or intermittent monitoring cannot substitute for continuous coverage of a protected area. The baseline acoustic environment of a location must be understood well enough that deviations from it can be identified promptly and reliably.

Detection must be accompanied by classification. An acoustic monitoring system that generates an alert for every contact, including shipping noise, marine life and environmental transients, will quickly become operationally counterproductive. The ability to distinguish between threat categories and to prioritise alerts accordingly is what separates a genuine decision support capability from a source of background noise.

Early warning determines whether detection translates into effective response. A system that identifies a threat once it has already reached its objective provides limited operational value. Detection at ranges that allow security teams adequate time to assess, decide and act is a fundamental performance requirement, not an aspirational feature.

Finally, flexibility in deployment reflects the operational reality that not every facility requiring underwater protection can support a permanent fixed installation. Military forces on expeditionary operations, operators responding to elevated threat periods and organisations protecting temporary or remote infrastructure all require solutions that can be established quickly, adapted to changing requirements and redeployed as the operational picture evolves.

These requirements are well established in operational practice, and proven solutions exist that address them comprehensively.

Sentinel, developed by Forcys, is the world’s most deployed underwater Intruder Detection Sonar, protecting critical infrastructure globally since 2008. Deployed across oil and gas facilities, nuclear installations, desalination plants, ports and harbours, military facilities and critical national infrastructure, it represents the kind of operationally validated capability that the requirements above demand, not a theoretical response to an emerging problem, but a proven system with a demonstrated record across the full spectrum of CNI protection environments.

Sentinel automatically detects, classifies and tracks underwater threats including divers, swimmer delivery vehicles and unmanned underwater vehicles. Its second generation system, incorporating SInAPS technology, extends detection ranges to 1,500 metres for mini submarines and 1,000 metres for divers, providing the early warning geometry that effective response requires. It is available as both a permanent installation and a portable, rapidly deployable solution, addressing the full range of operational contexts in which underwater security requirements arise.

The significance of a system with this depth of operational heritage lies not just in its technical capability but in what that heritage represents: evidence that the operational requirements outlined above can be met, reliably, in the conditions and environments where they are most needed.

Underwater security as a component of national resilience

The UK Government’s definition of resilience, the ability to anticipate, assess, prevent, mitigate, respond to and recover from disruptive events, provides a useful lens through which to evaluate the current state of underwater infrastructure protection.

Against that definition, the picture for many organisations is incomplete. The ability to anticipate and assess an underwater threat requires monitoring capability that most civilian CNI operators do not yet have. The ability to prevent or mitigate depends on early warning that cannot exist without detection. The ability to respond and recover is undermined when the source and nature of a disruption cannot be rapidly established.

Closing these gaps is not simply a matter of technology procurement. It requires a fundamental recognition that the underwater approaches to critical infrastructure are a security domain in their own right, one that demands the same sustained attention and investment as physical perimeter security, access control and cyber resilience.

As governments and regulators increasingly frame infrastructure protection within a resilience context, and as the events of recent years continue to demonstrate the real world consequences of underwater vulnerabilities, the pressure on operators to address this dimension of their security provision will only grow.

Underwater security is transitioning from a specialist military capability to a baseline requirement for any organisation responsible for critical national infrastructure. The organisations that recognise this shift early, and act on it with the same rigour they apply to more visible security challenges, will be materially better positioned to maintain operational continuity when the threat environment tests them.

The question is no longer whether the underwater domain requires attention. It is whether the organisations responsible for our most critical assets are prepared to look beneath the surface before an incident compels them to.