David W. Opderbeck*
[This essay is available in PDF at this link]
Abstract
The seafloor and its communications infrastructure is a key warfare domain. The global Internet depends on networks of undersea transcontinental cables that are remarkably vulnerable to physical attacks by conventional forces and shadow fleets. Nearly all this infrastructure is privately owned by a small number of providers, including increasingly massive hyperscalers such as Google, Microsoft, and Meta. Responses to incidents that could either be attacks or unfortunate accidents are complicated by questions of intent and attribution as well as by applicable legal frameworks. The law of the sea embedded in the United Nations Convention on the Law of the Sea (UNCLOS) provides some legal touchpoints but these traditional regimes were not designed for the global Internet age. The law of armed conflict (LOAC) applicable to cyberspace as reflected in the Tallinn Manual in key respects is ambiguous concerning cables lying in international waters. This Article examines existing legal frameworks and suggests a multilayered approach that draws on Internet governance bodies, national licensing regimes, open-source monitoring, financial carrots and antitrust sticks, and modifications to UNCLOS, while also warning against some recent policy moves in the United States that would lead to greater fragmentation and less security. Ultimately there is no easy solution to this looming problem. It requires nuanced Internet governance and policy responses and international cooperation.
* Professor of Law and Co-Director, Gibbons Institute of Law, Science & Technology and Institute for Privacy Protection, Seton Hall University School of Law. Thanks to Peter Swire Kevin Frazier, Mailyn Fidler, Asaf Lubin, Gus Hurwitz, and the participants at the 2025 Cybersecurity Law and Policy Scholar’s Conference and Law and Technology Workshop for helpful comments on earlier drafts of this paper. Thanks also to Christina Borao for excellent research assistance.