🎙️ Listen to a summary of this fortnight’s risks

Hello 👋 get a brew on because these are the top 3 emerging risks between November 24th, and December 8th, 2024…

1. Geopolitical | A single maritime incident has dramatically illuminated the fragile nature of subsea cables. The Chinese bulk carrier Yi Peng 3 became an unexpected vessel-of-interest in an era of geopolitical tension, exposing the weakness underpinning international communication. In November, the vessel navigated over undersea fibre optic cables in the Baltic Sea, dragging its anchor to sever communication lifelines and halt trillions of dollars in financial transactions and global telecommunications. This event suddenly transformed Yi Peng from anonymous conduits into a focal point of international strategic concern.
   
   This region is already heightened with strategic tension, particularly due to Russia's secretive GUGI unit which is known for deep-sea operations and suspected cable surveillance. This event has raised concerns about the potential for acts of sabotage to be quietly carried out through the vast interconnected labyrinth of subsea cables. We touch on this as our main story below.

2. Economic | We don't usually share Deep Dive stories in our fortnightly risk email (because there is always so much else going on), but our latest piece on the risks associated with semiconductor shortages has generated noticeable buzz. The exponential threat of a critical economic collapse, all resting on one Taiwanese manufacturer, is a crisis that many political giants are working to mitigate, but progress is slow. Since releasing the article, we've had several phone calls with clients about the realities of TSMC being disrupted. The argument is, "it hasn't happened yet." Fair, but it unfortunately it has. In 2020, TSMC was heavily impacted by COVID-19 restrictions, affecting the global car industry by an estimated $200 billion in lost sales.
   
   All eyes are on 2025, with a new U.S. Government aiming to be aggressive in its new tariffs against importers. That in addition to intelligence suggesting that China's military capabilities could be bolstered by 2027, we may inadvertently be witnessing the perfect storm. Would China obtain control of such a critical resource and monopolise it against trade partners? Who knows. But this is a risk worth putting at the top of your risk register. Low likelihood, sure, but the impacts would be devastating.

3. Technological | 1 billion: That's how many cyber attacks are hitting Amazon every day likely attributed to the advancement in AI technology. AI lowers the barrier for malicious actors to launch sophisticated attacks.
   

   But threats to a loss of data don't always come from bad actors, they can come from your service providers. Microsoft, for example, has faced scrutiny over its new "connected experiences" feature in Office 365, which is enabled by default and processes user data for improved functionality. While Microsoft denies using this data to train AI models without consent, the lack of transparency has triggered privacy concerns. Businesses relying on Microsoft’s ecosystem should review their privacy settings to ensure compliance with their data governance policies and protect sensitive information.
   
   It's not the only time Microsoft have been in the news since the Crowdstrike outage. On November 25th, their Exchange Online was out for 11 hours, affecting machines globally. Reviewing change management processes, cloud services, fallback plans, secondary comms tools, and local data access options are all measures to reduce impacts. This incident underlines the importance of regularly auditing third-party services to mitigate risks associated with data handling practices.

Our thoughts

First of all, welcome to all of our new subscribers from the last week. We really hope Unbreakable Ventures proves a valuable resource to you. In 2025, we’re excited to bring you some podcast interviews with industry professionals. If you’d like a chance to be interviewed or know someone who would be a great fit, let us know in the comments. And remember to share Unbreakable Ventures with your network. It helps us reach and help more people.

With that said, it's time to consider everything that's happening in the world. This fortnight, we're seeing disruptions in both the clouds, land, and sea.

Microsoft’s continued media attention should be warning to the 345 million Office 365 users relying on its service. Many felt that they avoided the impacts of Crowdstrike in July, but with additional outages occurring, that luck is unlikely to last. As Brad Law says,

Crowdstrike was a warning. A business continuity exercise. We have yet to see the big cyber event yet. But it’s coming.

The (unverified) news that Microsoft may be using subscriber data in training its own AI LLMs (like ChatGPT) is very concerning. And whilst they say this “absolutely is not” happening, there is no reason to assume it won’t eventually.

Amazon’s 1 billion-a-day cyber attacks is quite astonishing. But one Reddit user suggests those numbers reflect the reality of scale and what we’re all likely to experience.

These numbers are not surprising. …I build e-commerce sites. On large, popular e-commerce sites, I typically see 5-6 digits in the number of daily attempts. What I consider large is in the millions of dollars in sales annually. So if I see half a million attempts per day on a bad week, Amazon being in the billions of attempts seems reasonable. - Orstio on Reddit.

Remember: adopt AI-based defence tools, regularly update security patches, monitor login histories across email servers and educate employees.

We dive (pun intended) into the “accidental” sabotage of the Baltic Sea cables by a Chinese vessel below. Those in tech, telecoms, financial services, media, and transports and logistics need to use this opportunity to revisit your operational infrastructure and strategic planning.

Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗

How 'Yi Peng 3' surfaced the risks of global communication infrastructure

Category: Geopolitical

Review our report’s terminology here ↗

In summary: In a tense geopolitical landscape, the mysterious damage to two critical undersea fibre optic cables in the Baltic Sea has sparked international intrigue. On November 17-18, 2024, cables connecting Finland, Germany, Sweden, and Lithuania were compromised, with investigations centring on the Chinese bulk carrier Yi Peng 3, which was navigating the region at the time of the incidents (it’s still there in a stalemate situation). While the exact cause remains uncertain, the event has illuminated the fragile infrastructure that underpins global communication.

The incident emerges against a backdrop of escalating international tensions, with experts viewing the cable damage through the lens of "hybrid warfare" - a strategy of disruption that blurs traditional boundaries of conflict. Western intelligence agencies remain divided, with some suggesting accidental damage while others suspect deliberate sabotage. Sweden, Germany, and Lithuania have launched criminal investigations, and China has pledged cooperation. What remains clear is the strategic vulnerability of undersea communication networks - intricate lifelines that carry vast amounts of sensitive data and represent critical global infrastructure increasingly susceptible to geopolitical manoeuvre.

In this intricate dance of global security, the Yi Peng 3 incident reveals a profound vulnerability that transcends traditional conflict zones. Underwater sabotage emerges as a silent weapon, capable of destabilising entire communication ecosystems with surgical precision. Our global infrastructure demands a new paradigm: a comprehensive, adaptive approach that combines heightened surveillance, innovative protective measures, and unprecedented international cooperation. The cables that connect our world are more than mere technological conduits; they are the neural networks of global communication, requiring a sophisticated, unified defence strategy that transforms potential vulnerability into collective resilience.

Sources:

• Reuters | Sweden urges Chinese ship to return for undersea cable investigation | Published on 27-11-2024

• CNN | Exclusive: US sees increasing risk of Russian ‘sabotage’ of key undersea cables by secretive military unit | Published on 06-09-2024

• Business Insider | A secretive Russian submarine unit could sabotage the subsea network of cables that powers the internet | Published on 17-09-2024

• CSIS | Safeguarding Subsea Cables: Protecting Cyber Infrastructure amid Great Power Competition | Published on 16-08-2024

• Tech Informed | Protecting the internet: the threat to subsea cables | Published on 28-03-2024

• Al Jazeera | Are underwater pipelines, cables being sabotaged in the Baltic Sea? Why? | Published on 23-11-2024

You should be concerned if…

• Financial Services: Financial transactions rely critically on undersea cables, with major international banks moving approximately $3.9 trillion daily through these communication networks. A single cable disruption could trigger significant market instability and economic uncertainty.

• Telecommunications: Undersea cables form the global telecommunications backbone, carrying up to 25% of intercontinental internet and voice traffic. Cable damage can instantaneously sever communication routes between continents, highlighting the critical need for redundant communication infrastructure.

• Cloud and Technology: Cloud computing and data centres fundamentally depend on undersea cables for accessing remote servers and applications. As technologies like artificial intelligence expand, the vulnerability of these communication pathways becomes increasingly consequential.

• Media and Entertainment: Streaming services, gaming platforms, and digital content distribution rely on high-bandwidth undersea cable networks. Interruptions can immediately impact global entertainment experiences and potentially cause substantial revenue losses.

• Transportation and Logistics: Real-time tracking, supply chain coordination, and global logistics management increasingly depend on stable internet connections facilitated by undersea cables. Disruptions can create significant delays and increase operational costs across international transportation networks.

These items are generic assumptions. We recommend considering your own unique risk landscape against your critical dependencies. If you don’t know what they are, get in touch.

Disruption Risk

See all risk types here ↗

IT Communications Failure

• Inability to communicate internally or externally, leading to delays.

• Interrupted services and potential loss of clients due to communication breakdowns.

• Perception of unreliability by clients or partners.

Preventative actions

Build Redundancy

• Invest in alternative technologies like Low Earth Orbit (LEO) satellite communications to create robust backup communication systems.

• Develop multiple data transmission routes to minimize the risk of complete network failure during cable disruptions.

Develop Robust Network Infrastructure

• Implement edge computing to reduce reliance on international connectivity by processing data closer to local centres.

• Create comprehensive data backup and recovery systems to ensure business continuity during potential outages.

Strengthen Incident Response Plans

• Develop and regularly test disaster recovery plans with clear procedures for communication and alternative operational models.

• Establish alternative communication protocols to maintain stakeholder connectivity during network interruptions.

Consult ISP and Telecom Providers

• Proactively understand specific undersea cable routes used for international connectivity.

• Review service level agreements to ensure adequate protection and specified recovery times during potential disruptions.

Conduct Vendor Audits

• Examine cloud service providers' dependencies on undersea cable systems and their redundancy measures.

• Assess vendors' resilience plans and their ability to maintain service continuity during potential network failures.

Test Network Resilience

• Simulate cable outage scenarios to identify potential network bottlenecks and routing challenges.

• Conduct regular stress tests to understand infrastructure limits and proactively optimize network performance.

Need support?

At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unreasonable Ventures to support this channel.

Book your 30min call here