Ghost Guardians

Week 18 | April 2026

The Nord Stream pipeline explosions in September 2022 were a wake-up call that most of the relevant institutions hit the snooze button on. Three and a half years later, the Baltic Sea has recorded at least eleven incidents of suspected sabotage against subsea cables and pipelines. Seven of those happened between November 2024 and January 2026. The vessels suspected of causing the damage fly flags of convenience (Cook Islands, Malta, Saint Vincent and the Grenadines) and sail with crews from countries that have no obvious interest in cooperating with European prosecutors. The enforcement machinery built on UNCLOS assumptions of flag state cooperation is grinding, slowly, against a threat that moves in hours.

Meanwhile, the response is taking shape. Not in parliament or the IMO. In the water.

On February 25 this year, Germany took delivery of the BlueWhale, a five-and-a-half tonne autonomous underwater vehicle developed by Israel Aerospace Industries and ThyssenKrupp Marine Systems, at Eckernförde naval base on the Baltic coast. The same week, the UK Ministry of Defence awarded a £12.3 million contract to Kraken Technology Group for twenty uncrewed surface vessels under Project Beehive. In March, NATO's Task Force X-Baltic moved from its experimental phase to a formal Letter of Intent signed by eight Baltic allies to build nationally-owned, NATO-taskable autonomous surveillance fleets. And across the Atlantic, the US Navy scrapped its eight-month-old MASC program and replaced it with a production-ready marketplace for medium unmanned surface vessels, backed by $2.1 billion in already-appropriated funding.

The supply side is moving. Fast.

The demand side got its argument made for it in the Gulf. On March 27, CENTCOM confirmed that Global Autonomous Reconnaissance Craft (GARC drone boats) built by Maritime Applied Physics Corp., were conducting active patrols in the Strait of Hormuz under Operation Epic Fury. More than 450 hours underway. More than 2,200 nautical miles. The first confirmed use of uncrewed surface vessels by the United States in active combat operations. While commercial operators were abandoning crewed ships in the Gulf under Iranian interdiction, autonomous platforms were taking their place in the patrol line.

This piece maps the autonomous systems now being deployed or developed for subsea infrastructure protection in contested waters, the doctrine evolving around them, the legal and institutional frameworks that haven't kept up, and what it means for the NATO northern flank, which remains, despite three years of Baltic cable incidents, the most consequential test case.

The scale of Europe's subsea infrastructure dependence is worth grounding before anything else. The Baltic and North Sea floor is threaded with power cables, telecommunications lines, and gas pipelines that are not redundant in any meaningful operational sense. When the Estlink 2 power cable between Finland and Estonia was severed on Christmas Day 2024, allegedly by the Russian shadow fleet tanker Eagle S dragging its anchor across 60-plus kilometres of seabed, Estonia lost 27% of its electricity import capacity overnight. Repairs cost more than 60 million euros. The cable was offline for over seven months.

That’s not a nuisance. That’s infrastructure warfare.

The Baltic cable incident timeline tells its own story. In October 2023, the Newnew Polar Bear, a Chinese-flagged vessel departing a Russian port, severed the Balticconnector pipeline between Finland and Estonia alongside the EE-S1 telecommunications cable. China eventually acknowledged responsibility, calling it accidental. The captain of the vessel was arrested in Hong Kong in May 2025 and pleaded not guilty in February this year. In November 2024, the Yi Peng 3 was implicated in cutting two further cables (the BCS East-West Interlink and the C-Lion1), generating a month-long diplomatic standoff before Sweden found no conclusive evidence and released the ship. Then came the Eagle S. Then, on December 31, the Fitburg, flagged in Saint Vincent and the Grenadines, allegedly dragged an anchor from Saint Petersburg across the Elisa cable and two Arelion cables. Then the BCS East cable on January 2 of this year.

Eleven incidents since 2022. No state actor has been formally held accountable in any legal proceeding. The Estonian President called this a systemic threat. The Atlantic Council called it a Russian strategy. European prosecutors are building cases that stretch across multiple jurisdictions, flag states, and crew nationalities, each one a veto point in international law.

The enforcement gap is not incidental. It is structural. And it is the reason the autonomous systems' response matters: when legal machinery moves this slowly, the credible deterrent has to be operational.

The BlueWhale's delivery to Eckernförde on February 25 was the most significant single autonomous platform milestone in European NATO this year. The 10.9-metre vehicle weighs 5.5 tonnes, operates to 300 metres depth, and carries up to thirty days of endurance on a single deployment. Its sensor suite includes an Atlas Elektronik towed array sonar, active and passive flank array sonar, Kraken Robotics synthetic aperture sonar for seabed mapping and mine detection, and surface sensors including staring radar, electro-optical/infrared, and SIGINT via a patented telescopic mast. Two crew are required to operate it: a vehicle operator and a sonar specialist. It transports in a standard 40-foot shipping container.

The Baltic geography is the point. BlueWhale is specifically rated for shallow-water ASW operations, as close as ten to fifteen metres from shore. The Baltic averages 55 metres in depth across most of its surface. That combination of endurance, shallow-water capability, and seabed sensor suite makes BlueWhale the right tool for persistent cable and pipeline monitoring in contested European waters.

Greece is in advanced talks for up to ten units, driven by its Aegean confrontation with Turkish Reis-class submarines. IAI and Hellenic Aerospace Industry signed a memorandum of understanding at the DEFEA 2025 defence exhibition, with Greek media reporting potential initial procurement followed by co-production and technology transfer. The export pipeline is working. BlueWhale is not a prototype. It is a product.

The UK Ministry of Defence's £12.3 million contract with Kraken Technology Group, awarded March 5 and publicly announced March 11 of this year, is one of the more interesting procurement decisions of the year, precisely because of what it is not. It is not a capability purchase. It is a proving ground.

Twenty K3 Scout medium uncrewed surface vessels, assigned to the Coastal Forces Squadron and 47 Commando Royal Marines. The K3 Scout is 8.4 metres, rated to 55 knots, 650 nautical miles at 25 knots, 30-day endurance, and has a 600-kilogram modular payload bay. Built by a UK company founded around 2020 by Mal Crease, with a racing speedboat hull designed for low acoustic signature and composite construction. The autonomous operating system is Auterion. BlueHalo provides the AI and ML stack: HaloSwarm for multi-craft swarming and HaloNav for GPS-denied navigation. Twelve tenders went in; Kraken beat BAE Systems, Kongsberg, and L3Harris.

The explicit framing from Captain Adam Ballard RN was that Project Beehive "takes experimentation conducted by our Disruptive Capabilities team and immediately brings their learning through into operations." That language is deliberate. The Royal Navy is not buying a capability it has already defined. It is buying the ability to define the capability through operational experience. That is the unmanned proving ground concept.

Kraken Technology Group is a separate entity from Kraken Robotics Inc., the Canadian defence technology company trading on the TSX Venture Exchange. The two share a name and operate in adjacent spaces but are not related. Kraken Robotics, which supplies synthetic aperture sonar and subsea batteries to platforms including Australia's Ghost Shark, the Polish Navy, and Anduril, recently announced a $615 million acquisition of Covelya Group, the parent of Sonardyne International, in what would be a transformative expansion of its subsea intelligence capability. Worth watching as a convergence story: the sensor company and the platform company are both scaling simultaneously.

The most significant institutional development for autonomous infrastructure protection in the Baltic is not a platform. It is Task Force X-Baltic, and the scale of what it has already done is underreported.

In June 2025, NATO deployed more than 70 autonomous systems, air, surface, and undersea, over three weeks across the Baltic. Eight allied nations participated: Denmark, Finland, France, Germany, the Netherlands, Poland, Sweden, and the United States. These systems conducted persistent ISR patrols, chokepoint monitoring, and critical infrastructure surveillance, tracking hundreds of vessels daily, including Russian shadow fleet assets. The cost: roughly one-third of comparable coverage with crewed frigates.

Phase II followed in February 2026, when eight Baltic allies (Denmark, Estonia, Finland, Germany, Latvia, Lithuania, Poland, and Sweden) signed a Letter of Intent to transition from experimentation to nationally-owned, NATO-taskable capabilities. Regional operations centres are planned in Denmark and Sweden by mid-2026, with a broader command framework in Germany. Individual nations are moving: Sweden has stood up its own TFX programme, Latvia created a national competence centre, and Denmark is building dedicated institutions.

The structure emerging from TFX-Baltic is not a joint NATO fleet of autonomous vessels. It is a distributed network of nationally-owned assets operating under a shared doctrine framework: persistent surveillance, data sharing, and cueing of manned response. That architecture has a direct analogue in subsea cable protection: continuous monitoring, anomaly detection, and rapid cueing of intervention forces when something goes wrong. The doctrine is there. The legal authority to act on what the systems detect is still catching up.

Sweden is doing more than attending NATO exercises. Saab's autonomous underwater system portfolio is quietly one of the most mature in the alliance.

The Sabertooth, a hybrid AUV/ROV produced by Saab Seaeye, can reside at a subsea docking station for over six months without maintenance, with battery recharging and satellite data upload, and conduct autonomous surveys of up to 50 kilometres per dive. PXGEO ordered more than twenty of them for offshore seismic survey operations. At MSPO 2025, Saab's Baltic expert explicitly positioned Sabertooth for cable and pipeline protection: geofencing around critical infrastructure corridors, persistent patrol, and anomaly detection.

The Autonomous Ocean Drone, internally called the LUUV, is further out but more significant. Sweden's defence procurement agency awarded Saab a 60 million kronor contract in August 2025 to develop the system: 6.5 metres, 500-metre depth, 14 kilometres per hour, designed to launch from the A26 Blekinge-class submarine's multi-mission portal while submerged. Sea trials are on track for summer 2026. That capability, a submarine deploying an autonomous infrastructure monitoring platform without surfacing, is where the technology is going.

Saab is also leading NATO's Allied Underwater Battlespace Mission Network consortium, selected in July 2025, with twelve sponsoring nations including the UK, US, Australia, Sweden, Germany, and five others. The mandate: design a reference architecture for integrating crewed and uncrewed systems across the underwater battlespace. When that architecture becomes a NATO standard, and it will, it sets the template for how every allied navy handles autonomous subsea infrastructure protection.

The autonomous platforms described above are the kinetic end of the problem: getting sensors into the water and keeping them there. There is a prior question: how do you know something is wrong before it has already happened?

The answer, increasingly, is that the cable itself is the sensor.

Indeximate is a UK startup founded in 2022 by Dr Chris Minto, Dr Alastair Godfrey, and Paul Clarkson. Minto brings twenty-five years of experience in acoustics and fibre sensing. Godfrey holds over forty granted patents across technology innovation and IP. Clarkson developed the company's two core technologies. It is backed by Propeller Ventures, the Boston-based ocean-climate fund.

What Indeximate does: Distributed Acoustic Sensing, applied to the existing optical fibres already embedded in subsea power cables. Every subsea power cable contains spare fibres (dark fibre, installed but unused). Indeximate's system repurposes those fibres as a continuous sensor array, sampling at 2,000 times per second at ten-metre intervals along the entire cable length, detecting strain, vibration, movement, abrasion, and acoustic signatures. The data is compressed at the point of acquisition by Indeximate's proprietary Indeximation technology and streamed to cloud analytics over a standard 4G connection as low as one megabyte per second. No cable modification. No downtime.

The deployed customer base so far is civilian energy: RWE's Arkona offshore wind farm in the German Baltic over the winter of 2024-25, Scottish and Southern Electricity Networks' Orkney cables, and the MeyGen tidal array in the Pentland Firth. In December 2025, DNV issued a Statement of Feasibility for Indeximate's Scattersphere analytics platform, the first step toward full technology qualification.

The dual-use argument is the interesting part, and Indeximate's co-founder, Dr Chris Minto, has made it explicitly. The same data stream that detects cable fatigue and abrasion for a commercial operator can detect anchor drag events and acoustic vessel signatures for a national security purpose. In February 2026, the STFC Hartree Centre, a UK government research facility, published a case study describing collaborative work with Indeximate applying machine learning to DAS data for real-time vessel detection near subsea cables. That is not commercial cable health monitoring. That is a surveillance system for ships that get too close.

Indeximate's own position paper calls for a dual-use economic model: cable operators pay for health monitoring, governments receive the security-relevant data stream. The UNCLOS gap in international waters remains unresolved; Dr Minto explicitly calls for treaty updates. But in national or territorial waters, the model is technically ready. The regulatory framework for who receives what data, and what authority they can act on it with, has not been written.

Orpheus Ocean is solving a different part of the problem. The company, founded in June 2024 in New Bedford, Massachusetts, licenses technology from Woods Hole Oceanographic Institution, originally developed in collaboration with NASA's Jet Propulsion Laboratory.

The Orpheus AUV is rated to 6,000 metres depth in its V1 commercial configuration; the WHOI design goes to 11,000 metres at full ocean depth. At 550 pounds and 60 inches long, it is compact and deployable from relatively small vessels. The navigation system draws on the same visual-inertial odometry that JPL used for the Mars Perseverance rover and Ingenuity helicopter, providing terrain-relative navigation using cameras to identify seafloor features and build 3D maps. Endurance in passive monitoring mode is 24 to 96 hours.

The infrastructure protection use case is straightforward: persistent loitering surveillance at depth, in environments where no other AUV routinely operates. The Baltic is relatively shallow for Orpheus's capabilities. But the North Sea, the Norwegian margin, and the cable routes connecting Europe to North America run through deep water that current naval surveillance platforms do not persistently monitor. Orpheus CEO Jake Russell has described the defence potential directly: a network of vehicles that can loiter for weeks, detect anomalies, and mobilise to investigate.

The Office of Naval Research co-sponsored the 2025 Mariana Islands expedition, where Orpheus reached approximately 5,645 metres depth, the deepest operational test of the platform to date.

Orpheus raised $2.8 million in pre-seed funding in March 2025, led by Propeller Ventures. Like Indeximate, it is early-stage. Unlike Indeximate, the physical platform is proven at depth. What it lacks is a direct customer in the infrastructure protection mission. That remains aspirational.

Ocean Infinity is in a different category entirely. The company completed delivery of its Armada fleet, fourteen purpose-built survey vessels ranging from 78 to 86 metres, in December 2025. These are not drone boats. They are lean-crewed motherships, each capable of deploying multiple high-endurance AUVs, operated remotely from onshore command centres in Southampton and Gothenburg. The company holds what it describes as the world's largest fleet of full-capability deep-water AUVs, rated to 6,000 metres depth.

The relevant development for this piece is the Helsing partnership announced in April 2025. Ocean Infinity joined Helsing, the AI defence company, alongside Blue Ocean Marine Tech Systems and QinetiQ, explicitly targeting three mission types: Critical Undersea Infrastructure protection, intelligence, surveillance, and reconnaissance, and anti-submarine warfare. By September 2025, the consortium had completed at-sea trials at BUTEC, the British Underwater Test and Evaluation Centre off Scotland, and multi-glider trials with Helsing's SG-1 Fathom acoustic surveillance platform.

Ocean Infinity's president of technology described the partnership's purpose directly: solutions for ISR, ASW, and CUI missions using commercially proven technology. That is not a civilian survey company doing defence work on the side. That is a deliberate pivot toward the infrastructure protection mission, using a fleet that already has the hardware deployed and operating.

Ocean Infinity also acquired Ambrey, the maritime security firm founded in 2010 at the peak of Somali piracy, in 2021. That acquisition, referenced in last week's deep dive on autonomous vessel security doctrine, gives Ocean Infinity a maritime domain awareness capability alongside its autonomous survey fleet. It is the most complete private sector answer to the infrastructure protection problem currently in operation.

The Strait of Hormuz and the Baltic Sea are 7,000 kilometres apart and facing different threats. The logic connecting them is identical.

On March 27, CENTCOM confirmed that GARC autonomous drone boats produced by Maritime Applied Physics Corp. were on active patrol in the Strait of Hormuz under Operation Epic Fury. More than 450 underway hours, more than 2,200 nautical miles. The US Navy described it as a critical milestone: the first confirmed use of uncrewed surface vessels in active combat operations by the United States.

The GARC is a 4.8-metre craft running at 22 knots cruise, 40 knots sprint, with a 1,000-pound payload and up to 700 nautical miles range. It uses the MAPC2 autonomy stack for mission planning and navigation. No weapons have been publicly confirmed on the deployed platforms. What they are doing is persistent patrol and domain awareness in waters where sending a crewed vessel means sending a sailor into a maritime environment where Iran has attacked commercial ships at least twice since hostilities began in late February.

That is the demand-side argument for autonomous infrastructure protection systems, made operational. The crew is the vulnerability. Remove it and the calculus changes, not just on economics but on operational willingness. Navies and operators will accept a persistence mission that exhausts and endangers crews if you take the crew out of the equation.

The Suffren/Razorback trial, completed in the same week, reinforces the trajectory at the subsurface level. Between March 16 and 20, a French Navy Suffren-class nuclear attack submarine launched and recovered a US Navy Razorback UUV while remaining submerged off Toulon. It was the first time a French SSN had operated a US autonomous system. The Razorback is a military variant of the REMUS 620, developed by Huntington Ingalls Industries, deployed from a Dry Deck Shelter on the submarine's aft deck. The US Navy's UUVGRU-1 and UUVRON-1 participated. The framing from CENTCOM: the ability to deploy US assets from allied submarines expands operational reach and enhances collective undersea warfare capabilities.

A submarine deploying an autonomous sensor into infrastructure-rich waters without surfacing is not a concept demonstration. It is the architecture of persistent undersea surveillance made real. Task Force X-Baltic proved it at the surface and subsurface level across 70-plus systems in June 2025. The Suffren/Razorback trial proved it at the submarine integration level in March 2026. The GARC deployment proved it under fire in the Gulf. The question is no longer whether autonomous systems can do this work. The question is who builds the doctrine and legal authority around what they detect.

Here is the problem in its sharpest form.

On Christmas Day 2024, Finnish authorities intercepted the Eagle S, a Cook Islands-flagged tanker and part of Russia's shadow fleet, after it severed the Estlink 2 power cable and four telecommunications cables. Finnish special forces boarded the vessel. Equipment consistent with surveillance and sabotage was found aboard. Charges were filed in August 2025. In October 2025, the Helsinki District Court dismissed the case.

The reason: UNCLOS Article 97(1). Jurisdiction in a collision or navigational incident on the high seas lies with the flag state or the state of crew nationality. The flag state was Cook Islands. Finland was ordered to pay approximately 195,000 euros in defence legal costs. The Eagle S was released.

No legal proceeding has formally attributed any Baltic cable incident to a state actor. Not the Balticconnector pipeline in 2023. Not the Yi Peng 3 in November 2024. Not the Eagle S on Christmas Day. The enforcement machinery built on UNCLOS assumptions about flag state cooperation is structurally unable to address grey-zone maritime sabotage conducted by vessels of convenience.

NATO Secretary General Rutte said in January 2025 that ship captains responsible for infrastructure damage would face boarding, impounding, and arrest. What the Eagle S case demonstrated is that the legal basis for that response in international waters, against a vessel flagged in a non-NATO state, is deeply contested. Saying it and being able to do it are different things.

The EU Action Plan on Cable Security, published in February 2025, establishes a two-year framework covering prevention, detection, response, recovery, and deterrence. NATO's Maritime Centre for Security of Critical Undersea Infrastructure coordinates intelligence. The CUI-Network expanded its Mediterranean focus in November 2025. These are the right institutional moves. But none of them resolve the fundamental UNCLOS problem: if you detect an act of sabotage by a foreign-flagged vessel in international waters and the flag state will not cooperate, your legal options are narrow.

The autonomous systems layer changes the detection side of this equation dramatically. Persistent surveillance, acoustic, optical, electromagnetic, means anchors don't drag across cables undetected. It means vessel behaviour in cable corridors can be logged, timestamped, and correlated. It does not, on its own, mean you can legally intercept the vessel doing the dragging. Dr Minto is right to call for UNCLOS updates. Until those updates happen, the gap between what autonomous systems can see and what legal authorities can act on remains the critical vulnerability in the infrastructure protection architecture.

The technology gap between what is possible and what is deployed is close to zero. The institutional gap is everything.

Task Force X-Baltic demonstrated in June 2025 that 70-plus autonomous systems can monitor the Baltic at one-third the cost of crewed frigate coverage, tracking shadow fleet vessels and generating actionable intelligence. The technology works. What does not yet exist is the legal framework for acting on what those systems detect in international waters, the incident response protocols when an autonomous system detects an anchor drag in real time, or the diplomatic architecture for compelling flag state accountability.

The DIODON Vigilansea project, launched in March 2026, is developing exactly the persistent surveillance layer that TFX-Baltic demonstrated: a French program combining USV-mounted drone stations with long-endurance maritime UAVs for zero-human-intervention patrol cycles. France's DGA is funding it. The NATO framing is explicit. This is the pattern: national programs building toward a shared NATO-standard architecture. Saab is doing the same with the LUUV and the Allied Underwater Battlespace Mission Network. The UK is doing it with Project Beehive.

Three things are needed that are not being built quickly enough.

The first is a legal framework for autonomous system detection as evidence. When a BlueWhale or a Sabertooth logs an acoustic event consistent with an anchor drag in a cable protection zone, that data needs a clear evidentiary status and a defined chain of custody. This does not exist. UNCLOS was written in an era when evidence of maritime sabotage came from human witnesses and vessel logs. The transition to machine-generated evidence (timestamped, georeferenced, sensor-certified) requires treaty-level recognition.

The second is intervention authority in cable protection zones. Several Baltic nations are exploring formal exclusion zones around critical infrastructure. Estonia, Latvia, and Lithuania have discussed this. What has not been resolved is what authority a coastal or allied state has to board and inspect a foreign-flagged vessel found manoeuvring suspiciously in such a zone in international waters. The answer under the current UNCLOS is very little. A revision of Article 97 to address infrastructure protection, or a supplementary agreement among NATO Baltic allies, is the most direct path.

The third is integration between the civilian monitoring layer and the military response layer. Indeximate's DAS cable monitoring can detect an anchor drag in real time. A Saab Sabertooth loitering in the cable corridor can visually identify the vessel. A Kraken K3 Scout USV can move to intercept within minutes. None of these three systems currently talk to each other in a defined doctrine framework. The technology stack for that integration exists. The command and control architecture and the legal authority for the civilian-to-military handoff do not.

Norway is furthest along on the regulatory framework for autonomous maritime operations, and has structured bilateral cooperation with NATO on undersea surveillance. But Norway's framework is focused on navigation and commercial operations, not security doctrine. The gap between the most advanced autonomous vessel regulatory environment in the world and what is needed for infrastructure protection is still substantial.

Eleven Baltic cable incidents in three years. Zero successful prosecutions. One Christmas Day cable cut, a ship boarded with surveillance equipment found, charges filed, case dismissed.

The autonomous systems being deployed in response, BlueWhale at Eckernförde, Beehive USVs to 47 Commando, TFX-Baltic's 70-plus platform network, Indeximate's DAS monitoring on North Sea cables, Ocean Infinity's Helsing-partnered CUI fleet: these represent a genuine operational shift. These are not demonstrations. Several of them are already in the water, doing the work.

What the GARC deployment in Hormuz adds, and what the Suffren/Razorback trial adds, is proof of trajectory. The US Navy sent autonomous surface vessels into an active conflict because the alternative, crewed vessels in a missile threat environment, was operationally unacceptable. A French SSN launched a US autonomous system from submerged because expanding detection range without surfacing is now operationally necessary. Both developments happened in March 2026. Neither is directly about Baltic cable protection. Both are about the same underlying shift: autonomous systems are taking over the persistent, high-risk, low-intervention mission profile that has always been the bottleneck for crewed naval operations.

The Baltic is the test case. Not because it is the most dangerous maritime environment (it is not) but because it has the highest concentration of critical infrastructure, the most active grey-zone sabotage campaign, and the most advanced national frameworks for autonomous maritime operations. If the institutional framework for autonomous infrastructure protection gets built anywhere first, it is in the northern European theatre.

The technology gap is closing. The institutional gap, covering detection authority, evidence standards, intervention rights, and civilian-military integration, is not closing at the same pace. That gap is the operational risk. Not a malfunctioning AUV. Not a communications failure. The scenario where a BlueWhale detects an Eagle S dragging its anchor toward a cable, transmits the data in real time, and the legal authority to intercept the vessel does not exist. That is the scenario worth preparing for.

It is already the scenario that happened on Christmas Day 2024. The autonomous systems layer just was not there yet.

Norway has spent seven years building the world's most advanced autonomous vessel regulatory framework. Yara Birkeland is operational. Four autonomous ferries are due for certification by 2028. What did Canberra and London miss, and is it too late to copy it?

Since you have been, thanks for reading.

Cheers,

Mick

Ocean Tech Intelligence provides informational analysis only. Nothing in this publication constitutes financial, investment, legal, or strategic advice. Readers act on this content at their own risk. For full details see our Disclaimer.