Last week, we highlighted how the recent CrowdStrike disruption underscored the complexity of today’s global digital infrastructure. This week, we draw attention to shifting norms in nation-state sabotage of infrastructure and implications for the private sector.
Please subscribe to read future issues — and forward this newsletter to interested colleagues.
Contact us directly with any comments or questions: [email protected]
Insight Focus | The Escalation of Nation-State Sabotage and Its Implications for the Private Sector
Intelligence and security reports indicate a marked increase in sabotage and “gray-zone” or “hybrid” attacks across Europe and potentially targeting the United States. These activities, primarily attributed to Russia and China, represent an evolution in geopolitical conflict that falls below the threshold of traditional warfare, but poses risks to national security and economic stability.
In a disturbing series of incidents surrounding the 2024 Paris Olympics, France has experienced multiple acts of sabotage targeting critical infrastructure, raising serious concerns about security and the potential involvement of extremist groups.
In May, French authorities arrested a man from Chechnya suspected of plotting to attack Olympic soccer events. On the eve of the Olympic Games opening ceremony, France’s high-speed rail network was hit by coordinated attacks. Saboteurs struck signal substations and cables at critical points on three main lines in the west, north, and east of France. The attacks caused widespread travel chaos, affecting an estimated 800,000 travelers, including 100,000 whose trains were canceled outright.
Just days after the rail network attacks, France’s fiber optic networks were targeted in what authorities described as acts of “vandalism.” The incidents affected telecommunications operators in at least six areas across the country, including the region around Marseille, which is hosting Olympic football and sailing competitions. Large sections of cables were cut, impacting fixed and mobile phone lines as well as internet services. While the full scale of the impact remains unclear, telecom operator SFR reported that around 10,000 fixed-line customers were affected.
French authorities have launched criminal investigations into both sets of incidents. Interior Minister Gérald Darmanin stated that the rail attacks were “deliberate, very precise, extremely well-targeted,” suggesting they were “the traditional type of action of the ultra-left.” However, he cautioned that while they have “identified the profiles of several people” who may be close to far-left movements, they must remain cautious about attributing responsibility.
On July 31, French authorities arrested an activist at a site belonging to the national rail operator SNCF. The suspect reportedly had access keys to SNCF technical premises, tools, and literature linked to the ultra-left.
Sabotage activity isn’t new, however, after the Nord Stream 2 pipeline sabotage in September 2022, a U.K. subsea fiber cable linking Shetland Islands to Scotland was damaged and three important cables in the south of France were cut simultaneously, causing a sharp drop in internet access speed for Europe, Asia, and the United States.
Earlier that year in April, an unknown attacker cut crucial long-distance internet cables across multiple sites near Paris. The sabotage caused severe disruptions to ten internet and infrastructure companies, including ISPs and cable owners. The attack was well planned and surgically executed in the span of two hours.
Geopolitical Context
These incidents occur against a backdrop of increasing geopolitical tensions and a rise in nation-state sabotage activities across Europe. Intelligence agencies from multiple European countries have warned their governments that Russia, in particular, is plotting violent acts of sabotage across the continent as part of a strategy of permanent conflict with the West.
Recent examples of suspected Russian-linked sabotage include:
- An arson attack on a Ukrainian-linked warehouse in London;
- Cyberattacks disrupting European railway networks;
- GPS signal jamming in Baltic states;
- Plots against U.S. military bases in Germany; and
- Fires and explosions in Riga, Latvia; Warsaw, Poland; Prague, Czech Republic; and Paris.
Russian sabotage efforts, primarily orchestrated by its military intelligence (GRU), have become increasingly sophisticated. These operations aim to: exert pressure on Western countries, impose costs on nations supporting Ukraine, potentially disrupt aid flows to Ukraine, and undermine public support for Ukraine, particularly during election periods. While Russian involvement has not been confirmed in the recent French incidents, the pattern of targeting critical infrastructure aligns with broader trends observed across Europe.
The threat is not limited to Russia. U.S. officials, including Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly, have warned of China’s growing capabilities to sabotage critical infrastructure. Chinese sabotage efforts rely heavily on cyber capabilities, with significant investments in developing cyber talent pipelines, vulnerability databases, and low observable techniques to penetrate and establish persistence inside operational networks. It is not clear to what extent these activities will be supplemented by physical sabotage facilitated by local agents, but it is likely such options will be developed to ensure operational effects when ordered.
China’s sabotage objectives include positioning for potential conflict scenarios with the United States (“battlefield preparation of the environment”) that hamper our and our allies’ military mobilization and to cause cascading disruptions to critical infrastructure that instills social panic and coerces political decision-makers in a crisis.
Sabotage Tactics
As norms against nation-state sabotage continue to deteriorate, western adversaries will adapt and broaden coercive and disruptive tactics that span physical and digital realms. State-backed groups and threat actors will continue to target critical infrastructure, aiming to disrupt essential services through cyber operations. Meanwhile, operatives conduct physical sabotage on key facilities and equipment owned and operated by the private sector or local utilities. We should expect to see an increase in:
- Cyber Operations – Targeting critical infrastructure, data theft, and system disruptions.
- Physical Sabotage – Arson attacks, explosions, and damage to key facilities.
- Proxy Operations – Utilizing local actors, diaspora groups, and criminal organizations to maintain plausible deniability.
- Information Warfare – Disseminating disinformation to undermine public trust and amplify social impact.
- Economic Disruption – Targeting businesses and economic infrastructure to create broader instability.
Conclusion
Private companies – especially those in critical sectors such as energy, telecoms, transportation, health care, water, ports, and finance – face heightened risk of becoming targets. Nation-state actors often view private sector entities as extensions of national interests, making them legitimate targets in geopolitical conflicts.
The diverse and evolving nature of sabotage tactics creates a multifaceted threat environment that is challenging to predict and mitigate. Beyond direct damages, sabotage attempts can have broader economic implications, disrupting supply chains, market dynamics, and customer relationships.
Intelligence capabilities are becoming vital for corporations. Organizations need to develop threat monitoring and analysis capacities, while collaborating with government agencies where appropriate. Regular scenario and crisis simulation is key to ensure effective response.
Collaboration is critical in this new security environment. Cross-sector partnerships and information sharing are now essential components of defense strategies against adversaries that view conflict as a “systems competition” and don’t shy away from targeting the West’s soft spots.
As geopolitical tensions continue to rise and digital dependencies deepen, companies must adapt their risk management strategies to address this new reality. Given the resources and determination of state actors, complete prevention may be unattainable. Therefore, the focus should be on minimizing potential impacts, ensuring rapid recovery, and contributing to broader national resilience efforts. The private sector’s role in this new security landscape is not just a matter of corporate responsibility, but increasingly one of national security importance.