Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.

Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with nato operation baltic sentry (2024), incident response plan activated with finnish national bureau of investigation (estlink 2 case), incident response plan activated with norwegian police (svalbard cable investigation), and third party assistance with marinetraffic (ship tracking data), third party assistance with open-source intelligence (osint) for trawler movements, and and containment measures with detention of *eagle s* vessel (later released), containment measures with increased maritime patrols (nato assets), and remediation measures with cable repairs (status unspecified), remediation measures with nato-industry collaboration for infrastructure resilience, and recovery measures with swedish military exercises (counter-sabotage drills), recovery measures with enhanced surveillance of undersea cables, and communication strategy with public statements by nato secretary general mark rutte, communication strategy with media interviews with lithuanian fm gabrielius landsbergis, communication strategy with cbs news investigative reports, and enhanced monitoring with nato naval drones and aircraft patrols, enhanced monitoring with national surveillance assets (unspecified)..

Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.

Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Anchor Drag Marks (Physical Damage)Vessel Loitering Near Cable Routes (Reconnaissance).

Incident Response Plan: The company's incident response plan is described as NATO Operation Baltic Sentry (2024), Finnish National Bureau of Investigation (Estlink 2 Case), Norwegian Police (Svalbard Cable Investigation), .

Third-Party Assistance: The company involves third-party assistance in incident response through MarineTraffic (Ship Tracking Data), Open-Source Intelligence (OSINT) for Trawler Movements, .

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Cable Repairs (Status Unspecified), NATO-Industry Collaboration for Infrastructure Resilience, .

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by detention of *eagle s* vessel (later released), increased maritime patrols (nato assets) and .

Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Swedish Military Exercises (Counter-Sabotage Drills), Enhanced Surveillance of Undersea Cables, .

Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Finnish Criminal Case Against *Eagle S* Crew (Dismissed), .

Key Lessons Learned: The key lessons learned from past incidents are Undersea Cables Are Vulnerable to Physical Sabotage in Shallow Waters,Hybrid Warfare Blurs Lines Between Cyber, Physical, and Psychological Attacks,Plausible Deniability via 'Shadow Fleet' Complicates Attribution,NATO Unity Is Critical to Deterring Further Escalation,Redundant Infrastructure Mitigates Operational Impact (e.g., Svalbard Cables).

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: CBS NewsUrl: https://www.cbsnews.comDate Accessed: 2024-11-00, and Source: Royal United Services Institute (RUSI)Url: https://rusi.orgDate Accessed: 2024-11-00, and Source: Finnish National Bureau of InvestigationUrl: https://poliisi.fiDate Accessed: 2024-10-00, and Source: Space Norway (Svalbard Cable Operator)Url: https://spacenorway.noDate Accessed: 2022-01-00, and Source: NATO Press Release (Operation Baltic Sentry)Url: https://www.nato.intDate Accessed: 2024-01-00.

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Statements By Nato Secretary General Mark Rutte, Media Interviews With Lithuanian Fm Gabrielius Landsbergis and Cbs News Investigative Reports.

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Nato Members Urged To Enhance Critical Infrastructure Protection, Baltic States Advised To Diversify Connectivity Routes and Energy And Telecom Sectors Warned Of Hybrid Threats.

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Marinetraffic (Ship Tracking Data), Open-Source Intelligence (Osint) For Trawler Movements, , Nato Naval Drones And Aircraft Patrols, National Surveillance Assets (Unspecified), .

Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Nato Operation Baltic Sentry (Maritime Patrols), Finnish Appeal Of Dismissed Charges Against *Eagle S* Crew, Swedish Counter-Sabotage Military Exercises, Proposed Nato Article 5 Clarifications For Hybrid Attacks, .

Last Attacking Group: The attacking group in the last incident were an Primary: Russian State-Affiliated Actors (Alleged)Secondary: ["Russian 'Shadow Fleet' Vessels (e.g., *Eagle S*)", 'Russian Fishing Trawlers (Svalbard Incident)', 'Ukrainian Citizens Linked to Russian Intelligence (Poland Rail Sabotage)']Denial: Russia denies all allegations and labeling them 'Russophobia'.

Most Recent Incident Detected: The most recent incident detected was on 2022-01-07.

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2022-02-00.

Most Significant System Affected: The most significant system affected in an incident was Estlink 2 (Finland-Estonia Power/Telecom Cable)Svalbard Undersea Cable System (Norway)Unspecified Telecom Cables in Gulf of Finland.

Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was marinetraffic (ship tracking data), open-source intelligence (osint) for trawler movements, .

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Detention of *Eagle S* Vessel (Later Released)Increased Maritime Patrols (NATO Assets).

Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Finnish Criminal Case Against *Eagle S* Crew (Dismissed), .

Most Significant Lesson Learned: The most significant lesson learned from past incidents was Redundant Infrastructure Mitigates Operational Impact (e.g., Svalbard Cables).

Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Increase Real-Time Monitoring of Undersea Cables with AI/ML Anomaly Detection, Deepen NATO-Industry Collaboration for Infrastructure Hardening, Clarify Thresholds for Invoking Article 5 in Hybrid Warfare Scenarios, Expand Maritime Domain Awareness in the Baltic Sea and Develop Rapid-Response Protocols for Cable Sabotage Incidents.

Most Recent Source: The most recent source of information about an incident are Finnish National Bureau of Investigation, Royal United Services Institute (RUSI), NATO Press Release (Operation Baltic Sentry), CBS News and Space Norway (Svalbard Cable Operator).

Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.cbsnews.com, https://rusi.org, https://poliisi.fi, https://spacenorway.no, https://www.nato.int .

Current Status of Most Recent Investigation: The current status of the most recent investigation is [{'case': 'Estlink 2 (Finland-Estonia)', 'status': 'Criminal Charges Dismissed (Prosecutors Appealing)'}, {'case': 'Svalbard Cable (Norway)', 'status': 'Closed (Lack of Evidence)'}, {'case': 'Polish Rail Sabotage', 'status': 'Ongoing (Suspects Identified)'}].

Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was NATO Members Urged to Enhance Critical Infrastructure Protection, Baltic States Advised to Diversify Connectivity Routes, Energy and Telecom Sectors Warned of Hybrid Threats, .

Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Svalbard Incident: >12 Trawler Passes Before DamageEagle S: Departed Ust-Luga on Day of Outage.