European energy security and the continent’s critical infrastructure are the core pillars of Transatlantic security. Safeguarding them is fundamental to ensuring democratic resilience and stability.

The growing wave of attacks across the continent by suspected Russian-recruited agents is becoming much more serious, and must soon be confronted by NATO allies with something more convincing than words.

Earlier this year, I attended an academic workshop in Bonn, Germany, focused on European energy security, including the Nord Stream 2 saga and the emerging trend of attacks against European infrastructure.

On the last day of the meeting, just after discussing the continent’s vulnerability to hybrid (or gray zone) threats and potential European Union (EU) and NATO responses, I turned to finding a ticket to the airport for my return flight to the US.

Logging onto the Deutsche Bahn mobile app to secure one of the regular high-speed trains to Frankfurt airport, I found a flurry of red text next to every departure. “Trip is not possible” and “Stop Cancelled” it said. The explanation was one I had not encountered before: “Problems due to vandalism.” Taking a slower train, I spotted news reports revealing the cause of the chaos: “Deliberate damage to the power lines,” which had been “tampered with” on the Cologne-to-Frankfurt high-speed ICE route, and “metal theft in the Siegburg/Bonn area.”

The irony was unmissable. Attacks on this key transit route meant I had to leave early from an event focused on policies to deter precisely such infrastructure attacks.

(Left) Detusche Bahn mobile app announcing rail closure on the Siegburg/Bonn to Frankfurt airport ICE rail line on 2 February 2024. (Middle) Bonn main train station. (Right) Alternative rail line along the Rhine River to Frankfurt airport. Images: Benjamin L. Schmitt/University of Pennsylvania
(Left) Detusche Bahn mobile app announcing rail closure on the Siegburg/Bonn to Frankfurt airport ICE rail line on 2 February 2024. (Middle) Bonn main train station. (Right) Alternative rail line along the Rhine River to Frankfurt airport. Images: Benjamin L. Schmitt/University of Pennsylvania

As sabotage goes, the broader impact was mild. There were no reported rail accidents or casualties, and the rail corridor was quickly repaired and reopened. I made my flight with a few minutes to spare. For the German public, the attack may have just blended into the ongoing delays already inundating their strike-ridden public transit network.

But viewed more broadly, this rail incident joins many others in Germany and across the EU since Russia’s full-scale invasion of Ukraine in February 2022. A similar attack took place in October 2022, just days after the blasts that damaged three of the four subsea trunklines of the Nord Stream 1 and 2 pipelines.

On that occasion, Deutsche Bahn was forced to halt rail traffic across much of Northern Germany after the near-simultaneous severing of primary and backup communications cables roughly 200km (124 miles) apart.

Hours after the incident, multiple German officials characterized the event as intentional, and Transportation Minister Volker Wissing decried it as a “targeted and malicious action.” But  Reuters reported shortly thereafter that German police had concluded there was no foreign state involvement. The next day Wissing issued a statement reversing the police conclusion, describing it as sabotage and saying that he couldn’t rule out foreign responsibility.

By May this year, a German senior investigator on the case told the Wall Street Journal that “it smells like Russia. It looks like Russia.”

These are just two examples that join dozens of other European incidents ranging from subsea pipeline and telecommunications cable cuts across the Baltic and Barents seas to an onshore natural gas pipeline that was found damaged by intentional drilling near Hamburg last year. A cache of explosives and detonators was also found buried next to a section of NATO’s Central Europe Pipeline System (CEPS.)

While the infrastructure sectors and methods differ, they are all linked by a continued lack of attribution by European authorities. Investigation can be difficult from a purely technical perspective as there are tens of thousands of miles of rail, pipeline, and cable networks, a fact that makes nabbing would-be-saboteurs in the act a challenging proposition.

But the fact that a great many of these incidents have still not been attributed suggests a possible political calculus. Decisions may have been taken to avoid pointing to Russia even where a reasonable evidentiary threshold may have been met.

Some Transatlantic security leaders may be wary of taking any “escalatory” steps in their support of Ukraine — the same leaders who have advanced policies resulting in less-than-comprehensive enforcement of Russian sanctions and a dangerously slow supply of military equipment to Kyiv.

Get the Latest
Sign up to receive regular emails and stay informed about CEPA's work.

But Moscow’s track record should give them pause. Its longstanding focus on projecting hybrid threats against Transatlantic security, with action below the threshold of large-scale war, has for many years posed a risk to energy and critical infrastructure across Europe. 

This risk skyrocketed after Russia prepared for its full-scale invasion of Ukraine and has increased as the war has ground on.

For years, Putin’s Kremlin has emphasized the development of capabilities to sabotage or collect intelligence on European infrastructure, especially in remote maritime environments. This includes Russian government investment in subsea technologies and expertise via such organizations as the Kremlin’s Main Directorate for Deep Sea Research (GUGI), the Russian Navy, and GRU military intelligence units.

Likewise, the Putin regime has long-conducted so-called grayzone operations, including cyberattacks, energy cuts and disinformation campaigns against Western democracies, aiming to undermine their democratic resilience. It makes no secret of its intentions. Russia’s ambassador to the UK, Andrei Kelin, openly stated in May that the UK’s aid to Ukraine made it a “de facto participant” in the war. Kremlin officials have made similar statements about the US.

Given the growing list of offshore attacks on subsea pipelines and telecommunications cables, as well as onshore attacks against energy and transportation infrastructure, it would be reasonable at least to assess the significant likelihood that Russia is to blame. It has both the technical capabilities and the motivation. 

It could, in the Kremlin’s view, be an effective strategy to sow doubt about the ability of European security organizations to protect energy and critical infrastructure, and thereby degrade public support for military aid to Ukraine.

If it was shown that Russia was behind the sabotage attacks, it would necessitate a response from Western capitals, and at least calls for Article 4 consultative mechanisms among NATO member states.

It’s surprising that Article 4 hasn’t yet been invoked — unless, of course, it is part of a misguided “escalation management” strategy.

Regardless, it’s now time to step up our collective ability to attribute and, ultimately, deter infrastructure attacks. Transatlantic leaders need to redouble their efforts to increase surveillance of energy, telecommunications, and transportation facilities — using a suite of AI-enabled subsea and surface monitoring platforms as well as the emerging fleet of commercial satellite imagers.

National security officials also need to publicly detail what is known about the investigations, and, if possible, to name and shame the actors responsible. Attribution can be a powerful tool to deter future sabotage incidents.

On the messaging front, there are early signs the tide may be shifting. Czech Prime Minister Petr Fiala appeared to follow this path on June 10, when he blamed Russia for an arson attack on a bus depot in Prague, linking it to similar incidents in Poland and Lithuania. He said it was probable the attack was financed and organized from Moscow, even though a South American had been arrested, suggesting the GRU is (not for the first time) using proxies to do its work. The UK has also pointed the finger — five men allegedly hired by Russian intelligence face trial over arson at a warehouse holding goods for Ukraine.

This shift is healthy but it’s only a start. The broad strategy remains to avoid attribution in cases where significant evidence points to Russia, which degrades deterrence and invites further attacks on critical infrastructure. 

This is increasingly dangerous at a time when NATO can ill-afford any further undermining of the Transatlantic consensus and joint action to support Ukraine’s fight for survival.

Dr. Benjamin L. Schmitt is a Senior Fellow at the Department of Physics and Astronomy and the Kleinman Center for Energy Policy at the University of Pennsylvania, a Senior Fellow for Democratic Resilience at the Center for European Policy Analysis, a fellow of the Duke University “Rethinking Diplomacy” Program, and a Term Member of the Council on Foreign Relations. (Twitter: @BLSchmitt).

Europe’s Edge is CEPA’s online journal covering critical topics on the foreign policy docket across Europe and North America. All opinions expressed on Europe’s Edge are those of the author alone and may not represent those of the institutions they represent or the Center for European Policy Analysis. CEPA maintains a strict intellectual independence policy across all its projects and publications.

US Bases in Europe

Military experts explain why US bases in Europe matter.

Learn More
Europe's Edge
CEPA’s online journal covering critical topics on the foreign policy docket across Europe and North America.
Read More