The headlines say Russia’s shadow fleet is cutting cables. The experts say most faults come from clumsy ship anchors. Ninety-nine percent of global internet traffic runs across the ocean floor, and the conversation about what threatens it is mostly wrong.

In this episode of Threat Talks, Peter van Burgel, CEO of AMS-IX, sits down with Ernst Noorman, Cyber Ambassador at Large for the Netherlands and member of the ITU Advisory Board on Submarine Cable Resilience, to separate geopolitical noise from engineering reality, and explain what actually puts global internet connectivity at risk.

Timestamps

00:00:00 Introduction
00:00:55 The ITU Advisory Board on Submarine Cable Resilience
00:05:04 Shadow Fleets, Geopolitics, and the Sabotage Myth
00:10:30 Shunts, Faults, and What Actually Breaks Cables
00:15:47 Why Satellite Cannot Replace Submarine Cables
00:17:06 Digital Sovereignty and the Big Tech Cable Takeover
00:28:16 What Every CEO Should Put on the Agenda

Key Topics Covered

• Why most submarine cable faults come from anchors, fishing nets, and natural events, not state actors

• How aging repair ships and bureaucratic permitting barriers make restoration slow in most of the world

• Why satellite (including Starlink) cannot replace subsea fiber at any meaningful scale

• How big tech dominance over new cable investment creates digital sovereignty risks for governments and large organizations

• What NIS2 means for CEO accountability on digital infrastructure resilience

Related ON2IT Content & Referenced Resources

ITU Advisory Board on Submarine Cable Resilience: https://www.itu.int/digital-resilience/submarine-cables/advisory-body/
ICPC (International Cable Protection Committee): https://www.iscpc.org
Dutch Cybersecurity Council / CEO manual on NIS2: https://www.cybersecuritycouncil.nl
Dutch Cybersecurity Act (NIS2 implementation): https://www.dutchncca.nl/the-cybersecurity-act

Threat Talks: https://threat-talks.com/russia-cutting-cables-whos-protecting-it/
ON2IT (Zero Trust as a Service): https://on2it.net
AMS-IX: https://www.ams-ix.net/ams

Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.

🔔 Follow and Support our channel! 🔔

► YOUTUBE: / @threattalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUE…
► APPLE: https://podcasts.apple.com/us/podcast…

👕 Receive your Threat Talks T-shirt https://threat-talks.com/

🗺️ Explore the Hack’s Route in Detail 🗺️ https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

A company skips a security check two days before Black Friday and loses $1 million when transactions land in the wrong bank accounts. A machine learning team is told no on production data access, gets it via SharePoint anyway, and a year later the data is on contractor laptops nobody can account for.

Two stories, one pattern: when security blocks, the risky work doesn’t stop – it just happens without you.

Lieuwe Jan Koning, Co-founder and CTO at ON2IT Cybersecurity, sits down with Sina Yazdanmehr, Founder and Managing Director of Aplite GmbH, on the prevention paradox, why a “no” from the CISO is an illusion of control, and how a technical security team turns into a business partner instead of a roadblock.

Timestamps

00:00:00 Introduction
00:01:55 The $1 million Black Friday story
00:04:14 Hero culture rewards shipping, not prevention
00:06:55 The prevention paradox
00:08:00 NIS2 and executive accountability
00:09:00 Avoiding the Department of No
00:12:18 Production data on contractor laptops
00:16:13 The technical CISO as business partner

Key Topics Covered

• Why hero culture quietly trains organizations to bypass security under deadline pressure
• The prevention paradox: why the person who avoids a loss never gets the credit
• What happens after a CISO says no: shadow workflows, friendly handovers, and data on laptops nobody owns
• What a counter-proposal in risk-based language gets you that a flat refusal does not

Related ON2IT Content & Referenced Resources

• Aplite GmbH: https://aplite.de
• Previous Threat Talks with Sina Yazdanmehr (Security Culture part 1): https://youtu.be/1JnAsXDCKzM?si=qFlMxC617E30U1dW
• Previous Threat Talks with Sina Yazdanmehr: https://www.youtube.com/watch?v=wBodTl_nY1w
• Previous Threat Talks with Sina Yazdanmehr: https://www.youtube.com/watch?v=fBwdGXf-0dY
• Threat Talks: https://threat-talks.com/
• ON2IT (Zero Trust as a Service): https://on2it.net/
• AMS-IX: https://www.ams-ix.net/ams

Subscribe to Threat Talks and turn on notifications for deep dives into the world's most active cyber threats and hands-on exploitation techniques.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: / @threattalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUE...
► APPLE: https://podcasts.apple.com/us/podcast...

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

A SaaS company buys enterprise ChatGPT for 800 staff and strangely only uses 30 seats. A corporate signs annual risk exemptions for five years until the exception list itself is mistaken for a working security process. Same root cause, two symptoms.

Compliance is not security. Security culture is company culture. If your employees do not trust their managers, no policy you write will save you.

Lieuwe Jan Koning, Co-founder and CTO at ON2IT Cybersecurity, sits down with Sina Yazdanmehr, Founder and Managing Director of Aplite GmbH, on why security policy depends on trust, why a signed risk acceptance is a legal act, and what a leadership cadence on security communication actually looks like.

Timestamps

00:00:00 Introduction
00:02:20 When risk exceptions become culture
00:07:50 Turning a five-year exemption list around
00:09:07 Working with auditors instead of around them
00:13:14 The trust gap: enterprise tools and personal accounts
00:19:27 Security culture is company culture
00:22:21 Wrap and what is next

Key Topics Covered

• Why employee trust in management determines whether any security policy lands
• How sanctioned enterprise tools, AI included, quietly fail when context and trust are missing
• The legal weight of a signed risk acceptance, and why most managers treat it as paperwork
• What a working leadership cadence on security communication actually looks like

Related ON2IT Content & Referenced Resources

• Aplite GmbH: https://aplite.de
• Previous Threat Talks with Sina Yazdanmehr: https://www.youtube.com/watch?v=wBodTl_nY1w
• Previous Threat Talks with Sina Yazdanmehr: https://www.youtube.com/watch?v=fBwdGXf-0dY
• Threat Talks: https://threat-talks.com/
• ON2IT (Zero Trust as a Service): https://on2it.net/
• AMS-IX: https://www.ams-ix.net/ams

Subscribe to Threat Talks and turn on notifications for deep dives into the world's most active cyber threats and hands-on exploitation techniques.

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX