There isn't a single 60Tb/sec datastream though so it is quite feasible (and I'd be shocked if people aren't doing it, especially after the post-Snowden rush to MACsec).
Undersea cables are DWDM systems where you have N x 10G,40G,100G waves. 100G MACsec is available in merchant silicon and out of the box on switches from Cisco & Arista (off the top of my head, I'm sure there are others).
You wouldn't even encrypt the undersea cables specifically, you'd encrypt your transport links before they leave your datacenter, that way you don't need to trust your carrier, the cable consortium, or anyone else (aside from your switch vendor...)
Further, the individual traffic streams in a 10 gigabit per second circuit would be encrypted at layers 4 through 7. Assuming that people are using properly implemented public /private key cryptography, of course.
Even so, the metadata of who is talking to who and traffic flow analysis is very valuable to the NSA.
Anecdotally I don't know of a single ISP that buys N x 10 Gbps transpacific or transatlantic waves/transport (ex: one Wilshire to Equinix Tokyo) that uses link layer crypto. In my example the ISPs are customers of the organizations that actually run the DWDM terminals.
Highly redundant core routers like an asr9010 with 2nd/3rd gen line cards, or an mx960 are already expensive enough without making a 24-port 10GbE linecard twice as costly to buy by having crypto features. It is super rare to see such hardware in production for commercial ISPs.
Reading through the comment tree, I'd say general consensus is that, in the case of a long distance underwater cable, link encryption is technically feasible.
However, while technically feasible (so as to protect metadata, who's talking to whom, etc.), due to the political weight & financial heft of certain state actors, tapping at the cable link endpoints would remain a strong possibility. This would obviate the actual need to link encrypt except of course for "optics"/marketing to data center customers.
