Researchers at NHL Stenden University of Applied Sciences in the Netherlands have launched the Maritime Cyber Attack Database (MCAD), a database of incidents involving the worldwide maritime sector.
Created by a team led by Dr Stephen McCombie, Professor of Maritime IT Security, the database contains over 160 incidents, including location spoofing of NATO ships visiting Ukraine in the Black Sea in 2021.
“The simulated attack in Ukraine was all about provoking a reaction and so-called ‘deploying disruptive power’,” said Dr McCombie.
“It appeared as if the British and Dutch warships were near the coast of Russian-occupied Crimea entering Russia’s main naval base, but it turned out to be a virtual trip that never took place.”
“The scope of what is possible today is surprising, so we need to educate governments and companies about these kind of cyber-attacks and help them understand not only how to react to them, but how to be prepared for them.”
Drawing from open source information, the NHL Stenden’s Maritime IT Security research group collected information on over 160 cyber incidents in the maritime industry for the MCAD. The database not only covers incidents impacting vessels, but also ports and other maritime facilities worldwide.
Now available publicly online, the research group says that it expects the database will help improve cyber security awareness in the sector and provide data for further research in this critical area.
Other incidents in the database include an insider attack by a systems administrator on a US nuclear aircraft carrier at sea in 2014 and a 2019 ransomware attack on a large container ship that prevented it from entering New York harbour.
One of the planned uses of the database is to develop maritime cyber incident simulations that are realistic and relevant so that companies, organisation, ports and harbours can prepare for attacks. The research group will also use MCAD to produce reports and research papers showing trends and the results of detailed analysis on subsets of the data.
“The incident database is not a one-off and the collection will be regularly updated and augmented. While we searched manually for the initial research, we are now developing AI to help automate the identification of new incidents from open sources and identify further details on already known incidents,” added Dr McCombie.
