Researchers led by Dr Stephen McCombie, Professor of Maritime IT Security at NHL Stenden University of Applied Sciences in the Netherlands have launched the Maritime Cyber Attack Database (MCAD), a database of incidents involving the worldwide maritime sector.
The database already contains over 160 incidents, including the location spoofing of NATO ships visiting Ukraine in the Black Sea in 2021.
The incidents in the database demonstrate the relevance of cybersecurity across the board of today’s maritime industry and the vulnerabilities that exist. “The simulated attack in Ukraine was all about provoking a reaction and so-called ‘deploying disruptive power’,” Dr McCombie said. “It appeared as if the British and Dutch warships were near the coast of Russian-occupied Crimea entering Russia’s main naval base, but it turned out to be a virtual trip that never took place. The scope of what is possible today is surprising, so we need to educate governments and companies about these kinds of cyber attacks and help them understand not only how to react to them, but how to be prepared for them.”
Drawing from open source information, the NHL Stenden’s Maritime IT Security research group collected information on over 160 cyber incidents in the maritime industry for the MCAD. The database not only covers incidents impacting vessels, but also ports and other maritime facilities worldwide. Now available publicly online, the research group expects the database will help improve cyber security awareness in the sector and provide data for further research and more accurate simulations in this critical area.
Other incidents in the database include an insider attack by a systems administrator on a U.S. nuclear aircraft carrier at sea in 2014 and a 2019 ransomware attack on a large container ship that prevented it from entering New York harbor.
Considering over 90 percent of the world’s cargo is transported by ship, the latter incident demonstrates a weakness concerning the Global Maritime Transportation System (GMTS). The GMTS is a system of systems that cover vessels, waterways, ports, and land-side connections, moving people and goods to and from the water. The role of GMTS in the global economy is significant and its security all the more essential, and yet fleets and the technology they carry are aging rapidly and becoming increasingly vulnerable to cyber attacks such as the ransomware attack in 2019. In fact, 38 percent of oil tankers and 59 percent of general cargo ships are more than twenty years old, making the criticality and fragility of supply chains acutely clear.
Peter Mulder, Academy Director ICT & Creative Technologies at NHL Stenden, says the database is aimed at creating a safer world, where the GMTS can respond to threats that will continue to grow in numbers and impact. “By creating this public database, we increase greater awareness about cyber incidents in the maritime sector, and we create data for further research by our research group as led by Professor Stephen McCombie, and our associated partners.”
One of the uses of the database is therefore to develop maritime cyber incident simulations that are realistic and relevant so that companies, organizations, ports and harbors can prepare for attacks. The research group will also use MCAD to produce reports and research papers showing trends and the results of detailed analysis on subsets of the data.
“The incident database is not a one-off and the collection will be regularly updated and augmented,” Dr McCombie said. “While we searched manually for the initial research, we are now developing AI to help automate the identification of new incidents from open sources and identify further details on already known incidents.”
The Maritime IT Security research group has been supported by Ernst & Young, which contributed to the realization of the MCAD project and other research initiatives in this critical area. To provide a complete overview of all cybersecurity threats worldwide, the research group is asking corporations and other research institutions to contribute to the database. “We welcome contributions from all and organizations can also report their own incidents,” Dr McCombie said. “In the end, our mission is to capture the real scope of incidents worldwide as accurately as possible.”
