Researchers led by Dr Stephen McCombie, Professor of Maritime IT Security at NHL Stenden University of Applied Sciences have recently announced the launch of the Maritime Cyber Attack Database (MCAD), which is a database of incidents involving the worldwide maritime sector.

As per the official release on the varsity's website, the database contains over 160 incidents, including the location spoofing of NATO ships visiting Ukraine in the Black Sea in 2021.

The incidents in the database demonstrate the relevance of cyber security across the board of today’s maritime industry and the vulnerabilities that exist. McCombie said, “The simulated attack in Ukraine was all about provoking a reaction and so-called ‘deploying disruptive power.’ It appeared as if the British and Dutch warships were near the coast of Russian-occupied Crimea entering Russia’s main naval base, but it turned out to be a virtual trip that never took place. The scope of what is possible today is surprising, so we need to educate governments and companies about these kinds of cyber-attacks and help them understand not only how to react to them, but how to be prepared for them.”

Drawing from open-source information, the NHL Stenden’s Maritime IT Security research group collected information on over 160 cyber incidents in the maritime industry for the MCAD.

The database not only covers incidents impacting vessels but also ports and other maritime facilities worldwide. Now available publicly online, the research group expects the database will help improve cyber security awareness in the sector and provide data for further research and more accurate simulations in this critical area.

Raising awareness

Other incidents in the database include an insider attack by a systems administrator on a US nuclear aircraft carrier at sea in 2014 and a 2019 ransomware attack on a large container ship that prevented it from entering New York harbour. Considering over 90% of the world’s cargo is transported by ship (an equivalent of 70% of global trade value), the latter incident demonstrates an especial weakness concerning the Global Maritime Transportation System (GMTS).

The GMTS is a system of systems that cover vessels, waterways, ports, and land-side connections, moving people and goods to and from the water. The role of GMTS in the global economy is significant and its security is all the more essential, and yet fleets and the technology they carry are aging rapidly and becoming increasingly vulnerable to cyber-attacks such as the ransomware attack in 2019.

In fact, 38% of oil tankers and 59% of general cargo ships are more than twenty years old making the criticality and fragility of supply chains acutely clear. Peter Mulder, Academy Director ICT & Creative Technologies at NHL Stenden, states, “This database is aimed at creating a safer world, where the GMTS can respond to threats that will just continue to grow in numbers and impact. By creating this public database, we increase greater awareness about cyber incidents in the maritime sector, and we create data for further research by our research group as led by Professor Stephen McCombie, and our associated partners.”

Realistic simulations

One of the uses of the database is therefore to develop maritime cyber incident simulations that are realistic and relevant so that companies, organisations, ports, and harbours can prepare for attacks. The research group will also use MCAD to produce reports and research papers showing trends and the results of detailed analysis of subsets of the data.

McCombie added, “The incident database is not a one-off, and the collection will be regularly updated and augmented. While we searched manually for the initial research, we are now developing AI to help automate the identification of new incidents from open sources and identify further details on already known incidents.”