An open-source database of cyberattacks on the maritime transportation system

The Global Maritime Transportation System (GMTS) is a complex system of systems, encompassing port operations, shipping lines for both cargo and passengers, manufacturing, vessel traffic control, and the vessels themselves. In recent decades, cybersecurity incidents targeting the GMTS have grown significantly in both frequency and economic impact. In response to this escalating threat, we initiated a comprehensive effort in 2021 to systematically collect and catalog all publicly known cybersecurity incidents affecting the GMTS. Drawing from peer-reviewed research, news articles, and government reports, we compiled this data into the Maritime Cyber Attack Database (MCAD). Our dataset, spanning 2001 to 2023, includes over 290 cybersecurity incidents–representing a several-fold increase from the 46 incidents reported in previous research conducted in 2020. These incidents involve 54 countries and over 50 vessels, in addition to various GMTS-associated entities such as ports. The attribution of these incidents points to a range of known nation-state and criminal threat actors. This paper presents MCAD as a novel cyber threat intelligence tool and provides a high-level analysis of the collected data, offering insights into the evolving cyber threat landscape within the GMTS.