SMICI

Cyberattacks on critical infrastructure have been identified as one of the major national security challenges for the foreseeable future, yet there has not been a dataset that aggregates publicly available data on cyber-physical attacks against critical infrastructure globally across all critical infrastructure sectors nor a dataset that records attacks that physically disrupt operational processes, which the Unconventional Weapons & Technology Division (UWT) has coined as cyber-operational attacks. Cyber-physical and cyber-operational attacks on critical infrastructure have the potential to damage the physical infrastructure assets and manifest physical disruptions to operational processes, causing widespread consequences.

Although datasets detailing cyberattacks on critical infrastructure do exist, they were often narrow in scope (e.g., specific malware used against critical infrastructure), not routinely updated, or only utilized a single source per attack to verify reliability for inclusion. The lack of such a robust dataset has limited our ability to gain a deeper understanding of the cyber-physical and cyber-operational attack phenomenon as well as our ability to hypothesize about the behaviors and motivations of the attackers.

To gain a better understanding of the adversaries’ multi-domain behavior and motivations and to capture data on the impact of the physical damage and disruption of these attacks, the Unconventional Weapons & Technology Division (UWT) of the National Consortium for the Study of Terrorism and Responses to Terrorism (START) developed the Significant Multi-domain Incidents against Critical Infrastructure (SMICI) database, a first of its kind, using only publicly available information. Developed through an interdisciplinary approach, the SMICI database is an event-based, open-source, and publicly available database detailing cyber-physical and cyber-operational incidents.