Research that matters

Olaf Maennel

My research began with the fundamental question of how the Internet works and how to make it more resilient. Over two decades, that focus has evolved from Internet routing and network measurements to encompass cyber security broadly: protecting critical infrastructure, securing autonomous and AI-driven systems, and developing the next generation of cyber defenders through realistic training environments. What connects all of this work is a commitment to research that bridges theory and practice—work that has real-world impact on defence and national security.

1. Critical Infrastructure & Transport-Sector Cyber Security

Modern societies depend on interconnected critical infrastructure—energy, water, transport, healthcare—and these interdependencies create systemic vulnerabilities that a single-sector approach cannot address. My research addresses this through work on maritime, aviation, and transport-sector cyber security.

At TalTech, I coordinated the H2020 ERA-Chair “MariCybERA” (€2.5M), establishing a Maritime Cyber Security Centre to build research capacity in protecting shipping, port systems, and autonomous vessels. This included work on enhancing the cyber resilience of sea drones, proposing intrusion detection systems for vessel bridge networks, and developing maritime cyber security environments for training and experimentation. In aviation, I developed and delivered EASA-compliant cybersecurity training for air traffic safety electronics personnel in collaboration with NATO CCDCOE and the Estonian Aviation Academy.

Underpinning this sector-specific work is research on how to identify critical information infrastructure services and build nationwide cyber situational awareness frameworks for critical infrastructure protection.

2. Autonomous Vehicle & AI System Security

As AI systems become embedded in safety-critical applications—from autonomous driving to military decision-making—their vulnerabilities become increasingly consequential. My group's work in this area includes REACT, an autonomous intrusion response system for intelligent vehicles and ADAssure, a debugging methodology for autonomous driving control algorithms. We have also investigated sensor fusion desynchronisation attacks and combined safety-cybersecurity testing frameworks.

I am increasingly focused on adversarial AI: model poisoning attacks, adversarial concept drift, and targeted influence operations against human security operators. These represent direct threats to any system that relies on AI-driven decision-making. Recent work includes research on test-time attention purification for backdoored large vision-language models. I am also worried about our increasing reliance on AI systems, which makes us vulnerable not only to technical attacks (e.g., model poisoning) but also to targeted influence operations against human security operators.

3. Cyber Defence Exercises & Workforce Development

Effective cyber defence requires people who can think critically under pressure, and the best way to develop those skills is through realistic, hands-on exercises. I have participated in NATO CCDCOE's Locked Shields—the world's largest international live-fire cyber defence exercise—for over five years as both red-team and green-team member, and also contributed to the Crossed Swords exercise.

At Adelaide University, I am working at the CyberLab project—a system-of-systems cyber range where students co-design and operate a digital twin of interconnected critical infrastructure. Students can earn academic credit through this work-integrated learning initiative. The CyberLab models cascading failures across sectors (hospital, banking, traffic, social media, …) and integrates adversary emulation (MITRE Caldera), security operations (Wazuh, Grafana, Suricata), and AI-enabled defences (locally-hosted LLMs). The educational philosophy is inspired by successful open-source development models such as Linux: students don't just use the platform—they build it, and their work persists for the next cohort. More about the CyberLab can be found at maennel.ai/cyberlab. I also co-chair Dagstuhl Seminar 26422 on “Cyber Security Experimentation Beyond Exercises and Cyber Ranges” (Oct 2026).

4. Internet Routing Security & Network Resilience

The Internet is a network of networks, and the Border Gateway Protocol (BGP) is the “glue that keeps the Internet together”. I am still very interested in understanding, testing, and improving this critical protocol. This work produced contributions at top venues: locating Internet routing instabilities, building AS-topology models that capture route diversity, and a widely-cited survey on 10 lessons from 10 years of measuring and modelling Internet autonomous systems.

On the security side, early work on detecting BGP route hijacking using RPKI contributed to the community's understanding of how to secure the routing system. I co-authored two IETF Internet Standards: RFC 6346 (the A+P approach to IPv4 address extension) and RFC 7196. This body of work—spanning routing stability analysis, topology modelling, and cryptographic route validation—continues to inform national-level network defence and situational awareness capabilities.

Conclusion

My research aims at bridging the gap between sound theoretical work and practical impact. From securing the Internet's routing infrastructure to protecting critical systems against AI-enabled attacks, the common thread is research that makes a difference in the real world. For a full list of publications, see my Google Scholar profile.