After nearly three weeks of identifying unauthorized activity on its network, the Port of Seattle continues to recover from a suspected cyberattack that impacted various operations. The travel experience at Seattle-Tacoma International Airport is now “normal,” the airport announced last week, with all flight and baggage information showing up on digital screens. However, the airport and Port’s websites are still down. Other services such as the airport’s lost and found and visitor pass program are still not accessible. Some maritime operations managed by the Port of Seattle are also still in recovery mode. Port officials have not released any information about the nature of the cyberattack.[1]
The outage did not impact flights or security checkpoints at Sea-Tac Airport, or cause disruption to cruise travel. But it did shut down WiFi at the airport, cause delays to baggage services, and many screens inside the terminal showing flight information weren’t working. Airport workers had to resort to manual methods, such as writing flight numbers and carousel locations on large sheets of paper and issuing handwritten boarding passes and bag tags.
Speaking at a Port of Seattle Commission meeting this week, Port of Seattle Executive Director Steve Metruck said the investigation into the “cyber incident” is still ongoing. Metruck said the Port isolated critical systems after detecting the unauthorized activity and since then there have been no new intrusions. He said the crisis has been a “catalyst” to implementing technical changes that were either already in the queue or on the wish list. “Those have been accelerated,” he said.
Metruck said more information and “lessons learned” will be shared when the investigation is complete. For now, he offered some initial learnings from the past few weeks.
“One takeaway that I would offer is that a cyber incident is incredibly common,” Metruck said. He referenced this week’s cyberattack on Highline Public Schools, south of Seattle, that shut down classes for three days due to its own outage. Experts we interviewed said attacks on critical infrastructure and public entities such as schools are increasing. Metruck advised business and government organizations: “you need to invest in cybersecurity. You also need to be prepared should a cyberattack gain access to systems,” he added. “A message I’m sharing with my peers is to have a plan for workarounds for your most important processes that are IT-based. If you do not have access to your key systems, have plans for maintaining your operations and importantly paying businesses and people for the work they do.”
The Port is providing updates about the outage at this webpage.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
[1] https://www.geekwire.com/2024/you-need-to-invest-in-cybersecurity-port-of-seattle-director-offers-advice-amid-ongoing-outage/
Comments