A cyberattack occurred at the Port of Seattle and Seattle-Tacoma International Airport over the weekend, highlighting the increasing trend of hackers targeting critical infrastructure. The specifics of the attack are not yet known, including whether there was a data breach. The outage caused disruptions to baggage services and flight information screens inside the terminal, but did not impact flights or security checkpoints. The Port’s Maritime Facilities phone systems were down, along with the Port and airport’s websites, email, and phone services for staff.
Michael Morgenstern, a cybersecurity expert with DayBlink Consulting, noted the growing threats to ports, citing past attacks such as the DP World hack in November and the Maersk attack in 2017. He explained that criminal enterprises and nation-states are the two primary attacker populations responsible for these types of cyberattacks. In October 2022, a group of U.S. airports also experienced a DDoS attack claimed by pro-Russian hackers. Ports and airports are attractive targets for hackers due to the valuable data they possess, such as passenger information and cargo manifests, which can be sold on the dark web for profit.
Yatharth Gupta, CEO of Codified, emphasized that hackers are motivated by profit and ports and airports are high-value targets that cannot afford disruptions. Corey Nachreiner, chief security officer at WatchGuard, echoed this sentiment, highlighting the economic significance of the U.S. Marine Transportation System industry. Recent attacks on entities like the Seattle Public Library, Fred Hutchinson Cancer Center, and Halliburton demonstrate the ongoing threats faced by organizations across different sectors. To protect against future attacks, Nachreiner and Morgenstern emphasized the importance of implementing insider threat and supply chain security programs, zero trust principles, and regular employee training.
In response to the Port of Seattle outage, David McGuire, CEO of SpecterOps, suggested that organizations should enhance their vulnerability management programs and practice good cyber hygiene to remediate attack paths in their identity environments. Despite these efforts, McGuire mentioned that hackers have access to sophisticated tools that enable them to carry out large-scale attacks with ease. The Department of Homeland Security and the Biden Administration have taken steps to enhance the security of maritime critical infrastructure through an executive order. Morgenstern emphasized the need for increased security measures for devices, controllers, and other technologies that contribute to port operations in order to prevent future cyberattacks.
The cyberattack at the Port of Seattle is just one example of the ever-growing threat landscape faced by critical infrastructure. As hackers continue to target ports and airports for profit, organizations must prioritize cybersecurity measures to protect valuable data and prevent disruptions to operations. By implementing robust security protocols, increasing employee training, and enhancing vulnerability management programs, organizations can better defend against cyber threats and safeguard critical infrastructure from potential attacks.
