A cyberattack at the Port of Seattle and Seattle-Tacoma International Airport over the weekend is another example of hackers increasingly targeting critical infrastructure.
Details are not yet available about the nature of the attack in Seattle this weekend, and whether there was any data breach.
The outage, which is still ongoing, did not impact flights or security checkpoints. But it did cause delays to baggage services and many screens inside the terminal showing flight information weren’t working.
The Port said Saturday that its Maritime Facilities phone systems were down. The Port and airport’s website were also down, as well as email and phone services for Port staff.
Threats to ports are growing, said Michael Morgenstern, partner with DayBlink Consulting, a firm that specializes in cybersecurity. He pointed to the DP World hack in November that disrupted Australia’s biggest ports operator; the huge Maersk attack in 2017; and an attack at the Port of Houston in 2021.
Morgenstern said two different attacker populations are responsible: criminal enterprises and nation-states.
In October 2022, a group of U.S. airports had their websites taken offline in a reported DDoS (distributed denial-of-service) attack claimed by pro-Russian hackers.
So what makes a Port or an airport an attractive target for hackers?
Valuable data, for one.
Yatharth Gupta, CEO of data access governance startup Codified, said ports have a “gold mine of data” such as passenger information and cargo manifests that can be used for multiple secondary attacks.
That data can be sold on the “dark web” for a large profit. In ransomware attacks, targets are often forced to pay ransoms.
“Hackers’ primary reason for any attack is profit, so entities like ports and airports are high-value targets that can’t afford disruptions,” said Corey Nachreiner, chief security officer at Seattle startup WatchGuard.
The U.S. Marine Transportation System industry is massive, supporting $5.4 trillion worth of economic activity annually, according to a February announcement from the Department of Homeland Security and the Biden Administration that included an executive order to bolster the security of maritime critical infrastructure.
Nachreiner said attacks will likely continue. “Hackers have access to SaaS-based and AI-powered tools that make it relatively easy to run large-scale and sophisticated attacks on all types of businesses,” he said.
To help prevent future attacks, Morgenstern said there needs to be increased security of devices, controllers, and other technology that contribute to port operations.
“The actual tactics are the same as for any other corporate or government entity,” he said. “Build insider threat and supply chain security programs. Implement zero trust wherever possible, build layered and partitioned security everywhere else. Train, train and train employees.”
David McGuire, CEO at Seattle cybersecurity consulting firm SpecterOps, suggested that entities “boost their vulnerability management programs and practice good cyber hygiene, including the remediation of attack paths in their identity environments.”
