Source: GeekWire
Key Takeaways:
– Port of Seattle and Seattle-Tacoma International Airport were recent victims of a cyberattack.
– The nature of the attack and whether any data breaches occurred remains unknown.
– Maritime infrastructure is now a prime target for two types of hackers: criminal enterprises and nation-states.
– Despite ongoing disruptions, airport operations including flights and security were not affected.
– The cyberattack on Port of Seattle follows recent attacks on the Seattle Public Library and other key public infrastructure.
Cyber Threats Risk Our Infrastructure: Port of Seattle Incident
The Port of Seattle and Seattle-Tacoma International Airport were subjected to a vicious cyberattack over the recent weekend, marking another dreadful instance of rising threats on vital infrastructure. Little is known about the nature of the attack, and it is yet to be established if any data was compromised during the incident.
Ongoing Impact Yet Essential Services Uninterrupted
While the cyber attack’s aftermath is still felt with the ongoing system outage, it’s important to note that no flights or security checkpoints were compromised at the airport. However, baggage services and numerous airport terminal screens displaying flight information experienced significant delays, impacting the overall functioning.
Communication and Online Services Affected
The Port reported on Saturday that the phone systems in its Maritime Facilities were non-functional. The official websites of the Port and the airport were also taken offline. Additionally, email and telephone services, which play a pivotal role in the operations of the Port staff, were unavailable due to the attack.
Growing Threats to Ports
Michael Morgenstern, a partner with DayBreak Consulting specializing in cybersecurity, elaborated on the escalating concerns associated with ports. He drew attention to previous cyberattacks on DP World in November, which caused a significant disruption to Australia’s largest ports operator, and the high-profile Maersk attack in 2017, along with an attack on the Port of Houston in 2021.
According to Morgenstern, the culprits can be categorized into two distinct groups: criminal enterprises and nation-states. In a recent development in October 2022, several US airports were targeted by cybercriminals and their websites were forced offline in a denial-of-service (DDoS) attack alleged to be orchestrated by pro-Russian hackers.
Why Ports and Airports Are Becoming Prime Targets?
Yatharth Gupta, CEO of Codified – a data access governance startup, provided some insights into why ports have become hot targets for hackers. For one, ports possess a wealth of valuable data, including passenger information and cargo manifests, which can be exploited for secondary attacks.
Moreover, the magnitude and economic significance of maritime infrastructure make it all the more attractive for hackers. The U.S. Marine Transportation System industry supports a massive $5.4 trillion worth of economic activity each year, according to a February announcement from the Department of Homeland Security and the Biden Administration.
Preventing Future Attacks
To thwart future cyberattacks, Morgenstern emphasized the need for strengthening the security protocols of devices, controllers, and other technologies integral to port operations. Similar to any corporate or governmental entity, he suggested building robust insider threat and supply chain security programs, implementing zero-trust wherever possible, and ensuring layered and partitioned security measures in all systems. He also underlined the importance of meticulously training employees.
The Bigger Picture
This cyberattack on the Port of Seattle is not an isolated incident. Seattle’s public infrastructure has been continuously targeted, with previous ransomware attacks on Seattle Public Library and Seattle’s Fred Hutchinson Cancer Center in the past year. In an unrelated event last week, Halliburton, the oil drilling giant, had to shut down certain services following a cyberattack.
Moreover, a flawed update from cybersecurity software company CrowdStrike caused a worldwide IT disruption last month, further amplifying concerns about the reliability and security of major systems across key infrastructure sites.
Investing in fortified cybersecurity measures is not only essential but is an urgent matter of national security. As these incidents proliferely, cybersecurity should be at the forefront of risk management strategies to better protect critical infrastructures in the future.
