The Port of Seattle, which oversees the Seattle-Tacoma International Airport (Sea-Tac), recently confirmed that a possible cyberattack disrupted several critical systems, including websites and phone services, beginning on August 24, 2024. Initially, the incident was reported as system outages, but it was later acknowledged that a cyberattack could be the cause.
As a precaution, the Port of Seattle has isolated essential systems and is working diligently to restore full services. However, there is no estimated time for when operations will return to normal. The disruption has had a significant impact on airport operations, causing flight delays and cancellations and leaving travelers in uncertainty.
In a statement, Perry Cooper, spokesperson for the Port of Seattle, emphasized that while the exact intentions of the attackers remain unclear, the primary focus is on restoring impacted systems and ensuring the safety and security of airport operations. The port is collaborating with federal authorities to investigate the incident and mitigate any further risks.
The incident underscores the increasing vulnerability of critical infrastructure to cyber threats, particularly as digital systems become more integral to operations.
"Attacks like what the Seattle-Tacoma International Airport experienced represent a serious shift in what cybersecurity professionals should be focusing on. In the past, the primary emphasis in the cybersecurity community has been on data protection—especially personal information," said William Lidster, CISO of AAA Washington. "And while data protection will always remain crucial, attacks like Colonial Pipeline, the City of Dallas, CDK Global, and this recent one against a major airport demonstrate that system availability and system resiliency should be the prominent concern of the cybersecurity industry. When one talks about risk, the actual harm to individuals can be far more extensive with failures to systems than with loss of personal data."
This latest attack comes on the heels of a recent CrowdStrike outage that paralyzed air travel and was quickly followed by outages at two Seattle-based tech giants, Amazon and Microsoft. Delta and CrowdStrike are in an ongoing dispute over who is to blame for systems going down.
The U.S. Transportation Security Administration (TSA) says there has been no impact on security operations, but the disruption to the airport's operations has taken its toll on travelers and employees.
Sea-Tac's X/Twitter account posted the following on Saturday morning around 9 a.m.: "The Port of Seattle, including SEA Airport, is experiencing an internet and web systems outage, which is impacting some systems at the airport. Passengers are encouraged to check with their airlines for the latest information for their flights."
The airport's website went down, and there are reports indicating that the Sea-Tac luggage sorting operation was also affected. The airport's website remained down as of Monday morning.
"The Sea-Tac cyberattack highlights the growing threat to critical infrastructure, disrupting key systems and exposing the vulnerabilities in airport IT networks," said Jason Soroko, Senior Fellow at Sectigo. "The report of rapid isolation of systems suggests that an appropriate operational response is taking place , but the incident underscores the urgent need for stronger cybersecurity in critical infrastructure such as airports. Details about the attack have not been released, so we do not yet know if the scope of the outage is due to the attack itself or the purposeful isolation of systems."
As the situation unfolds, the Port of Seattle continues to update travelers and the public, advising them to stay informed and allow extra time for airport procedures during this period of disruption.
"Traditional perimeter network access protections are no longer enough," said Piyush Pandey, CEO at Pathlock. "To secure core operations, you must continuously monitor and control your highest risk applications down to the transaction level."
William Lidster will be moderating a keynote panel at the SecureWorld Seattle conference on November 6-7. The CISO panel—the opening keynote on Day 2—features Maggie Amato, Sr. Director, BISO, Salesforce; Erika Carrara, VP, Chief Technology & Security Officer, The Greenbrier Companies; and Rob Davidson, CISO, Pacific Blue Cross.
