bt_bb_section_bottom_section_coverage_image

Cyberattack at Port of Seattle is the latest example of increasing threats to critical infrastructure

The cyberattack on the Port of Seattle and Seattle-Tacoma International Airport over the weekend is another example of hackers targeting critical infrastructure.

Details about the nature of the attack over the weekend in Seattle and whether it was a data breach are not yet available. The power outage did not affect airports or security checkpoints. But because of delays in cargo services and many screens inside the terminal showing flight information did not work.

The port said on Saturday that the telephone systems at the marinas were down. Also below is the port and airport home page, as well as email and phone services for port staff. Threats to ports are on the rise, said Michael Morgenstern, a partner at DayBlink Consulting, an independent cyber security firm. He pointed to the DP World hack in November that disrupted Australia’s largest port operator. Maersk’s biggest attack in 2017; and an attack on the Port of Houston in 2021.

Morgenstern said two groups of attackers are responsible: criminal enterprises and states.

In October 2022, a group of US airports took their websites offline in a Denial of Service (DDoS) attack claimed by Russian hackers.

Why is a port or airport a prime target for hackers?

Expensive data, for one.

Yatharth Gupta, CEO of data access management startup Codified, said ports are a “gold mine of data” such as passenger information and cargo manifests that can be used for secondary attacks.

This data can be sold on the “dark web” for a large sum of money. In ransomware attacks, targets are often forced to pay a ransom.

“Hackers’ primary reason for any attack is profit, so entities like ports and airports are high-value targets that can’t afford disruptions,” said Corey Nachreiner, chief security officer at Seattle-based cybersecurity company WatchGuard.

The U.S. Marine Transportation System industry is massive, supporting $5.4 trillion worth of economic activity annually, according to a February announcement from the Department of Homeland Security and the Biden Administration that included an executive order to bolster the security of maritime critical infrastructure.

Nachreiner said attacks will likely continue. “Hackers have access to SaaS-based and AI-powered tools that make it relatively easy to run large-scale and sophisticated attacks on all types of businesses,” he said.

To help prevent future attacks, Morgenstern said there needs to be increased security of devices, controllers, and other technology that contribute to port operations.

“The procedures are the same as any other company or government entity,” he said. “Establish individual threat programs and deploy chains. Implement distrust wherever possible, layer protection and segmentation everywhere. Train, train, train staff.”

David McGuire, CEO of Seattle-based cybersecurity consulting firm SpecterOps, said that organizations should “strengthen their vulnerability management programs and improve cyber hygiene, including changing ways to attack their identity environment.” the attacks on the Seattle Library and Seattle’s Fred Hutchinson Cancer Center last year. Last week oil major Halliburton shut down some of its services because of the attack.

The Seattle outage comes a month after a botched update from cybersecurity software firm CrowdStrike caused global IT outages, including at Sea-Tac and other airports across the country.

Share
× WhatsApp