Cyber issue highlighted by Port of Seattle official, indicating a unidirectional relationship with federal agencies
In a concerning development, the Rhysida ransomware group has launched an attack on the Port of Seattle, which oversees the Seattle-Tacoma International Airport. The incident, which occurred on August 24, has resulted in widespread system outages, data theft, and encryption. Despite the disruptions, flights and cruises have largely remained unaffected.
Lance Lyttle, the aviation managing director at the Seattle-Tacoma International Airport, has highlighted a disconnect and delay in how the federal government follows up on cybersecurity efforts. He suggests that the Transportation Security Administration (TSA) and the Cybersecurity and Infrastructure Security Agency (CISA) could consolidate information, develop best practices, and disseminate them back to the aviation industry.
Cyber preparedness and resiliency are crucial for organizations, requiring them to develop and adhere to an incident response plan, continuously stress test these plans, and reevaluate the tools they have to secure both digital and cyber-physical systems in the face of ransomware attacks. However, many critical infrastructure organizations, including airports, often operate with constrained resources.
Experts like Michela Menting, senior research director at ABI Research, Katell Thielemann, VP distinguished analyst at Gartner, Emily Mossburg, global cyber leader at Deloitte, and others have emphasized the potential for complete meltdown and the need for organizations to recognize the true risk of cyberattacks. They note the increasingly indiscriminate nature of the impact of ransomware attacks.
CISA's cybersecurity performance goals aim to help organizations operating in target-rich, resource-poor supply chains, often run by small- to medium-sized businesses. Typical best practices recommended by experts generally include implementing continuous network monitoring and threat detection, applying a zero-trust security model, regularly updating and patching software and systems, conducting employee cybersecurity training and awareness programs, collaborating with federal agencies like CISA, strengthening supply chain security, developing and regularly testing incident response plans, and cordoning off sensitive data to facilitate a more swift recovery from a ransomware attack.
However, it's important to note that the Port of Seattle's website, internal portals, and the airport's mobile app remain non-operational following the attack, suggesting that many businesses have not effectively implemented these best practices. Leaders across government and enterprise need to continue focusing on the true disruption that cyberattacks can bring, including "real harm, in the physical sense, through digital means."
The incident at the Port of Seattle demonstrates the interconnected nature of critical infrastructure, affecting both digital assets and cyber-physical systems. As ransomware attacks on critical infrastructure continue to rise, with more than two in five attacks reported to the FBI last year hitting critical infrastructure, up from one-third in 2022, it's clear that addressing these issues is of paramount importance.
- The Rhysida ransomware attack on the Port of Seattle has underscored the need for consolidated information and best practices among federal agencies like the TSA and CISA, as suggested by Lance Lyttle, aviation managing director at the Seattle-Tacoma International Airport.
- In response to the increasing indiscriminate nature of ransomware attacks, experts such as Michela Menting, Katell Thielemann, Emily Mossburg, and others have emphasized the need for organizations to prioritize cyber preparedness, resiliency, and the implementation of continuous network monitoring, zero-trust security, software updates, employee training, supply chain security, incident response plans, and data protection.
- The ongoing system outages at the Port of Seattle following the ransomware attack serve as a reminder that many businesses may not have effectively implemented these best practices, highlighting the importance of continued focus on the physical disruption that cyberattacks can inflict.
- With more than two in five reported ransomware attacks hitting critical infrastructure in 2021, up from one-third in 2022, it's clear that the interconnected nature of critical infrastructure requires immediate attention, as demonstrated by the incident at the Port of Seattle.
