Cyberattack Hits Seattle Airport: Another Case for a Proactive Security-First Approach

Seattle-Tacoma International Airport (SeaTac) recently faced a significant cyberattack, forcing the isolation of critical systems and disrupting IT services at the Port of Seattle. "This incident again highlights the importance of a proactive, security-first approach to cybersecurity," Says Kourosh Amin-Tehrani, a leading figure and subject matter expert on high-level cloud security architectures since 2009.

On Saturday morning, SeaTac experienced a sudden IT outage, later attributed to unauthorized activity on the port’s systems. "We became aware of unauthorized activity on the port system," Lance Lyttle, aviation managing director at the airport, stated during a Sunday press conference. "We’re conducting a thorough investigation with the assistance of outside experts."

Kourosh Amin-Tehrani, continued: "Had a more comprehensive approach been in place, there would have been time to implement necessary changes that could have avoided most of the catastrophe that ensued,". The Secure Cloud Application Framework (S.C.A.F.) methodology I have implemented for various organizations over the years , would have played a crucial role in containing and mitigating the damage and chaos.

The attack affected IT services at the Port of Seattle, causing both the Port of Seattle and the airport websites to go offline. The disruption also impacted internet access to some airport systems, including the ability to send and receive data such as emails. However, thanks to the existing isolation of critical systems, other operations like passenger terminals and security screening measures remained online.

The SCAF is essentially like a military compound segregates critical systems, ensuring that a breach in one area does not compromise the entire operation. In the same way that military installations never put all their critical systems under the same roof, SCAF ensures that in a cloud environment, systems are intentionally segregated, and have multiple layers of security controls and systems to respond in place. This segregation, combined with the ability to quickly spin up secondary services to replace compromised ones, minimizes the blast radius of an attack and keeps essential functions running.

While the exact nature of the cyberattack remains unclear, there are concerns that ransomware, known for its capacity to encrypt and disable entire networks, may be involved. In many ransomware cases, hackers also steal sensitive data, potentially compromising customer information.

As the Port of Seattle works “around the clock” to restore systems, the impact of the attack continues to ripple through SeaTac's operations, causing delays in check-ins, departures, and baggage handling. Alaska Airlines, for example, advised customers to pack light and avoid checking bags due to the limited functionality of the baggage sorting system.

This incident, coupled with recent attacks like the one on oil services provider Halliburton, underscores the growing threat to critical infrastructure from cyberattacks. A proactive approach, like the one provided by the Cloud Native SCAF, is essential to staying ahead of these threats and ensuring the resilience of our most vital systems

Extremely long lines and disruption of service turns the Seattle Airport inside out for 72+ hours

Additional Insights