Port of Seattle Cyber Attack –

Post Event One Year Review

1

Agenda Item: 11a_supp

Meeting Date: September 9, 2025

Rhysida Ransomware used

to attack the Port.

2

Overview of Cyber Attack Event

July to August 23

• Evidence of unauthorized

activity was identified on

an employee’s laptop

August 24

• Data exfiltration

• System encryption

• Port of Seattle network

lock down & isolation

What Was Impacted

Unavailable Services at SEA & Maritime Facilities

Traveler-facing systems:

• Wi-Fi

• Phones (non-cell)

• FIDS and BIDS

• Website and mobile app

• Ground transportation systems

• Checkpoint wait times

• Common-use ticket counters

• ...and more

Life Safety & Security

• Alarms

• Fire watch

• Some camera systems

• Door Fobs

3

4

• Strengthened Security

Controls

• Enhanced Hardware &

Software

• Automated Incident

Detection & Response

5

Recovery Improvements

Technical

Initiatives

6

Organizational Continuity and

Resiliency Program

Organizational

Change

Disruption

Preparedness

Establishing a robust risk

management strategy

7

Organizational Continuity & Resiliency Program

Developing clear incident

response protocols

Developing, implementing,

and testing comprehensive

business continuity and

resilience plans

This program is being developed to create a Port-wide “system” of

standards, policies and practices around continuity and resilience

preparation in the event of a disruption.

Sharing Experiences

9 Conferences-11 Industry Groups-9 Peers.

8

Questions?

9