Agenda Item: 11a_supp
Meeting Date: September 9, 2025

Port of Seattle Cyber Attack -
Post Event One Year Review
1

Overview of Cyber Attack Event

Rhysida Ransomware used
to attack the Port.

July to August 23

August 24

•

•
•
•

Evidence of unauthorized
activity was identified on
an employee's laptop

Data exfiltration
System encryption
Port of Seattle network
lock down & isolation

2

What Was Impacted
Unavailable Services at SEA & Maritime Facilities
Traveler-facing systems:
• Wi-Fi
• Phones (non-cell)
• FIDS and BIDS
• Website and mobile app
• Ground transportation systems
• Checkpoint wait times
• Common-use ticket counters
• ...and more
Life Safety & Security
• Alarms
• Fire watch
• Some camera systems
• Door Fobs
3

4

Recovery Improvements
• Strengthened Security
Controls
• Enhanced Hardware &
Software
• Automated Incident
Detection & Response

5

Organizational Continuity and
Resiliency Program

Technical
Initiatives

Disruption
Preparedness

Organizational
Change

6

Organizational Continuity & Resiliency Program
This program is being developed to create a Port-wide "system" of
standards, policies and practices around continuity and resilience
preparation in the event of a disruption.

Establishing a robust risk
management strategy

Developing clear incident
response protocols

Developing, implementing,
and testing comprehensive
business continuity and
resilience plans
7

Sharing Experiences
9 Conferences-11 Industry Groups-9 Peers.

8

Questions?
9