A recent cyberattack on Seattle-Tacoma International Airport (SEA) resulted in a $6 million ransom demand in bitcoin from a group believed to be linked to Russia, officials revealed on Wednesday Sept. 18, 2024.

The attack – which began Aug. 24 – disrupted airport operations for over three weeks, forcing manual operations in areas such as flight check-in, baggage handling, and gate information displays.

During a Senate Commerce, Science, and Transportation Committee hearing, chaired by U.S. Sen. Maria Cantwell (D-WA), the scale of the damage to SEA and the threat posed by cyberattacks on airports was a key topic. Cantwell emphasized the impact such attacks have on passengers, describing how SEA staff resorted to handwritten boarding passes and makeshift signage to guide travelers through the terminal.

“The display boards were down for a week. I personally ran through the airport trying to catch a flight, not sure if I was going to the right gate. I had something on my device, but since all the boards were dark, I had no idea if I was going to get to my gate, or if that was really going to be the gate,” Sen. Cantwell said. “Employees had paper signs directing passengers on where to get to a gate. Check-in kiosks were down, too, forcing passengers to wait in line for paper tickets. Other passengers endured long waits at baggage claim as airport staff manually sorted through the checked bags in the terminal. The airport’s internal email systems and website went down, and the attack group, which is believed to be a Russian organization, is now threatening to release personal data from airport employees unless the airport pays $6 million worth of bitcoin ransom. While most systems are now back online, three weeks later, the airport’s website and some internal human resources functions remain down even today.”

The hackers behind the attack (“Rhysida”) have threatened to release sensitive personal information of airport employees unless the $6 million ransom is paid via untraceable bitcoin. While the majority of systems are back online, SEA’s website and some internal functions remain compromised.

“Every time we witness these technology failures, consumers are the ones left holding the bag,” Cantwell said. “The display boards were down for a week, and airport systems remain partially offline today.”

Lance Lyttle, aviation managing director at SEA, told the Senate panel that the airport had faced cyber threats before, successfully thwarting phishing and denial-of-service attacks. However, this ransomware attack managed to penetrate several critical systems before being detected.

“We are focusing on recovery right now, and once that is complete, we will conduct an after-action report to determine exactly what happened,” Lyttle said. “We intend to share those findings industrywide and with the committee.”

Cantwell has long advocated for stronger cybersecurity measures in the aviation sector, and the FAA Reauthorization Act of 2024, which she spearheaded, mandates that the FAA establish a cybersecurity threat management process. This process aims to better track, evaluate, and defend against future cyberattacks on airports and airlines.

SEA’s recent breach is part of a growing pattern of cyberattacks on critical infrastructure. Similar incidents have affected airports like San Francisco International and airlines, with hackers reportedly targeting flight controls and in-flight systems.

Cantwell concluded the hearing by highlighting the need for immediate action, not just from Congress but from the aviation industry as a whole, to protect air travel from future disruptions.

Video

Below is video of Sen. Cantwell’s opening remarks at the hearing:

YouTube player