Creating Operational Resilience: Engineering during a Cyberattack

Ransomware cyberattacks are unfortunately a functional concern today for all groups that manage data. The Port of Seattle weathered an attack in August 2024 that required the shut-down of all information systems to block the unauthorized access and protect data. Declining to pay the ransom, the Port undertook the total rebuilding of its systems and access, a process that took several months. 

The necessary shutdown affected many core functions of the Port’s engineering team, including 1) routine facility operational support, 2) construction project support, 3) project development, and 4) incident response. The risk and impacts of cyberattack or system loss on the implementation of these critical engineering functions can be substantial, but can also be mitigated. 

Through its emergency preparedness, the Port had several measures in place to continue operations after an event that results in system loss. The effectiveness of these measures and preparations is reviewed, including specific examples and recommendations to mitigate the risk to the four types of engineering team functions. After the initial event, creative and adaptive processes were developed to continue operations, despite lack of system access for extended durations. Coordination between internal departments, external engineering and construction industry partners, and software vendors aided in bridging functionality until system restoration, significantly limiting long-term operational and capital investment impacts. 

Development of processes and tools to maintain engineering functions through system outages can be useful in a variety of circumstances. The lessons learned at the Port of Seattle can help strengthen other engineering teams’ preparedness.