Websites for a handful of U.S. airports, including those in Atlanta, Chicago, New York and Los Angeles, were taken offline during a cyberattack Monday, although officials said there was no effect on flight operations.
After initially referring inquiries to individual airports, TSA released a statement Tuesday night emphasizing that the cyberattack did not disrupt airport operations, and while hackers were able to knock the websites offline, they did not gain access to airports’ systems.
"We will continue working with partners across government and the private sector to ensure that necessary cybersecurity measures are in place to address these types of threats,” the agency said.
The attacks were carried out by a group of pro-Russian hackers known as Killnet, according to John Hultquist, vice president for intelligence at Mandiant, an American cybersecurity firm. Killnet called for coordinated denial-of-service attacks on cyber targets from a list it posted on its Telegram channel — a list that included several major U.S. airports. Denial-of-service attacks occur when a target is flooded with traffic until it can’t respond or crashes.
Though highly visible, Hultquist characterized such attacks more as a “public nuisance” than serious security threats because they don’t target major internal systems that could affect an airport’s operations. Still, when they do take place, he said, they are effective in drawing public attention.
The Cybersecurity and Infrastructure Security Agency, which is charged with understanding, managing and reducing risks to the nation’s cyber and physical infrastructure, said it was looking into the incident.
“CISA is aware of reports of DDoS [Distributed denial of service] attacks targeting multiple U.S. airport websites," the agency said in a statement. "We are coordinating with potentially impacted entities and offering assistance as needed.”
The Port Authority of New York/New Jersey said LaGuardia Airport’s website experienced a denial of service incident about 3 a.m. Monday that resulted in intermittent delays for those who tried to access the site.
“The Port Authority’s cybersecurity defense system did its job by detecting the incident quickly, addressing the problem in 15 minutes, and enabling us to alert others by notifying federal authorities immediately,” the agency said in a statement, adding that there was no effect to any Port Authority facilities.
At Denver International Airport, the attack began around 11 a.m., officials said.
Los Angeles International Airport managers said in a statement the airport’s website was partially disrupted, limited to portions of the public-facing site. They said the airport’s information technology team restored all services and is investigating the cause.
“No internal airport systems were compromised and there were no operational disruptions,” the statement said.
This story was updated Wednesday morning with response from the TSA.
Transportation, commuting and the pandemic
Transit violence: Metro, friends mourn worker hailed as hero amid calls for more police