Cyber security and emergency preparedness in Seattle, Washington

Seattle, Washington marked the final and perhaps most memorable stop on our U.S. cybersecurity study tour. Known for its rich tech landscape and scenic beauty, the city offered deep insight into the cooperation between public safety institutions, private companies, and academia in addressing cyber threats and emergency preparedness.

A Glimpse of Washington State’s Cyber Strategy

Washington State’s tech-forward reputation is well-earned, with companies like Microsoft and Starbucks rooted in the region. With nearly 8 million residents and major cities such as Seattle and Tacoma, the state faces constant challenges in securing its digital infrastructure. Oversight is led by the Washington State Office of Cybersecurity (OCS), which manages risk assessments, security evaluations for IT systems, and incident response capabilities through its Security Operations Center (SOC).

Smaller state agencies benefit from WaTech’s Information Security Program, which provides centralized services such as vulnerability management, compliance support, and risk-based planning. These efforts reflect the broader U.S. model where federal entities like CISA, FBI, and NIST support state and local cybersecurity frameworks.

King County Emergency Management Center: More Than a Crisis Hub

Our visit to the King County Emergency Management Center was particularly inspiring. This facility, which oversees disaster response for areas including Seattle, is designed to remain operational even in the worst-case scenarios like large-scale earthquakes. It has its own water and power supply, radio systems of all wavelengths, and off-road vehicles. A helicopter pad and secure communications systems ensure rapid coordination during crises.

Though not a cybersecurity-specific operations center, the facility includes election-related threat monitoring, misinformation countermeasures, and coordination with federal partners. The center focuses heavily on preventive action, such as simulations, drills, and table-top exercises run under the EMAC (Emergency Management Assistance Compact) program. Their training initiatives are publicly accessible, offering a valuable resource for multi-agency preparedness.

Microsoft Redmond: Cybercrime at a Global Scale

In Redmond, we visited Microsoft’s headquarters, home to over 50,000 employees on a sprawling, sustainably designed campus. Here, we met representatives from Microsoft’s Digital Crimes Unit (DCU), which plays a pivotal global role in fighting cybercrime.

The DCU is a cross-functional team of technical, legal, and strategic experts who work to take down botnets, disrupt malware operations, and tackle online child exploitation. Their work is made possible through collaboration with governments, law enforcement agencies, and civil courts. Assistant General Counsel Steven Masada highlighted recent efforts to dismantle AI-powered cybercrime operations, where generative models are abused to generate harmful content or bypass traditional defenses.

Microsoft’s unmatched access to global cyber infrastructure makes it a key ally in both criminal investigations and proactive cybersecurity defense.

https://www.microsoft.com/en-us/msrc/cdoc

https://msrc.microsoft.com/report

Everett Community College: Training the Next Generation

Focusing on operational technology (OT) security, our visit to Everett Community College showcased the importance of industry-aligned education. Hosting over 15,000 students annually, EvCC is a leader in practical cybersecurity education, with programs targeting industrial control systems and infrastructure protection.

Led by Dennis Skarr, a seasoned expert with military and industry experience, the cybersecurity faculty maintains strong partnerships with businesses. Students gain hands-on experience through real-world projects and have excellent job placement opportunities. The department also contributes to research initiatives and simulation models for OT protection.

https://www.everettcc.edu/programs/stem-health-prof/it-program/industrial-cybersecurity

K&L Gates: Where Cybersecurity Meets Law

Our final meeting took us to the law firm K&L Gates, where we were hosted by cybersecurity attorney Jake Bernstein. With a rare dual background in IT and law, Bernstein brought clarity to the fragmented nature of U.S. data protection law. While some federal regulations exist (e.g. for children’s data), most data breach claims are handled under state-level laws, making successful legal action complex and dependent on well-informed legal counsel.

One example discussed was a recent $3.25 million class-action settlement involving Progressive Casualty Insurance, after the data of 350,000 individuals was compromised due to poor security practices. Bernstein’s work often involves defending or advising companies in regulatory compliance and data breach litigation, and he frequently shares insights on the Cyber Risk Management Podcast.

https://www.classaction.org/news/3.25m-progressive-settlement-resolves-class-action-lawsuit-over-years-long-data-breach

https://www.klgates.com/Experience/subarea/83523?LangCode=en-US

Final Thoughts

Seattle served as a fitting conclusion to our journey—not just for its scenic allure but for the lessons it offered. Across our meetings with government agencies, corporations, and academic institutions, a consistent theme emerged: cybersecurity is no longer theoretical. It is embedded into emergency protocols, legal structures, and daily operations.

From incident simulations to public-private partnerships, Washington State exemplifies the integration of cyber readiness into broader societal resilience. As digital threats evolve, so too must our strategies—Seattle offers a model worth emulating.

Read the full article on our International subsidiary’s website by clicking on the image.