Cyber Incident Victim: Port of Quebec

On April 12, 2023, the websites for multiple Canadian port authorities, including those in Halifax, Montreal, and Quebec, became unavailable due to a series of cyber incidents. The Port of Halifax was the first to publicly identify the cause of its outage, attributing it to a denial of service attack that began on Wednesday morning. This type of attack functions by flooding a target website with an overwhelming amount of traffic, which ultimately triggers a crash and renders the site inaccessible to legitimate users. A spokesperson for the Halifax Port Authority, Lane Farguson, confirmed that the attack had shut down their public-facing websites but emphasized that internal data systems were not compromised and, critically, port operations continued without any interruption. Traffic through the Port of Halifax continued to move normally despite the public-facing web presence being offline.

Simultaneously, the Port of Montreal's website also went offline at approximately 7 a.m. on the same Wednesday. A spokesperson for that port confirmed to Radio-Canada that their security team was investigating the incident. Similar to the situation in Halifax, the Port of Montreal stated that its port operations were completely unaffected by the website outage. The port authority also assessed that there was no risk of any data breach resulting from this event, indicating that the incident was isolated to the public website and did not penetrate deeper into their network infrastructure. Renée Larouche, the head of communications for the Port of Montreal, characterized the port as not being in a crisis mode, suggesting the incident was being treated as a manageable technical disruption rather than a major emergency.

The Port of Quebec also experienced a website outage on April 12th. The Quebec Port Authority publicly stated that its IT team was actively investigating the cause of the problem. At the time of their initial statement, the authority had not yet confirmed whether the website's inaccessibility was the result of a cyberattack, distinguishing its public position from the confirmed denial of service attack declared by Halifax. Despite the uncertainty surrounding the root cause, the Port of Quebec was consistent with the other ports in reporting that its core port operations had not been affected in any way. The continuity of physical operations across all three major ports indicated that the impact of these incidents was confined to the digital front-end services.

The immediate response from each port authority involved its internal IT departments working to diagnose the issues and restore service. In Halifax, the IT department worked throughout Wednesday to resolve the denial of service attack. Their efforts showed progress by the following day, Thursday, April 13th, when most of the Port of Halifax's website functionality was restored, as confirmed by the spokesperson on Friday, April 14th. The Port of Montreal assigned an IT technician with the specific task of getting its web page back online. The Port of Montreal's communications head also noted that alternative methods of contact, such as telephone calls, remained available for suppliers who needed to conduct business, mitigating the practical impact of the website being down.

Throughout the incident, all three port authorities maintained a consistent public message focusing on the lack of impact to their core operational technology and physical logistics. This was a key point of reassurance for stakeholders and the public, underscoring that the movement of cargo and ships was unimpeded. The Port of Halifax spokesperson reiterated that the organization is constantly evaluating its operations, including cybersecurity practices, to align with best practices and to seek improvements proactively rather than merely reactively. This statement reflects a continuous commitment to security posture enhancement, though it was not presented as a direct response to this specific attack.

The coordinated nature of the website outages across geographically dispersed but critical national infrastructure points suggested a potential broader campaign targeting the Canadian maritime sector's public image and access to information. However, no actor claimed responsibility for the attacks in the provided information, and the ports did not publicly speculate on attribution. The confirmed attack vector was a denial of service, a technique often used to cause disruption and attract attention rather than to steal data or cause physical damage. The primary consequence was the temporary loss of a public communication channel and a potential inconvenience for parties seeking information or looking to use web-based contact methods.

The incident concluded with the restoration of web services. The Port of Halifax had largely recovered within a day, and the other ports presumably followed a similar timeline given the nature of the disruptions and the responses employed. The event highlighted the resilience of the ports' operational technology networks, which were segregated from the affected public internet-facing websites, preventing the disruption from escalating into a more severe incident with tangible effects on supply chains or national trade. The response was handled internally by the respective IT teams of each port authority, with no indication of requiring external law enforcement or national cybersecurity agency intervention based on the available information.