Cyber Incident Victim: Port of Montreal

On or around April 12, 2023, the websites for the port authorities in Halifax and Montreal were targeted by cyberattacks. The Port of Halifax first noticed problems with its public-facing website on the morning of Wednesday, April 12. A spokesperson for the Halifax Port Authority, Lane Farguson, confirmed the issues were due to an ongoing denial of service attack. This type of attack functions by flooding a target website with an overwhelming amount of traffic, which subsequently triggers a crash and renders the site unavailable to legitimate users. The primary impact of this incident was the sustained downtime of the Halifax port's external websites. Despite this public-facing disruption, the port's internal systems continued to operate normally. Port operations, including the movement of traffic through the facility, were not affected by the cyber incident. The authority's IT department worked to resolve the issue, and by Thursday, April 13, most of the Port of Halifax's website functionality had been restored.

Simultaneously, the Port of Montreal's website experienced an outage, going offline at 7 a.m. on Wednesday, April 12. A spokesperson for the port informed media that their security team had assessed the situation and confirmed that port operations remained unaffected. The investigation also concluded there was no risk of a data breach stemming from this event. Renée Larouche, the head of communications for the Port of Montreal, stated the organization was not in a crisis mode despite the website's inaccessibility. An IT technician was specifically tasked with the objective of getting the web page back online. To maintain business continuity, the port communicated to its suppliers that alternative methods of contact, such as telephone calls, were available and did not require the use of the compromised website.

A third port, the Port of Quebec, also experienced a website outage around the same time. The Quebec Port Authority publicly stated on Wednesday that its IT team was actively investigating the cause of the disruption. The investigation was focused on determining whether the outage was the result of a cyberattack, mirroring the incidents in Halifax and Montreal. Similar to the other two ports, authorities in Quebec confirmed that their port operations were completely unaffected by the website's downtime. The coordinated nature of these disruptions across multiple major Canadian port authorities indicated a broader campaign targeting their public online presence.

The immediate response from all three port authorities was consistent and focused on investigation and restoration. IT departments and security teams across the affected organizations were engaged in diagnosing the problem and implementing solutions to restore website availability. Public communications emphasized the isolated nature of the impact, consistently clarifying that core operational technology systems controlling cargo movement and logistics were separate from the affected public websites and remained fully functional. This distinction was crucial for maintaining confidence among shipping clients, partners, and the public that the flow of goods was continuing without interruption. The Port of Halifax spokesperson noted that the restoration process was ongoing even after most services had returned, indicating a sustained effort to ensure full recovery and stability.

The consequences of the incident were largely confined to the realm of public communication and accessibility. The main impact was the temporary loss of a public channel for information dissemination. Potential users of the port websites, including companies seeking schedule information or the general public looking for news, were unable to access these resources for a period of time. The ports mitigated this by relying on other communication channels, such as direct telephone contact, to ensure business interactions could continue. There was no evidence or indication from any of the port authorities that internal data was exfiltrated, compromised, or stolen during these attacks. The attacks did not penetrate internal networks or systems related to port operations, cargo handling, or security.

From a broader perspective, the incident highlighted the vulnerability of critical infrastructure entities to disruptive cyber campaigns, even those with limited operational impact. The denial of service attacks successfully achieved their apparent goal of causing temporary public-facing disruption and generating media attention. The ports’ responses demonstrated a pre-existing segmentation between their public internet presence and their critical operational infrastructure, which effectively contained the damage. In the aftermath, the Port of Halifax explicitly stated that cybersecurity is an area of constant review, with efforts focused on examining current practices, adhering to best practices, and seeking opportunities for improvement proactively rather than merely reactively. The incident served as a real-world test of their incident response protocols for public-facing digital assets.