Cyber Incident Victim: Port of Halifax
Date:
Apr 2023
Location:
Canada
Summary
The Port of Halifax was targeted by a denial of service cyberattack that rendered its public website unavailable. The attack did not compromise internal data or interrupt port operations, with traffic continuing to move normally. Similar issues were simultaneously investigated by the port authorities in Montreal and Quebec, whose websites were also affected. The IT department worked to resolve the incident, and most of the Halifax website was restored shortly thereafter.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 12, 2023, the Port of Halifax identified a significant disruption affecting its public-facing website. The issue was first noticed on the morning of Wednesday, April 11th, prompting an immediate investigation by the port's information technology department. The investigation determined the cause to be a deliberate denial of service cyberattack. This type of attack functions by flooding a target website with an overwhelming volume of traffic, which subsequently triggers a crash and renders the site unavailable to legitimate users. The primary impact of this incident was the complete unavailability of the Port of Halifax's external websites, which served as a public information portal.
Concurrently, similar issues were being experienced by other major Canadian port authorities. The website for the Port of Montreal also went offline at approximately 7:00 a.m. on Wednesday, April 11th. The Port of Quebec's website was similarly inaccessible at this time. Each port authority initiated its own independent investigation to determine the cause of the outages. For the Port of Montreal, its security team quickly assessed the situation and determined that port operations were entirely unaffected by the website outage. They also concluded there was no risk of a data breach stemming from this incident, indicating the attack was focused solely on disrupting public access to the website and not on penetrating internal networks to access or exfiltrate data.
The Port of Halifax confirmed an identical assessment regarding the scope and impact of the incident. According to spokesperson Lane Farguson, the port's internal systems continued to operate normally throughout the duration of the attack. Critically, all port operations were completely unaffected; maritime traffic continued to move through the Port of Halifax without any interruption or delay. The attack was contained exclusively to the public website and did not compromise any internal data or operational technology systems. This isolation of the attack to the public-facing web presence significantly limited the overall operational consequences of the event.
The response from the Port of Halifax involved its IT department working to resolve the issue and restore website functionality. By Thursday, April 12th, most of the Port of Halifax's website had been restored and was back online, as confirmed by the spokesperson on Friday, April 13th. The Port of Montreal's response involved tasking an IT technician with the specific objective of getting the web page back online. Communications head Renée Larouche stated that the port was not in a crisis mode, further underscoring the limited impact of the incident. To maintain business continuity, the Port of Montreal provided alternative methods for suppliers to make contact, such as via telephone, which did not require access to the dysfunctional website.
The Port of Quebec Authority provided a statement on Wednesday indicating that its IT team was still investigating the root cause of its website outage and had not yet confirmed whether it was the result of a cyberattack. Despite the ongoing investigation, the Port of Quebec also confirmed that its port operations had not been affected in any way. The simultaneous nature of these disruptions across multiple major ports suggests a coordinated effort, though no entity publicly claimed responsibility for the attacks and the specific attribution remained unclear from the available information.
In the aftermath, the Port of Halifax spokesperson commented on the organization's broader approach to cybersecurity. He stated that the port is constantly evaluating its operations and looking at industry best practices. The goal is to make improvements not just as required but proactively, ahead of any formal requirements. This statement indicates a view of the incident as a learning opportunity and a part of the ongoing challenge of maintaining cybersecurity resilience. The primary consequence for all involved ports was a temporary loss of public web presence and the minor inconvenience of directing stakeholders to alternative communication channels for a brief period. The core functions of receiving and processing maritime cargo continued without any disruption, indicating a successful containment of the incident's effects.