The Port of Halifax, located in Canada, has experienced a denial of service cyberattack, which has led to the shutdown of its public website. The internal data and port operations were not compromised during the attack, and investigations are being carried out by port authorities in Montreal and Quebec as they experience similar issues with their websites.
Halifax Port Authority spokesperson, Lane Farguson, reported the issue on Wednesday morning, stating that the IT department was working to resolve the ongoing denial of service attack.
Although the external websites were unavailable, traffic continued to move through the Port of Halifax, and port operations were not affected.
Denial of service attacks can crash a website by flooding it with traffic. The Port of Montreal also experienced an outage on the same day as the Port of Halifax. However, their security team confirmed that port operations were unaffected, and there was no risk of any data breach. The Port of Quebec website is also offline, and the IT team is currently investigating whether it was caused by a cyberattack. However, the port operations were not affected, and the Quebec Port Authority has assured suppliers that they can contact the port through alternative means such as telephone calls.
Brian Dunphy, VP Product Management at industrial cybersecurity provider Claroty, shared what these attacks could mean for the larger supply chain. He also adds perspective as to why critical infrastructure systems, like shipping ports, are increasingly being targeted by cyber criminals.
"Affecting the operations and availability of critical infrastructure services has become a popular method to ensure that threat actors’ achieve the attention or demands they seek as quickly as possible. Cyberattacks on critical infrastructure can cause not just local impact, but can easily ripple to impact the global economy as well as social impacts – making it vital that organizations improve their cyber resilience to protect their ability to perform their operational mission.
It is a positive sign that the operational mission of the Port of Halifax has been maintained even with the shutdown of its external websites. As operational technology (OT) and IT environments continue to converge, attacks on IT systems have increasing potential to “spill over” into OT, which poses a greater risk to uptime and availability of critical processes. Based on initial reports, it appears that this specific attack has been contained.
Regardless of the direct impact of this incident, we are seeing increased attention and focus by threat actors to attempt to disrupt critical operations. To thwart these attempts, it is important for critical infrastructure organizations to increase their focus on implementing protective measures now. CISA’s Cybersecurity Performance Goals (CPGs) provide organizations with a good place to start. As described in the CPGs, organizations need to focus on implementing strong two-factor remote access; gaining visibility into all connected OT assets to enable security teams to patch critical vulnerabilities and close security gaps. In addition, granular network segmentation enforcement between IT and OT assets, combined with granular segmentation between groups of OT assets, should be implemented to limit the movement of threat actors and malware laterally to minimize the impact of any breaches." ###