The cyber centre said state-backed hackers have almost certainly already gained access to networks used to operate water infrastructure but are laying low
OTTAWA — Canada’s cyber defence agency says hackers are increasingly targeting Canadian water systems as it called on utility companies and municipalities to take the threat seriously or risk devastating consequences.
On Tuesday, the Canadian Centre for Cyber Security published a new assessment of the cyber threat to Canada’s water system that is unequivocal: the threats are growing, constantly evolving and come from both state and non-state cyber criminals.
Story continues below
In fact, the cyber centre said state-backed hackers have almost certainly already gained access to networks used to operate water infrastructure but are laying low to keep the breach undetected… for now.
“Cyber threats to water infrastructure are growing, evolving quickly, and can affect every community in Canada. You don’t need to be an engineer or a cyber security expert to understand why this matters,” warned cyber centre head Rajiv Gupta.
“Water systems now face a threat landscape they were never designed to withstand.”
Last month, the cyber centre reported that hackers had tampered with water pressure values of a municipality’s water facility which resulted in “degraded service” for the community.
The new report reveals that cyber criminals are not only targeting infrastructure and systems dedicated to potable water, but also those related to flood- and wastewater.
The main target for threat actors is the operational technology that allows utility companies or governments to monitor or control their water systems electronically, said cyber centre deputy head Bridget Walshe in an interview.
Story continues below
The Internet-connected control systems may be more convenient or cost-effective, she said, but they also lead to significant cyber risks that municipalities often aren’t prepared for.
“There are lots of things that an engineer needs to control right, for example, keeping the water pressure up or monitoring water levels. And today… many (systems) use computer technology to do that monitoring,” Walshe said.
“Anything that the engineer could do, like change the water pressure, if a cyber threat actor had the right access, they could do the same,” she added.
The importance of water-management systems makes them attractive targets for ransomware, which the cyber centre bills the “most significant cyber threat to the reliable supply of water in Canada”.
That’s because criminals suspect that breached organizations will pony up the ransom quickly to gain back access to their networks and ensure critical operations aren’t disrupted for long.
