The Canadian Centre for Cyber Security issued an alert warning chief information security officers (CISOs) and decision-makers about Internet-accessible ICS (industrial control systems) being targeted by hacktivists. The alert aims to raise awareness of this emerging cyber threat, outline potential impacts on critical systems, and offer detection and mitigation guidance. The Cyber Centre also offers direct assistance to organizations seeking further support on the alert’s findings.
In recent weeks, the Cyber Centre and the Royal Canadian Mounted Police have received multiple reports of incidents involving Internet-accessible ICS, according to the Wednesday alert. The RCMP supports the federal government’s strategy to ensure cyber resiliency for critical infrastructure. Combatting cybercrime requires a whole-of-society approach, one that depends on strong partnerships and coordinated efforts between law enforcement, government agencies, and public and private sectors.
“One incident affected a water facility, tampering with water pressure values and resulting in degraded service for its community,” according to the alert. “Another involved a Canadian oil and gas company, where an Automated Tank Gauge (ATG) was manipulated, triggering false alarms. A third one involved a grain drying silo on a Canadian farm, where temperature and humidity levels were manipulated, resulting in potentially unsafe conditions if not caught on time.”
It added that while individual organizations may not be direct targets of adversaries, they may become victims of opportunity as hacktivists are increasingly exploiting internet-accessible ICS devices to gain media attention, discredit organizations, and undermine Canada’s reputation.
Furthermore, exposed ICS components, including programmable logic controllers (PLCs), remote terminal units (RTUs), human-machine interfaces (HMIs), supervisory control and data acquisition (SCADA) systems, safety instrumented systems (SIS), building management systems (BMS), and industrial Internet of Things (IIoT) devices, pose significant risks to organizations, their clients, and the broader Canadian public.
The agency’s alert highlights that unclear roles and responsibilities can create gaps that leave critical systems exposed. It stresses the need for clear communication and collaboration to maintain safety and security.
Provincial and territorial governments are encouraged to coordinate with municipalities and organizations within their jurisdictions to ensure all services are properly inventoried, documented, and protected. This is especially true for sectors where regulatory oversight does not cover cybersecurity, such as water, food, or manufacturing. Municipalities and organizations should work closely with their service providers to ensure that managed services are implemented securely, maintained throughout their lifecycle, and based on clearly defined requirements.
Vendor recommendations and guidelines should be followed to secure devices and services from deployment through decommissioning.
Organizations are advised to conduct a comprehensive inventory of all internet-accessible ICS devices and assess their necessity. Where possible, alternative solutions, such as Virtual Private Networks (VPNs) with two-factor authentication, should be implemented to avoid direct exposure to the internet. If such alternatives are not feasible, enhanced monitoring practices should be adopted. This includes active threat detection measures such as Intrusion Prevention Systems (IPS), regular penetration testing, and continuous vulnerability management.
Furthermore, technical measures should be thoroughly tested for compatibility issues and to prevent service degradation.
Additionally, organizations should regularly conduct tabletop exercises to evaluate and improve their response capabilities and help define roles and responsibilities in the event of a cyber incident.
In September, the Canadian Cybersecurity Network outlined that as OT (operational technology) systems converge with IT, they have become one of the most attractive and dangerous targets for cyber criminals, hacktivists, and nation-states. The numbers tell the story. In 2024, 73% of reported cyber incidents impacted OT systems, up from 49% the year before.
