The Canadian Centre for Cyber Security (Cyber Centre) has issued a formal alert warning of a surge in cyber incidents where hacktivists have exploited internet-accessible industrial control systems (ICS) in recent weeks, impacting critical infrastructure across the country.
The Cyber Centre and the Royal Canadian Mounted Police (RCMP) have documented at least three separate incidents involving exposed ICS systems. These include tampering with water pressure at a municipal water facility, false alarm triggers at an oil and gas company due to Automated Tank Gauge (ATG) manipulation, and dangerous environmental alterations at a grain drying silo on a Canadian farm.
The alert stresses that these incidents were likely opportunistic rather than targeted, driven by hacktivist motivations to gain media attention, damage institutional credibility, and tarnish Canada’s international reputation. By exploiting publicly accessible ICS systems, threat actors are leveraging minimal effort to create maximum disruption in sectors not traditionally equipped with strong cyber defenses.
ICS components exposed to the internet, including Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), Supervisory Control and Data Acquisition (SCADA) systems, and Building Management Systems (BMS), are central to the operation of essential services.
The affected entities represent a cross-section of Canada’s critical infrastructure. The water facility incident reflects the vulnerability of municipal utilities, many of which operate with limited cybersecurity resources and oversight. The attack on the oil and gas company underscores the potential for supply chain disruptions in Canada’s energy sector, a cornerstone of the national economy. Meanwhile, the agricultural attack highlights the growing exposure of smart farming equipment, which increasingly relies on connected sensors for automated operation but often lacks adequate protection.
The Cyber Centre advises organizations to conduct a thorough inventory of internet-accessible ICS devices and evaluate whether public exposure is necessary. Where possible, systems should be isolated from the internet entirely or protected behind VPNs with two-factor authentication. For systems that must remain online, enhanced detection and response mechanisms, such as Intrusion Prevention Systems (IPS), regular vulnerability assessments, and continuous monitoring, should be deployed.
The Cyber Centre recommends adopting the Cyber Security Readiness Goals (CRGs) as a minimum baseline and urges regular tabletop exercises to test incident response capabilities. Municipalities and provincial governments are also being asked to proactively coordinate with local entities to identify and secure critical systems.
Organizations observing suspicious ICS activity are urged to report it through the My Cyber Portal or contact the Cyber Centre directly at contact@cyber.gc.ca. Incidents should also be reported to local law enforcement to support broader cybercrime investigations.
If you liked this article, be sure to follow us on X/Twitter and also LinkedIn for more exclusive content.
