Canadian cybersecurity officials are warning that hacktivists are increasingly targeting critical infrastructure in the country.
In an October 29 alert, the Canadian Centre for Cyber Security described three recent attacks on internet-accessible industrial control systems (ICS).
The alert doesn’t attribute the ICS attacks to any particular group, but Russia-linked hacktivists have been the dominant groups tampering with ICS controls in the last year, particularly since the emergence of Z-Pentest in late summer 2024.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also warned about hackers tampering with ICS controls.
Canadian ICS Attacks Target Water, Energy, Agriculture
One of the ICS hacktivist incidents targeted a water facility, where hacktivists tampered with water pressure values, “resulting in degraded service for its community.”
Another involved a Canadian oil and gas company, where an Automated Tank Gauge (ATG) was tampered with to trigger false alarms.
A third incident targeted a grain drying silo on a Canadian farm, where temperature and humidity levels were tampered with, “resulting in potentially unsafe conditions if not caught on time,” the alert said.
“While individual organizations may not be direct targets of adversaries, they may become victims of opportunity as hacktivists are increasingly exploiting internet-accessible ICS devices to gain media attention, discredit organizations, and undermine Canada’s reputation,” the Cyber Centre alert said.
Exposed ICS components that could be targeted include Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), Human-Machine Interfaces (HMIs), Supervisory Control and Data Acquisition (SCADA) systems, Safety Instrumented Systems (SIS), Building Management Systems (BMS), and Industrial Internet of Things (IIoT) devices, the alert said.
“Unclear division of roles and responsibilities often creates gaps leaving critical systems unprotected,” Cyber Centre said. “Effective communication and collaboration are essential to ensuring safety and security.”
Recommended ICS Security Protections
Cyber Centre said provincial and territorial governments should coordinate with municipalities and organizations within their jurisdiction “to ensure all services are properly inventoried, documented, and protected. This is especially true for sectors where regulatory oversight does not cover cyber security, such as Water, Food, or Manufacturing.”
Municipalities and organizations in turn should work with their service providers to make sure that managed services are implemented securely and maintained properly, with clearly defined requirements. Devices and services should be properly secured based on vendor recommendations and guidelines.
The alert said organizations should conduct a comprehensive inventory of all internet-exposed ICS devices and “assess their necessity.”
“Where possible, alternative solutions—such as Virtual Private Networks (VPNs) with two-factor authentication—should be implemented to avoid direct exposure to the internet,” the alert said. If that isn’t possible, enhanced monitoring and practices should be used, including active threat detection tools such as Intrusion Prevention Systems (IPS), routine penetration testing, and continuous vulnerability management.
Organizations should also regularly conduct tabletop exercises to evaluate their response capabilities and to define roles and responsibilities in the event of a cyber incident.
