Canada Warns of Cyberattacks Targeting Industrial Control Systems

Canadian authorities have issued a national alert after threat actors successfully breached multiple internet-connected industrial control systems (ICS) used to manage critical infrastructure, including water treatment, energy, and agricultural facilities. 

The incidents mark an escalating wave of cyberattacks that threaten the stability of essential public services.

The Canadian government’s alert on the attacks stated “… hacktivists are increasingly exploiting internet-accessible ICS devices to gain media attention, discredit organizations, and undermine Canada’s reputation.”

Hackers Tamper with Canada’s Critical Systems

Attackers manipulated internet-connected programmable logic controllers (PLCs) and automated systems within Canadian municipal water facilities, causing changes to water pressure that temporarily degraded community services. 

In another case, a major Canadian oil and gas company suffered false alarms when its Automated Tank Gauge (ATG) system was tampered with. 

A third incident targeted a grain drying silo, where hackers altered temperature and humidity readings, potentially endangering stored agricultural goods.

These attacks demonstrate how easily threat actors can exploit internet-connected ICS components, devices, and systems. 

The incidents underscore the need for stronger coordination between local governments, service providers, and private operators to protect vital systems that were never designed for exposure to the public internet.

Direct Exposure Creates Systemic Risk

The compromised systems shared a common weakness: direct internet accessibility without sufficient segmentation or access control. 

ICS devices — including PLCs, Remote Terminal Units (RTUs), Human-Machine Interfaces (HMIs), and Supervisory Control and Data Acquisition (SCADA) systems — are accessible online, often with weak or default credentials. 

Once attackers gain access, they can manipulate sensor values, trigger false alarms, or modify operating parameters in real time.

Canadian authorities believe hacktivist groups, rather than state-sponsored actors, are behind these intrusions. 

Unlike targeted espionage campaigns, these operations appear to seek visibility and disruption rather than long-term infiltration. 

However, the interconnected nature of modern enterprise IT and ICS infrastructures means that even limited tampering can have cascading effects, potentially impacting thousands of people and multiple industries simultaneously.

Defend What Matters Most

Strong fundamentals remain the best defense against ICS-related attacks. Common security controls include the  following:

• Inventory and segment systems: Map all internet-facing ICS assets, disconnect unnecessary links, and isolate OT networks from IT and public systems.
• Adopt zero-trust: Apply least privilege, continuous authentication, and strict identity verification across users and devices.
• Secure remote access: Use VPNs with MFA and restrict RDP/SSH access to trusted IPs only.
• Enhance detection: Deploy IPS and EDR tools to spot abnormal behavior and misuse of legitimate utilities.
• Manage vulnerabilities continuously: Patch, test, and audit regularly to maintain consistent protection.
• Test incident readiness: Run tabletop exercises to test incident response (IR) plans for effectiveness.

While no single control can prevent any breach, consistent application of measures like these can help reduce risk and build cyber resilience across environments. 

The Next Front Line: Public Safety

These incidents highlight a growing concern of critical infrastructure being plugged into the internet. 

While ransomware and data theft often dominate cyber risk discussions, attacks on critical infrastructure — such as water treatment controls or energy management devices — carry far-reaching public safety implications.

As geopolitical tensions and activist movements evolve, poorly secured infrastructure has become a high-profile target for hacktivists and state-sponsored threat actors.

As these incidents show, defending critical infrastructure now depends on a zero-trust approach — one that eliminates implicit trust and verifies every connection, user, and device.