Recent warnings from Canadian cybersecurity officials indicate a rising trend of hacktivists targeting critical infrastructure across the nation. The Canadian Centre for Cyber Security issued an alert on October 29, highlighting a series of attacks focused on internet-accessible industrial control systems (ICS).
While the report does not tie these incidents to any specific group, there is a notable pattern of Russia-affiliated hacktivists engaging in such activities over the past year. This trend has been especially pronounced since the emergence of Z-Pentest in the fall of 2024. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has echoed these concerns, detailing similar threats to ICS controls.
Recent ICS Attacks in Canada
In one disturbing incident, hacktivists targeted a water facility, manipulating water pressure values that ultimately resulted in insufficient service for local residents. This kind of manipulation raises alarms about safety and reliability in crucial public services.
Another notable attack occurred at a Canadian oil and gas company, where an Automated Tank Gauge (ATG) was compromised to trigger false alarms. Such disruptions could have serious implications, especially in industries where precise measurements are critical.
A third incident involved a farm’s grain drying silo, where temperature and humidity levels were altered. This tampering could lead to hazardous conditions if not addressed swiftly, posing risks not only to the harvest but also to food safety.
The Cyber Centre’s alert emphasized that individual organizations might not always be direct targets. Instead, they can become unintended victims as hacktivists increasingly exploit online ICS devices. This strategy can generate media attention, damage reputations, and undermine public trust in Canadian institutions.
Several components of ICS are particularly vulnerable, including Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), Human-Machine Interfaces (HMIs), Supervisory Control and Data Acquisition (SCADA) systems, Safety Instrumented Systems (SIS), Building Management Systems (BMS), and Industrial Internet of Things (IIoT) devices. The Cyber Centre pointed out that unclear divisions of roles and responsibilities often result in gaps in system protection.
Strengthening ICS Security Measures
The Cyber Centre advocates for collaboration among provincial and territorial governments, municipalities, and organizations to ensure comprehensive inventories of services are documented and adequately protected. This is particularly vital in sectors where regulatory oversight may not extend to cybersecurity, such as Water, Food, and Manufacturing.
Municipalities and relevant organizations are encouraged to engage with their service providers to ensure that managed services are not only securely implemented but also correctly maintained with well-defined security requirements. Adhering to vendor recommendations and guidelines for protecting devices and services is crucial.
Organizations should carry out a thorough assessment of all internet-exposed ICS devices and determine their necessity. Where feasible, implementing alternative solutions like Virtual Private Networks (VPNs) with two-factor authentication can reduce direct exposure to the internet. In cases where these measures are impractical, organizations should adopt enhanced monitoring capabilities and practices, including active threat detection tools like Intrusion Prevention Systems (IPS), regular penetration testing, and ongoing vulnerability management.
Furthermore, it is essential for organizations to regularly conduct tabletop exercises. These sessions evaluate response capabilities and clarify roles and responsibilities when a cyber incident occurs. Such preparedness can make a substantial difference in an organization’s ability to respond effectively to cyber threats.
In an increasingly digital world, the importance of robust cybersecurity practices in protecting critical infrastructure cannot be overstated. By taking proactive measures and fostering cooperation, organizations can enhance their resilience against the ever-evolving landscape of cyber threats.
