image: envato/GroundPicture
Hackers breached Canadian water, energy, and farm systems, prompting national warnings to secure industrial control networks.
Canadian authorities have issued a national alert after threat actors successfully breached multiple internet-connected industrial control systems (ICS) used to manage critical infrastructure, including water treatment, energy, and agricultural facilities.
The incidents mark an escalating wave of cyberattacks that threaten the stability of essential public services.
The Canadian government’s alert on the attacks stated, “… hacktivists are increasingly exploiting internet-accessible ICS devices to gain media attention, discredit organizations, and undermine Canada’s reputation.”
Attackers manipulated internet-connected programmable logic controllers (PLCs) and automated systems within Canadian municipal water facilities, resulting in changes to water pressure that temporarily disrupted community services.
In another case, a major Canadian oil and gas company suffered false alarms when its Automated Tank Gauge (ATG) system was tampered with.
A third incident targeted a grain drying silo, where hackers altered temperature and humidity readings, potentially compromising the safety of stored agricultural goods.
These attacks demonstrate how easily threat actors can exploit internet-connected ICS components, devices, and systems.
The incidents underscore the need for stronger coordination between local governments, service providers, and private operators to protect vital systems that were never designed for exposure to the public internet.
The compromised systems shared a common weakness: direct internet accessibility without sufficient segmentation or access control.
ICS devices — including PLCs, Remote Terminal Units (RTUs), Human-Machine Interfaces (HMIs), and Supervisory Control and Data Acquisition (SCADA) systems — are accessible online, often with weak or default credentials.
Once attackers gain access, they can manipulate sensor values, trigger false alarms, or modify operating parameters in real time.
Canadian authorities believe hacktivist groups, rather than state-sponsored actors, are behind these intrusions.
Unlike targeted espionage campaigns, these operations seek visibility and disruption rather than long-term infiltration.
However, the interconnected nature of modern enterprise IT and ICS infrastructures means that even limited tampering can have cascading effects, potentially impacting thousands of people and multiple industries simultaneously.
Strong fundamentals remain the best defense against ICS-related attacks. Common security controls include the following:
While no single control can prevent any breach, consistent application of measures like these can help reduce risk and build cyber resilience across environments.
These incidents highlight a growing concern about critical infrastructure being plugged into the internet.
While ransomware and data theft often dominate cyber risk discussions, attacks on critical infrastructure — such as water treatment controls or energy management devices — carry far-reaching public safety implications.
As geopolitical tensions and activist movements evolve, poorly secured infrastructure has become a high-profile target for hacktivists and state-sponsored threat actors.
Editor’s note: This article first appeared on our sister publication, eSecurityPlanet.com.
Ken Underhill is an award-winning cybersecurity professional, bestselling author, and seasoned IT professional. He holds a graduate degree in cybersecurity and information assurance from Western Governors University and brings years of hands-on experience to the field.
