Several Canadian ICS Systems Breached

Executive Summary

Several of Canada’s Information Control Systems (ICS) have been targeted and breached by hacktivist groups. These attacks can degrade affected systems and create problems for operating systems within critical infrastructures. Mitigation involves  limiting  internet exposure, strengthening network configurations, and implementing continuous system monitoring. Increasing overall security resilience reduces the likelihood and impact of future attacks on Canada’s key systems.

Background

Canada has recently reported several attacks on ICS with hacktivists tampering with critical systems including  water, energy and agricultural facilities. The hacktivists were able to gain access to these systems through ICS devices connected to the internet [1]. This shows how risky it is for key manufacturers to leave ICS systems exposed to the internet. With devices being constantly connected to the internet, attackers can gain access to these systems at any time once breached.

Several reports have confirmed that hacktivists manipulated critical systems by tampering with water valves. This caused  temporary shutdowns, the triggering of false alarms for oil and gas systems, and interfering with automation of agricultural growth by increasing temperatures [2]. Attackers will use any opportunity to exploit weaknesses in systems to cause damage or manipulate companies for their own gain.

Impact

The threat revolved around unauthorized manipulation of key ICS systems and components by controlling environmental controls and automated gauges for businesses like oil and energy producers. This creates an unsafe working environment, causes system degradation, and decreases public trust in essential infrastructures [4]. Targeting poorly protected systems increases risks, as more systems get breached. This makes regaining control of affected systems more difficult due to the scale of attack and number of breaches.

The Canadian Centre for Cyber Security (CCCS) issued an advisory that hacktivists have breached several industrial complexes using ICS devices connected to the internet [3]. These breaches manipulated human-machine interfaces, programmable logic controllers and remote terminals to gain access to more critical systems. In response,  the Canadian government is asking for companies’ security teams to isolate these devices from important systems. This shows how serious the problem has become and calls for organizations to start seriously considering defensive planning, implementation and mitigation for key systems.

Mitigation

The CCCS released an alert to raise awareness of these threats and to help businesses mitigate risks and increase their security measures. The alert called, AL25-016, recommends inventory of internet accessible ICS devices to ensure all devices are accounted for and get the appropriate security changes, conduct regular tabletop exercises to allow teams and roles to improve their response capabilities in a controlled environment, and implement VPNs with multifactor authentication to make accessing the internet more secure [2]. These techniques can help reduce the area of attack, block unauthorized access, and increase overall security for ICS systems while also decreasing the impact a breach has on the system.

Relevance

Canadian organizations should care about these incidents because critical infrastructures depend on secure ICS devices and systems to run their businesses effectively. The risk of a breach can lead to business disruptions and cause reputational damage if left unchecked. This can be avoided by using mitigation strategies such as system monitoring and removing internet access for ICS devices. This helps Canadian manufacturers operate their business, increase system resilience and maintain public trust that essential services are being provided.

References

[1] Abinaya. (2025, October 30). Canada warns of hackers breached ICS devices controlling water and energy facilities. Cybersecurity News. https://cybersecuritynews.com/canada-warns-attack-on-ics-devices/

[2] Government of Canada. (2025, October 29). AL25-016: Internet-accessible industrial control systems (ICS) abused by hacktivists. Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/al25-016-internet-accessible-industrial-control-systems-ics-abused-hacktivists\

[3] Jones, D. (2025, October 30). Canadian authorities warn of hacktivists targeting exposed ICS devices. Cybersecurity Dive. https://www.cybersecuritydive.com/news/canadian-warn-hacktivists-exposed-ics-devices/804244/

[4] Kovacs, E. (2025, October 30). Canada says hackers tampered with ICS at water facility, oil and gas firm. SecurityWeek. https://www.securityweek.com/canada-says-hackers-tampered-with-ics-at-water-facility-oil-and-gas-firm/

[5] Toulas, B. (2025, October 29). Canada says hacktivists breached water and energy facilities. BleepingComputer. https://www.bleepingcomputer.com/news/security/canada-says-hacktivists-breached-water-and-energy-facilities/