Canadian authorities have issued an urgent national alert following multiple confirmed cyberattacks targeting Industrial Control Systems (ICS) that safeguard critical infrastructure across the country. According to the Canadian Centre for Cyber Security and the Royal Canadian Mounted Police (RCMP), threat actors have compromised systems within water treatment facilities, energy companies, and agricultural operations — raising serious concerns about the resilience of Canada’s essential services.

The scope of these incidents extends well beyond isolated cases. At water treatment plants, hackers reportedly manipulated programmable logic controllers and automated systems, altering pressure values and disrupting services for entire communities. In the energy sector, an oil and gas company was targeted through a compromised Automated Tank Gauge system, which triggered false alarms and operational confusion. Similarly, in the agricultural sector, attackers tampered with temperature and humidity readings in a grain drying silo — a breach that could have caused dangerous conditions had it not been detected promptly.

Authorities have observed a growing trend of hacktivist groups exploiting vulnerable ICS devices as easy targets. Unlike state-sponsored actors that pursue specific objectives, these hacktivists seek attention and disruption, undermining public confidence in Canada’s critical infrastructure. The interconnected nature of modern systems means that a single compromised device can have cascading effects, impacting thousands of citizens and businesses.

Exposed components such as Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), Human-Machine Interfaces (HMIs), Supervisory Control and Data Acquisition (SCADA) systems, and Building Management Systems (BMS) pose significant risks when accessible online. Officials warn that unclear roles and responsibilities among organizations, municipalities, and provincial governments further widen these security gaps, leaving essential services vulnerable to exploitation.

The Canadian Cyber Centre urges organizations to immediately inventory all internet-facing ICS devices and evaluate whether online access is necessary. Where possible, systems should be removed from public networks and protected through Virtual Private Networks (VPNs) with multi-factor authentication (MFA). For devices that must remain connected, enhanced monitoring using Intrusion Prevention Systems (IPS) and routine penetration testing are critical. Continuous vulnerability management across the entire device lifecycle is also strongly recommended.

Beyond technical defenses, organizations are encouraged to conduct regular tabletop exercises to assess their incident response readiness and clarify roles during cyber emergencies. Early reporting of any suspicious activity to both the Cyber Centre and local law enforcement enables faster mitigation and coordinated investigations. Authorities emphasize that cybersecurity for critical infrastructure is not solely a technical issue—it is a matter of national resilience and public safety.