- Hacktivists targeted Canadian ICS, disrupting water, oil, and agricultural infrastructure
- ICS vulnerabilities stem from unclear roles and poor asset protection
- Canada urges VPNs, 2FA, and threat detection to secure ICS environments
The Canadian government has issued a new security alert warning of so-called hacktivists targeting Industrial Control Systems (ICS).
The report says the Cyber Centre and the Royal Canadian Mounted Police has received “multiple reports” of incidents involving internet-accessible ICS.
Among the reports were an attack on a water facility, in which the miscreants tampered with water pressure valves and degraded the service for the community.
How to secure the assets
The report also mentions a Canadian oil and gas company, in which an Automated Tank Gauge (ATG) was manipulated into triggering false alarms.
Finally, there was an attack on a grain drying silo in a Canadian farm, where the attackers changed temperature and humidity levels. Luckily, the attack was caught on time, otherwise it could have resulted in “potentially unsafe conditions.”
ICS are computer-based systems used to monitor and control industrial processes and critical infrastructure, including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and Programmable Logic Controllers (PLC).
By gaining access, cybercriminals can disrupt power grids, water supplies, manufacturing lines, or transportation networks, causing widespread damage and safety risks. For hacktivists, exploiting ICS is a way to gain media attention, discredit organizations, and “undermine Canada’s reputation,” the report further stated.
The problem with ICS systems is in “unclear division of roles and responsibilities,” the Canadian government stressed in the report, saying they often create gaps which leave critical systems unprotected.
To tackle the problem, businesses operating ICS systems need “effective communication and collaboration.”
That communication implies proper inventory, documentation, and protection of internet-connected assets, as well as making sure managed services are “implemented securely, maintained throughout their lifecycle and based on clearly defined requirements.”
It also means businesses should implement Virtual Private Networks (VPNs), two-factor authentication (2FA), and a strong active threat detection system.
Regular penetration testing and continuous vulnerability management are also advised.
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.