National News
A woman uses her computer keyboard to type while surfing the internet in North Vancouver, B.C., on Wednesday, Dec. 19, 2012.
THE CANADIAN PRESS/Jonathan Hayward
Canada's Cyber Centre warns of hacktivists targeting water, energy systems
Published 12:28 PDT, Thu October 30, 2025
Last Updated: 2:45 PDT, Thu October 30, 2025
—
The Canadian Centre for Cyber Security warns that hackers with an activist agenda have been tampering with online systems that control water, energy and agricultural facilities.
An alert sent to information security officers says the Cyber Centre and the RCMP have received multiple reports in recent weeks of incidents involving internet-accessible information control systems.
The centre's alert says interference with water pressure at an unnamed facility affected service to a community.
In another incident, manipulation of an automated tank gauge triggered false alarms at a Canadian oil and gas company.
The alert says a third case involved changes to temperature and humidity levels in a grain drying silo on a Canadian farm, which created potentially unsafe conditions.
The centre is a division of the Communications Security Establishment, Canada's information technology security and signals intelligence agency. It says while individual organizations may not be direct targets, they can become "victims of opportunity" as hacktivists try to gain media attention, discredit organizations and undermine Canada's reputation.
An industrial control system is a form of operational technology that allows a critical service provider in a sector such as energy, water, health or finance to remotely monitor processes and control physical devices.
Operational technology systems connected to the internet or other networks and systems are "attractive targets" to threat actors focused on disrupting services, the centre said in a July notice.
The alert, issued on Wednesday, did not say who might be behind the recent meddling.
Paul Shaver specializes in operational technology security at Mandiant, part of Google Cloud. He said pro-Russia hacktivists have been known to actively target internet-connected systems, particularly those associated with critical infrastructure for water, energy and manufacturing.
"Their primary initial access method often involves opportunistically exploiting unpatched, publicly known vulnerabilities in internet-facing devices, weak security configurations, or the use of default credentials," Shaver said in a media statement.
"This focus on readily accessible flaws — effectively the lowest-hanging fruit — underscores a critical point: robust security hygiene measures are the most effective defence."
The Cyber Centre's alert says an unclear division of roles and responsibilities often creates gaps that leave critical systems unprotected. "Effective communication and collaboration are essential to ensuring safety and security."
It encourages provincial and territorial governments to co-ordinate with municipalities and organizations to ensure all services are properly listed, documented and protected.
The alert says this is especially important for sectors where regulatory oversight does not cover cybersecurity, such as water, food and manufacturing.
– Jim Bronskill, The Canadian Press
2 Hours of free financial consulting
Jai Xin Planning Ltd.
C$120.00 C$0.00
Use any of our home staging service and get a second month rental for free!
MiiX Interiors
C$500.00 C$0.00
Get 10% off any order
Phantom Screens Lower Mainland
C$200.00 C$180.00
