The Canadian Centre for Cyber Security (Cyber Centre) is warning Canadian organizations to defend their operational technology (OT) and industrial control systems (ICS) from malicious cyber actors.
The Cyber Centre is aware of ongoing attempts by non-state malicious cyber actors to discover and compromise poorly secured, internet-connected OT and ICS that provide critical services to Canadians. The motivations of malicious actors vary, including geopolitical reasons, financial gain, notoriety or a combination.
Once they have compromised a system, these actors attempt to change device configurations and manipulate system settings. This can affect physical processes such as changing pressurization or disabling alarms and safety controls.
This activity demonstrates reckless intent and complete disregard for real-world harm with the potential to impact the health and safety of Canadians. The Cyber Centre calls on all Canadian organizations who operate OT and ICS to protect their systems.
Recent guidance from the United States’ Cybersecurity and Infrastructure Security Agency (CISA) addresses cyber threats to OT systems. The Cyber Centre strongly recommends critical infrastructure providers take the recommended steps to defend their OT assets:
- Remove OT connections to the internet
- Change default passwords immediately
- Secure remote access to OT networks
- Segment IT and OT networks
- Practice and maintain the ability to operate OT systems manually
Read the full factsheet: Primary Mitigations to Reduce Cyber Threats to Operational Technology.
We encourage any Canadian organizations who believe they may have been targeted by cyber threat activity to contact the Cyber Centre by email at contact@cyber.gc.ca or by phone 1-833-CYBER-88.
For more information, consult the following Cyber Centre guidance: Security considerations for critical infrastructure (ITSAP.10.100) and Cyber Security Readiness.