Canada flags urgent threat from nation-state and criminal groups to critical infrastructure

The Canadian government identified that its critical infrastructure is facing a growing threat from cybercriminals. Disruptions to these systems, caused by malicious cyber activity, can result in service outages, economic losses, and pose significant risks to public health and safety. As cyber threats against critical infrastructure become more frequent and complex, criminals are increasingly leveraging advanced tools, including ransomware-as-a-service (RaaS) and artificial intelligence (AI), to escalate their extortion tactics. 

“Malicious cyber activity targeting Canada’s critical infrastructure—like power, water, health, finance and transportation—are on the rise and are a real and urgent threat,” David McGuinty, Minister of National Defence, and Gary Anandasangaree, Minister of Public Safety, noted in a statement last week. “These malicious activities are conducted by both cyber threat actors with ties to nation states and non-state actors and can disrupt essential services Canadians rely on every day. Any disruption to critical infrastructure is not only a threat to public health and safety, but also a threat to public confidence, the environment, and the economy.”

They outlined that state-sponsored cyber actors can target Canada’s critical infrastructure, pre-positioning themselves to disrupt or destroy critical services in times of crisis or conflict. Cybercriminals and other non-state cyber actors continue to target critical infrastructure for financial gain, to support geopolitical or ideological interests, or for personal reasons, such as acts of revenge by disgruntled former employees or customers.

Identifying this as a call to be ready, McGuinty and Anandasangaree noted that too often, hostile hackers gain access to critical infrastructure through weaknesses that are preventable. “We urge all critical infrastructure operators in Canada, particularly municipalities and private enterprises, to be vigilant and take immediate action to strengthen their defences. Adopt best practices in cyber security, like the Cyber Centre’s Cyber Security Readiness Goals and secure-by-design principles. Report incidents promptly and work closely with government agencies to prevent and respond to threats.”

Highlighting that the government is working tirelessly to detect, respond to, and mitigate threats, McGuinty and Anandasangaree mentioned their commitment to transparency and collaboration, ensuring that Canadians and our critical infrastructure sectors have the information and support they need to stay secure. We will continue to work with domestic partners and industry to counter and mitigate cyber threats to Canada’s most essential systems.

“Protecting our critical infrastructure is essential for keeping Canadians safe and our economy strong,” they added. “We call on all sectors and citizens to remain alert and take action—together, we can defend against cyber threats and safeguard our nation’s future.”

Potential targets include OT (operational technology), which refers to computing systems that automate industrial processes and operations across various sectors. Additionally, internet-accessible ICS (industrial control systems), such as PLCs (programmable logic controllers, RTUs (remote terminal units), HMIs (human-machine interfaces), SCADA (supervisory control and data acquisition) systems, SIS (safety instrumented systems), BMS (building management systems), and IIoT (industrial Internet of Things) devices, are increasingly vulnerable. Supply chains also represent a critical target, as they consist of third-party services and products that support critical infrastructure.

As described in the 2025 National Cyber Security Strategy, the Canadian government will continue to work with domestic partners and industry, covering critical infrastructure owners and operators, to counter and mitigate cyber threats.

The Canadian Centre for Cyber Security, a part of the Communications Security Establishment Canada (CSE), recently issued an alert about hacktivists targeting Internet-accessible ICS in critical infrastructure sectors, such as water, food, energy, and utilities. The Cyber Centre also published a dedicated assessment of the cyber threat to Canada’s water systems, which includes guidance for water utility owners and operators to protect their systems.

The government has called upon critical infrastructure operators to take proactive steps to protect their systems and enhance resilience. Operators should begin by conducting an inventory of all ICS devices and removing unnecessary ICS and OT connections to the internet. For remote access, it is essential to use virtual private networks (VPNs), firewalls, and multi-factor authentication (MFA). Default passwords should be changed immediately to reduce vulnerabilities.

Enhanced monitoring of ICS and OT environments is critical to detect unusual activity, and it is important to ensure that logging is enabled and reviewed regularly. Operators should also develop and test an incident response plan tailored to OT environments. Conducting tabletop exercises and providing ongoing cybersecurity awareness training for employees are vital for fostering a prepared workforce.

Verifying manual controls and maintaining offline backups are essential safeguards in case of system failures or cyberattacks. To prevent lateral movement, IT and OT environments should be kept separate. Finally, security patches and updates should be applied promptly to address known vulnerabilities and secure systems.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.