- Hacktivists attacked Canadian ICS, disrupting water, oil and agricultural infrastructure
- ICS vulnerabilities stem from unclear roles and poor asset protection
- Canada urges VPN, 2FA and threat detection to protect ICS environments
The Canadian government has issued a new security alert warning of so-called hacktivists targeting Industrial Control Systems (ICS).
The report says the Cyber Center and the Royal Canadian Mounted Police have received “multiple reports” of incidents involving Internet-accessible ICS.
Among the reports was an attack on a water facility, in which criminals tampered with water pressure valves and degraded service to the community.
How to insure assets
The report also mentions a Canadian oil and gas company, where an automated tank gauge (ATG) was manipulated to trigger false alarms.
Finally, there was an attack on a grain drying silo on a Canadian farm, where the attackers changed the temperature and humidity levels. Fortunately, the attack was detected in time; Otherwise, it could have resulted in “potentially unsafe conditions.”
ICS are computer systems used to monitor and control industrial processes and critical infrastructure, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and programmable logic controllers (PLC).
By gaining access, cybercriminals can disrupt power grids, water supplies, manufacturing lines or transportation networks, causing widespread damage and security risks. For hacktivists, exploiting ICS is a way to gain media attention, discredit organizations and “undermine Canada’s reputation,” the report further states.
The problem with ICS systems is an “unclear division of roles and responsibilities,” the Canadian government highlighted in the report, saying they often create gaps that leave critical systems unprotected.
To address the problem, companies operating ICS systems need “effective communication and collaboration.”
That communication involves proper inventory, documentation and protection of Internet-connected assets, as well as ensuring that managed services are “deployed securely, maintained throughout their lifecycle, and based on clearly defined requirements.”
It also means that businesses must implement virtual private networks (VPN), two-factor authentication (2FA), and a robust active threat detection system.
Regular penetration testing and ongoing vulnerability management are also recommended.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
