Backgrounder: Malicious cyber activity targeting Canadian critical infrastructure
Summary
Canada’s critical infrastructure — energy, water, food, transport and health systems — is increasingly being targeted by malicious cyber activity. Attacks are growing more frequent and sophisticated, with cybercriminals using tactics such as ransomware-as-a-service and AI-enhanced tools to extort, disrupt or damage essential services. The Communications Security Establishment (CSE) and its Cyber Centre have issued guidance and alerts to help operators identify risks and improve resilience.
Key Points
- Critical infrastructure sectors at risk include energy, water, food, transportation and health systems.
- Targets often include operational technology (OT) and Internet-accessible industrial control systems (ICS) such as PLCs, RTUs, HMIs, SCADA and IIoT devices.
- Common attack methods: ransomware (including ransomware-as-a-service), denial-of-service (DoS), insider threats, supply chain compromises and exploitation of Internet-accessible ICS.
- Recommended technical mitigations: inventory ICS devices, remove unnecessary Internet connections, use VPNs/firewalls/MFA, change default passwords, monitor and log OT/ICS activity, separate IT and OT networks, and apply security patches promptly.
- Operational measures: test OT-specific incident response plans, conduct tabletop exercises, ensure offline backups and verify manual controls, and maintain regular staff cyber-security awareness training.
- Secure-by-design procurement: operators should prioritise technologies built with security in mind; manufacturers should embed security during design and development.
- Government support: the 2025 National Cyber Security Strategy commits continued cooperation between federal bodies, industry and CI operators; the Cyber Centre has issued alerts and sector-specific guidance (eg, water systems assessment).
- How to report incidents: use the Cyber Centre’s My Cyber Portal or contact contact@cyber.gc.ca, and report to local police or the RCMP cybercrime and fraud portal as appropriate.
Content summary
The backgrounder outlines the escalating cyber threat to Canada’s critical infrastructure, emphasising that disruptions can cause outages, economic harm and risks to public health and safety. It lists likely targets (OT and Internet-accessible ICS), common attack techniques, and clear, actionable mitigations for operators. The document also reinforces secure-by-design procurement principles and points readers to Cyber Centre alerts, a water-systems assessment, and other resources.
Practical next steps for operators include mapping ICS assets, reducing attack surface by removing unnecessary Internet connections, enforcing strong remote access controls (VPN/MFA), improving monitoring and logging, segregating IT and OT networks, practising incident response specific to OT, and keeping backups offline and regularly validated.
Context and relevance
This backgrounder sits alongside the 2025 National Cyber Security Strategy and recent Cyber Centre advisories. It reflects an international trend: actors increasingly target the physical processes controlled by ICS/OT to cause disruption or extract ransom. For infrastructure owners, the guidance is timely: it translates strategic threat reporting into concrete defensive measures, procurement advice and reporting channels.
Why should I read this?
Look — if you run or manage anything that keeps people fed, healthy, moving or powered, this is worth five minutes. It tells you where you’re vulnerable, what attackers are doing now (ransomware, DoS, supply-chain tricks) and exactly what to fix first — inventory, segmentation, MFA, backups and incident drills. The government also gives clear reporting routes if things go wrong.
