The Gaming Boardroom

Security considerations for critical infrastructure (ITSAP.10.100) – Canadian Centre for Cyber Security

Steve Tyler Leave a comment

Security considerations for critical infrastructure (ITSAP.10.100) – Canadian Centre for Cyber Security

Summary

Published July 2025 as part of the Cyber Centre’s Awareness series, this guidance outlines key risks to Canada’s critical infrastructure (CI) and practical security measures CI operators should adopt. It describes CI sectors, explains how cyber attacks can cause service disruption, and details common threats — including ransomware, denial-of-service and insider or state-sponsored actors — with a focus on risks to operational technology (OT) and industrial control systems (ICS).

The guidance emphasises isolation of OT, a risk-based approach to updates, robust backups, tested incident response plans (including OT-specific procedures and manual controls), employee training, monitoring and logging, and the use of network security zones, secure administrative workstations and multi-factor authentication.

Key Points

  • Critical infrastructure spans 10 national sectors (energy, finance, food, government, health, ICT, manufacturing, safety, transportation, water) and is often interconnected across jurisdictions.
  • OT and ICS are high-value targets when connected to networks; loss of control can cause physical damage, service outages or risk to life.
  • Main threats include ransomware, wipers/spyware, denial-of-service, insider misuse and state-sponsored activity targeting strategic information or disruption.
  • Core mitigations: isolate OT from the Internet, use network zones, secure admin workstations, enforce MFA and VPNs for remote access, and ensure manual controls can operate if networks are unavailable.
  • Operational readiness: maintain offline, tested backups; adopt a risk-based update and patching process; develop and regularly test an OT-aware incident response plan.
  • Human factors matter: provide tailored cyber security training, monitor for insider threats, enable comprehensive logging and consider two-person rules for critical administrative actions.

Context and relevance

This guidance is a concise government checklist aimed at CI operators, regulators and security teams. It reflects ongoing trends: increased targeting of OT by financially and politically motivated actors, growing ransomware risks, and the dangers posed by interconnected systems. Organisations responsible for essential services should view this as a practical baseline to reduce catastrophic impacts on public safety, the economy and national confidence.

Why should I read this

Short answer — if you touch critical infrastructure, skim this now. It’s a no-nonsense, government-backed list of what can go disastrously wrong and the proven steps to stop it. Saves you time: clear actions on isolation, backups, response plans and staff training so you don’t have to hunt for basics across multiple documents. If you manage OT or supplier relationships, treat it as a checklist.

Source

Source: https://cyber.gc.ca/en/guidance/security-considerations-critical-infrastructure-itsap10100

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2026 The Gaming Boardroom. All rights reserved.