Internet-Accessible ICS Attacks by Hacktivists
November 12, 2025
The Canadian Centre for Cyber Security (CCCS) published an alert today describing attacks on Industrial Control Systems (ICS) that were accessible from the Internet. ICS are used to monitor and control critical processes such as the generation, storage, and distribution of energy products. These attacks have the potential to cause serious harm to entities, their customers, and the public. While an organization may not be the specific target of the recent attacks, it may fall victim through inadvertent discovery of its devices on the Internet.
ICS devices include Programmable Logic Controllers (PLCs), Human Machine Interfaces (HMIs), Remote Terminal Units (RTUs), Supervisory Control and Data Acquisition Systems (SCADA), Safety Instrumented Systems (SIS) and gauges and sensors.
The British Columbia Utilities Commission (BCUC) advises regulated entities and Mandatory Reliability Standards (MRS) Registrants to take steps to familiarize themselves with these serious and urgent risks and to take appropriate actions to mitigate these emerging threats.
Actions recommended by the CCCS and others include:
- Take an inventory of all Internet-accessible ICS devices;
- Verify the access controls on these devices;
- Ensure there are no default passwords enabled and configure strong passwords with multifactor
authentication where supported; - Block direct access from the Internet to ICS devices where possible and consider access through
dedicated remote access servers with multifactor authentication; - Segment ICS networks and devices from IT networks and allow only necessary network traffic into and
out of the ICS networks; - Install Intrusion Detection / Prevention Systems to detect and block malicious access;
- Patch all known vulnerabilities where possible; and
- Log all security events of interest that could help early detection and containment of attacks
