Five cybersecurity bills aimed at strengthening protections for national energy infrastructure have advanced, reflecting bipartisan concern over growing threats to grid and operational systems and reinforcing the need for utilities to address long-standing exposure and architectural risks in operational technology (OT) systems.
In October 2025, the Canadian Centre for Cyber Security issued an Alert warning CISO and decision makers of increasing cyber-attacks exploiting internet-accessible industrial control systems (ICS). Reported incidents included tampering with water pressure values, triggering false alarms in an oil & gas facility, and manipulating temperature and humidity levels in a grain drying silo. These individual companies may not be direct targets of adversaries but have become victims of opportunity to gain media attention and undermine public trust.
Networking devices, like food, can introduce risks from the big wide world into critical infrastructure systems. Modern industrial systems are a blend of hardware, firmware, and software. As a result, evaluating devices requires more than reviewing a physical Bill of Materials (BOM). You also need the Software BOM (SBOM), which is a formal record containing the details, versions, and supply chain relationships of various software components used in building a product. This information is crucial in vulnerability and asset management, enabling organizations to quickly identify software or component dependencies and supply chain risks.
In a joint advisory, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and partners detailed ongoing cyber activity targeting industrial control systems (ICS). To cause disruption and gain publicity, hacktivists often target critical infrastructure, ranging from water treatment facilities to oil well systems. They exploit exposed services, weak authentication, and poor network segmentation in legacy operational technology (OT). Although these hacktivists are generally unsophisticated and mostly cause only temporary loss of view, they show lack of consideration for human safety and incur substantial labor costs associated with operational downtime and network remediation.
For networking operators in factories, utilities, and government agencies, the convergence of Information Technology (IT) and Operational Technology (OT) is no longer a theoretical concept—it’s reality, and fraught with increasing cybersecurity risks that exploit the gap in between, exposing critical infrastructure to sophisticated threats. Understanding and actively bridging this divide is paramount to maintaining operational resilience and security.