Five cybersecurity bills aimed at strengthening protections for national energy infrastructure have advanced, reflecting bipartisan concern over growing threats to grid and operational systems and reinforcing the need for utilities to address long-standing exposure and architectural risks in operational technology (OT) systems.
In October 2025, the Canadian Centre for Cyber Security issued an Alert warning CISO and decision makers of increasing cyber-attacks exploiting internet-accessible industrial control systems (ICS). Reported incidents included tampering with water pressure values, triggering false alarms in an oil & gas facility, and manipulating temperature and humidity levels in a grain drying silo. These individual companies may not be direct targets of adversaries but have become victims of opportunity to gain media attention and undermine public trust.
In a joint advisory, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and partners detailed ongoing cyber activity targeting industrial control systems (ICS). To cause disruption and gain publicity, hacktivists often target critical infrastructure, ranging from water treatment facilities to oil well systems. They exploit exposed services, weak authentication, and poor network segmentation in legacy operational technology (OT). Although these hacktivists are generally unsophisticated and mostly cause only temporary loss of view, they show lack of consideration for human safety and incur substantial labor costs associated with operational downtime and network remediation.
黑熊觀點:指令本身無誤時,即使數值超標,防火牆也無從抵擋。
