Incidents

Attacks on Canadian Critical Infrastructure companies rise by 20%

July 5, 2026
10 min read

Key Insights:

  • Canada's Communications Security Establishment (CSE) has released its latest 2025-2026 Annual Report
  • The Canadian Centre for Cyber Security responded to more than 3,200 cyber security incidents
  • Attacks on CNI operators rose by 20% year on year across ten key sectors including energy, critical minerals and water
  • Russian hacktivist group NoName was stated to have breached a Quebec water plant’s network and gained access to many crucial systems.
  • NoName claimed it had gained the “ability to covertly control pumps, chlorine dosing, pressure settings and monitoring/alerts systems.”
  • CSE also conducted offensive and defensive cyber operations to prevent drug trafficking and the recruitment of extremists

Nation state targeting of critical safety systems

The Canadian Communications Security Establishment (CSE) has released its latest annual report and, for the first time, attributed an attack on critical water infrastructure to a Russian-backed threat actor group.

CSE is Canada’s national cryptologic agency, responsible for foreign signals intelligence, cyber security and information assurance and includes the Canadian Centre for Cyber Security.

It previously warned in November 2025 of increased targeting of essential services including water systems:

Cyber threats to water infrastructure are growing, evolving quickly, and can affect every community in Canada. You don’t need to be an engineer or a cyber security expert to understand why this matters.

Rajiv Gupta, Head of the Canadian Centre for Cyber Security, in the introduction to the Unclassified report warned that cyber threats to water infrastructure were "growing, evolving quickly, and can affect every community in Canada."

These kinds of attacks on control systems reflect the fact that public health depends on access to clean water and thus operational systems have become a strategic target for state-sponsored actors to project power through disruptive or destructive cyber activity.

Canada has provided help to water-system CNI operators with control based guidance to prevent cyber threat actors  from compromising their systems

Canada responds to increasing cyber attacks

The NoName group were previously identified by the US Department of Justice when rewards of up to $10m USD were announced for information leading to the capture of named individuals.

The US accused the Russian groups of targeting "minimally secured, internet-facing virtual network computing connections to infiltrate (or gain access to) operational technology control devices within critical infrastructure systems."

Canada has responded to the rising threat over the last year by publishing detailed control guidance for the water sector, growing its security workforce by more than 300 personnel and taking steps to strengthen cyber security laws to protect critical infrastructure.

As CSE marks 80 years of service to Canada, we continue to adapt to a security environment, with cyber threats growing in scale and complexity.
Caroline Xavier, Chief of CSE

The annual report provides examples of how the CSE also leveraged 'active cyber operations' to target and disrupt organised crime groups and offshore extremist groups using the internet to harm Canadians.

This is at a time when more nations support 'hacking back' to defend critical national infrastructure.

Canada is handling both growing cyber threats and an increasingly congested Arctic operating environment

The report from the FVEY partner adds to growing evidence of state-sponsored actors "becoming more aggressive ... moving beyond traditional espionage to conduct more disruptive activities."

Identifying Russia and China as primary concerns, CSE also highlights that both countries pose a growing physical threat in the Canadian Arctic as a race to control key minerals grows at the top of the globe.

We live in interesting times.

Similar posts

Identify. Secure. Assure.

Ready to simplify cybersecurity compliance for critical infrastructure?
Book a demo