Increased occurrences of cyber incidents in Operational Technology (OT) and growing susceptibilities in critical infrastructure, according to a report from the Canadian Cybersecurity Network.

Increased occurrences of cyber incidents in Operational Technology (OT) and growing susceptibilities in critical infrastructure, according to a report from the Canadian Cybersecurity Network.

The Canadian Cybersecurity Network has underscored the critical importance of maintaining the integrity of Operational Technology (OT) systems, stressing that public safety and human lives depend on it. This emphasis comes as cyber insurance providers increasingly view OT as uninsurable without proper visibility and controls.

The unique characteristics of OT systems necessitate the use of specialized Managed Detection and Response tools. The convergence of IT and OT means that a single phishing email can escalate into an industrial shutdown. To ensure effective governance, OT security should be embedded into executive oversight, vendor contracts, and compliance frameworks aligned with standards such as ISA/IEC 62443 or ISO 27001.

OT assets account for 64 percent of cyber risk exposure, despite representing only 42 percent of enterprise digital assets. This imbalance underscores the need for action from government, industry, and community leaders. The call is to invest in resilience, break down silos, share intelligence, develop talent, and modernize with secure-by-design principles.

Cyberattacks on OT systems, once considered peripheral, have become prime targets for cybercriminals, hacktivists, and nation-states. Connected building devices, such as elevators, HVAC systems, and kiosks, are widely targeted in these attacks. In fact, roughly one-third of cyberattacks involve Building Automation System (BAS)-connected Internet of Things (IoT) devices.

The lack of network segmentation between IT and OT systems, the continued use of default or hardcoded credentials, and the reliance on unsupported legacy software in building controllers are identified as key threat factors. These vulnerabilities have led to high-profile incidents, such as the 2024 Black Basta ransomware attack on Ascension Health, which disrupted care for millions.

Hospitals, in particular, face the threat of ransomware that can delay surgeries, divert ambulances, and endanger patients. The 2025-2026 National Cyber Threat Assessment warned that ransomware and nation-state probing of critical infrastructure are "almost certain" to continue. This warning was published in the 2021 National Cyber Threat Assessment in Canada.

Moreover, over half of organizations remain insecurely connected to the internet, and only 15 percent of organizations globally have formal OT cybersecurity governance for buildings. Visibility, management, expertise, and continuous improvement are essential for cyber resilience in smart buildings.

Energy providers are tracking 60 new vulnerabilities in grid networks every day. More than 23,000 BAS devices are currently discoverable via Shodan. These statistics highlight the urgent need for action to secure OT systems and protect critical infrastructure.

In conclusion, the integration of technology into our daily lives has brought about new challenges, particularly in the realm of cybersecurity. The convergence of IT and OT systems has made it clear that a single cyberattack can have far-reaching consequences, from disrupting healthcare services to endangering lives. It is crucial for all stakeholders to act together to invest in resilience, break down silos, share intelligence, develop talent, and modernize with secure-by-design principles to safeguard our future.

Read also:

• Goodyear in 2025: Advancement in Total Mobility through the Launch of Kmax Gen-3 by Goodyear
• Electric SUV Showdown: Vinfast VF6 or MG Windsor EV - Your Choice Revealed
• United States Secures $632 Million to Fuel Electric Vehicle Revolution
• IM Motors reveals extended-range powertrain akin to installing an internal combustion engine in a Tesla Model Y