Emera, Nova Scotia Power respond to cybersecurity breach; incident response teams mobilized - Industrial Cyber

Attacks And Vulnerabilities Control Device Security Critical Infrastructure Malware, Phishing & Ransomware News Threat Landscape Utilities: Energy & Power, Water, Waste Emera, Nova Scotia Power respond to cybersecurity breach; incident response teams mobilized APRIL 30, 2025 Emera Inc. and Nova Scotia Power announced they have discovered and are actively responding to a cybersecurity incident involving unauthorized access to parts of their Canadian network and servers supporting certain business applications. Upon detecting the cyber intrusion, the companies immediately activated their incident response and business continuity protocols. They engaged top-tier third-party cybersecurity experts and took swift action to isolate the affected systems and prevent further unauthorized access.  Law enforcement agencies have been notified about the cybersecurity incident, and an investigation is underway. “There remains no disruption to any of our Canadian physical operations, including at Nova Scotia Power’s generation, transmission, and distribution facilities, the Maritime Link or the Brunswick Pipeline, and the incident has not impacted the utility’s ability to safely and reliably serve customers in Nova Scotia,” according to a Monday joint statement. “There has been no impact to Emera’s U.S. or Caribbean utilities.” It added that “Our IT team is working diligently with cyber security experts to bring the affected portions of our IT system back online.” Nova Scotia Power customers can find the latest updates online.  Emera is scheduled to publish its first quarter financial statements, and management disclosure and analysis on May 8, 2025, as planned. At this time, the incident is not expected to have a material impact on the financial performance of the business. Based in Halifax, Emera is an energy company with operations in Canada, the U.S., and the Caribbean. It invests in regulated electric and natural gas utilities, as well as related infrastructure. Emera serves approximately 2.6 million customers and employs around 7,600 people. Its common and preferred shares are traded on the Toronto Stock Exchange. Nova Scotia Power is the primary electricity provider in Nova Scotia, serving approximately 550,000 customers across the province. The company is regulated by the Nova Scotia Utility and Review Board and is responsible for the generation, transmission, and distribution of electrical power. It employs over 2,300 people and operates throughout the province to maintain and manage the electrical grid. Commenting on the cybersecurity incident, Julien Richard, vice president of InfoSec at Lastwall, wrote in an emailed statement that “The reported cyber incident affecting Nova Scotia Power once again brings the security of critical infrastructure into sharp focus. Cyberattacks against power companies don’t just stay behind closed doors — they ripple outward, disrupting daily life, eroding public trust, and leading to millions in potential losses.” He added that a breach at a power organization can trigger serious downstream impacts, including service disruptions, billing interruptions, and potential privacy violations. “In the case of Nova Scotia Power, these risks aren’t theoretical — they represent very real consequences if attackers gain deep access. Without the proper controls, this could have escalated quickly into a safety issue — risking life and limb — rather than remaining a contained cybersecurity incident.” Highlighting that utilities and energy providers must harden their identity and access control systems, ensuring that only verified and authorized personnel can reach critical environments, Richard pointed out that “more broadly, we’re seeing an alarming trend in 2025: cybercriminals are increasingly targeting the energy sector, fully aware of the high stakes. It’s a sobering reminder that cybersecurity for utilities is now a front-line defense for public safety, not just an IT concern tucked away in the background.” Earlier this month, Resecurity published threat intelligence research highlighting threat actors targeting energy installations in North America, Asia, and the European Union, including nuclear facilities and related research entities. Energy firms are facing escalating cyber threats from hacktivists, ransomware groups, and nation-state actors, particularly those linked to China, Iran, North Korea, and Russia. These attacks, often driven by geopolitical tensions and ideological motivations, have primarily focused on cyber-espionage rather than physical disruption. Anna Ribeiro Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT. Related ARCON teams with DNV Cyber to strengthen privileged access management capabilities in the Nordics New York introduces cybersecurity rules, $2.5 million grant program to strengthen water infrastructure defenses Building ‘Incident Management for Industrial Control Systems’ to address gaps in OT cyber incident response GAO report highlights risks to CMMC rollout as nation-state attacks target defense contractors Why industrial cybersecurity must evolve as climate disruption and digitalization reshape critical infrastructure ISAC advisory highlights cyber and physical risks to critical infrastructure as Middle East tensions rise Suspected Iran-linked cyberattack hits medical technology giant Stryker amid Middle East tensions Finland’s National Security Overview 2026 flags Russian and Chinese cyber espionage targeting government, critical infrastructure Cydome flags NAVTOR NavBox path traversal and authentication flaws exposing vessel data, networks to cyber risk Iran-linked cyber espionage surges across Middle East as conflict tensions rise, researchers say