Cybersecurity for sawmill and forestry in northern Alberta.

The highest-consequence risk is downtime against the mill OT network. Modern sawmills run on Allen-Bradley / Rockwell PLCs, FactoryTalk HMIs, and a network of edgers, optimizers, and dry-kiln controllers tied together through industrial Ethernet. When that network goes down — whether from a targeted attack, a misconfigured firewall change, or ransomware spreading from the IT side — the mill stops. A day of unplanned downtime at a mid-size mill is well into six figures. Recovery is not as simple as restoring a backup; it involves the controls integrator, the OEMs, and sometimes physical reset of equipment.

The most common pathway in is not a direct attack on the OT network — those are still relatively rare for SMB mills. The realistic pathway is via the IT network: a phishing email lands, an office workstation gets compromised, ransomware spreads laterally, and because the OT network was on the same flat VLAN as the office tenant, the mill stops too. Network segmentation is the single most important defensive control and most mills do not have it.

Engineering VPN access is the other quiet risk. Most mills allow offsite access from engineering and the integrator for troubleshooting. Often this is a flat VPN with no MFA, a shared credential, and the same level of network reach as if the user was physically onsite. One compromised laptop on an engineer's home network reaches the entire mill control environment.

Recordkeeping is the third bucket. Alberta Forest Act reporting, scaling records, harvest data, and Indigenous consultation correspondence all have long retention requirements and real litigation exposure. A ransomware event that takes out the file shares is not just an operational incident — it is a potential regulatory and legal problem.

Three structural reasons. First, downtime is extraordinarily expensive — which makes mills high-leverage ransomware targets, because the operational pressure to pay is real and well-known to attackers. Second, the IT-and-OT boundary is often poorly defended in SMB mill environments, because each side traditionally had different owners and the segmentation work falls in the gap. Third, forestry contractors increasingly hold customer data, regulatory submissions, and partnership records that have real value to an attacker who is willing to extort on the data side as well as the operational side.

We start with the IT-OT boundary, because that is the single highest-leverage control. We work with your automation integrator to document the current network topology and put real segmentation between the office tenant and the mill control network — firewalled VLANs, restricted east-west traffic, no ability for a compromised office workstation to reach an HMI directly. We do not reprogram your PLCs. We make sure they sit behind a defensible boundary.

On the IT side, the same baseline applies: managed EDR (Huntress) on every office endpoint and engineering laptop, Microsoft 365 with enforced MFA and conditional access, cloud backup separate from M365 retention, phishing simulation, and vulnerability scanning. For engineering VPN access we replace flat shared-credential setups with per-person accounts, MFA, and a documented jump-host pattern for sensitive systems.

For recordkeeping we back up file shares, the forestry management software, and any regulatory submission system to immutable cloud storage with retention periods that match the Forest Act and Indigenous consultation requirements. Access logs are retained so you can demonstrate provenance if a record is ever challenged. We document the whole environment in Hudu so the next person who sits in the IT chair can pick up where the last one left off.