The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on Tuesday about unsophisticated cyber threats targeting industrial control systems and operational technology in critical infrastructure sectors.
The advisory, co-authored by the U.S. Department of Energy and the Environmental Protection Agency, highlighted threats affecting key industries such as oil, gas, energy, and transportation.
The agencies emphasized the importance of improving cybersecurity practices to safeguard assets exposed to the internet.
Although the advisory did not specify recent incidents, it echoed earlier warnings about cyberattacks on water treatment systems and small power companies.
To enhance security, the agencies recommended three key actions:
Disconnect operational technology (OT) from the public internet to reduce exposure to cyber threats.
Replace default passwords with strong, unique ones.
Secure remote access to OT networks by using private IPs, VPNs with strong passwords, and phishing-resistant multifactor authentication.
Paul Shaver, global practice lead for OT/ICS security at Mandiant, said, “This advisory reiterates what we’ve been stressing for years: basic cyber hygiene in OT environments is lacking. A strong perimeter and secure environments should be the top priority for asset owners.”
