The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) are warning of unsophisticated threat actors targeting industrial control systems and operational technology environments in key critical infrastructure sectors.
The guidance, co-authored by the U.S. Department of Energy and the Environmental Protection Agency, said the threat activity targeted critical infrastructure in the oil and gas industry and involved the energy and transportation sectors.
The agencies urged security leaders to use better cyber hygiene and protect assets exposed to the internet.
While it is not clear what specific incidents led to the advisory, the guidance is similar to prior warnings in recent years about threat actors targeting drinking and wastewater treatment providers and small power companies.
The agencies advised three major security improvements:
- Removing OT connections from the public internet, as exposed OT devices can easily be discovered through search engines that track open ports.
- Immediately changing default passwords with strong, unique passwords that are hard to guess.
- Securing remote access to OT networks, with users upgrading to a private IP network and adopting VPNs with strong passwords and phishing-resistant multifactor authentication.