Reposted from CISA/DHS

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation and other US government (USG) partners published a fact sheet urging critical infrastructure entities with operational technology (OT) and industrial control systems (ICS) to implement five primary mitigations that will improve their cybersecurity posture and reduce risk to unsophisticated cyber threat activity. The authoring agencies also encourage critical infrastructure entities to regularly communicate with their third-party managed service providers, system integrators, and system manufacturers who may be able to provide system-specific configuration guidance.

In addition to this fact sheet, CISA and USG partners published an operational alert warning of unsophisticated cyber actor(s) targeting ICS/SCADA systems within U.S. critical Infrastructure sectors (Oil and Natural Gas), specifically in Energy and Transportation Systems. These actors often use basic and elementary intrusion techniques because they target organizations with poor cyber hygiene and exposed public facing devices. The presence of poor cyber hygiene and exposed assets can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions and, in severe cases, physical damage.

CISA strongly urges critical infrastructure asset owners and operators to review the fact sheet, Primary Mitigations to Reduce Cyber Threats to Operational Technology, for detailed guidance on reducing the risk of potential intrusions.