The United States warns of "unsophisticated cyber actors" increasingly targeting Energy and Transportation sectors

Four agencies tasked with protecting critical infrastructure in the United States have issued a new alert on attackers targeting ICS/SCADA systems.

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Environmental Protection Agency (EPA), and Department of Energy (DOE) have warned that they are increasingly aware of 'unsophisticated cyber actors' targeting two key CNI sectors, Energy and Transportation Systems.

The agencies have produced new guidance titled 'Primary Mitigations to Reduce Cyber Threats to Operational Technology' and are urging organisations "to review and act now to improve their cybersecurity posture against cyber threat activities specifically and intentionally targeting internet connected OT and ICS."

The convergence of IT and OT systems has increased over recent years. If key security practices are not fully addressed, this can lead to heightened risks for CNI operators with lower skilled attackers being able to identify and target assets that may prove critical to energy supply lines or transport operations. There have been numerous high-profile events impacting both U.S and global companies in these sectors.

CISA states that "although these activities often include basic and elementary intrusion techniques, the presence of poor cyber hygiene and exposed assets can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions and, in severe cases, physical damage."

The agencies have authored detailed guidance on reducing the risk of potential intrusions with key recommendations for asset owners and operators including:

• Conducting regular vulnerability assessments of OT networks and connected assets.
• Implementing strong authentication protocols and enforcing unique, complex passwords for all user accounts.
• Restricting remote access to critical ICS/SCADA components, using multi-factor authentication where possible.
• Segmenting operational networks from corporate IT environments to minimise exposure.
• Establishing continuous network monitoring and anomaly detection to quickly identify suspicious activity.

The full factsheet including detailed mitigations is available on the CISA website. The agency encourages CNI operators to also consult with their third-party managed service providers, system integrators, and system manufacturers to ensure that OT is effectively secured.