U.S. Oil and Gas Sectors Face Persistent Cyber Threats, CISA Warns
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new advisory warning that unsophisticated cyber attackers are actively targeting industrial control systems (ICS) and operational technology (OT) assets in the U.S. oil and natural gas sectors.
Though the attack methods are simple—often involving basic intrusion tactics and default passwords—CISA emphasized that poor cyber hygiene across these environments increases the risk of serious consequences.
“Although these activities often include basic and elementary intrusion techniques, the presence of poor cyber hygiene and exposed assets can escalate these threats,”
— CISA Joint Advisory
Potential Consequences Include Operational Disruption and Physical Damage
Despite the attackers’ low sophistication, the impact could be significant. Threat actors are capable of:
- Defacing systems
- Changing device configurations
- Interrupting operations
- Causing physical damage to infrastructure
The Energy and Transportation Systems sectors are among the primary targets, according to the advisory.
Federal Agencies Issue Joint Guidance to Strengthen Defenses
The alert was issued in coordination with the FBI, Department of Energy (DOE), and the Environmental Protection Agency (EPA). The guidance includes practical security measures for reducing cyber risk in ICS and OT environments:
- Remove public-facing OT systems from the internet to reduce exposure
- Replace default passwords with strong, unique credentials
- Secure remote access using VPNs with phishing-resistant multifactor authentication (MFA)
- Segment networks using demilitarized zones (DMZs) to separate IT from OT
- Practice manual override procedures to ensure business continuity during incidents
“Business continuity and disaster recovery plans, fail-safe mechanisms, islanding capabilities, software backups, and standby systems should all be routinely tested,”
— Joint Advisory
Agencies also recommend regular collaboration with third-party service providers, system integrators, and equipment manufacturers to ensure proper system configurations and updated defenses.
Advisory Follows Broader Pattern of Cyber Threats to Critical Infrastructure
This latest warning comes shortly after CISA and the EPA issued a separate alert in December, urging water utilities to protect Internet-exposed Human Machine Interfaces (HMIs).
Three months before that, CISA disclosed that hackers were actively probing water and wastewater systems by exploiting internet-exposed industrial devices with default credentials and brute force attacks.
