U.S. Agencies Warn of Cyber Threats Targeting Oil and Natural Gas Infrastructure

On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA), alongside the Federal Bureau of Investigation (FBI), the Environmental Protection Agency (EPA), and the Department of Energy (DoE), issued a joint advisory warning about ongoing cyberattacks targeting the U.S. oil and natural gas sector.

These cyberattacks are reportedly carried out using basic methods but pose significant risks due to systemic cybersecurity weaknesses across critical infrastructure.

Threat Overview

The joint advisory highlights a growing trend of cyber threat activity directed at Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems within vital sectors, particularly energy and transportation.

The attackers are likely low-sophistication actors or hacktivist groups—some of whom publicly exaggerate their capabilities. However, security professionals emphasize that even these so-called "unsophisticated" attacks can be damaging, especially if they exploit exposed systems that lack basic protections.

The Risk: Poor Cyber Hygiene

Many ICS and SCADA systems remain directly accessible from the internet. Some still use default credentials or lack basic authentication, making them vulnerable to simple intrusion techniques.

While these breaches may not always result in catastrophic impact, they could still disrupt operations, compromise data integrity, or in some cases, lead to physical damage within critical infrastructure environments.

Recommendations for Critical Infrastructure Operators

The advisory includes a set of actionable steps for asset owners and operators within the oil and natural gas sectors—and more broadly, all operators of operational technology (OT) environments:

1. Secure Remote Access

• Disconnect ICS/OT systems from direct internet access.

• Use Virtual Private Networks (VPNs) to enable secure access.

• Implement phishing-resistant multi-factor authentication (MFA).

2. Eliminate Default Credentials

• Immediately identify and rotate any default or factory-set passwords.

• Enforce strong password policies for all systems.

3. Address Misconfigurations

• Regularly audit systems for insecure default settings or misconfigurations.

• Work closely with third-party vendors, system integrators, and managed service providers to ensure proper configuration.

4. Apply Network Segmentation

• Isolate critical OT systems from corporate IT networks.

• Limit communication between network zones using firewalls or data diodes.

5. Collaborate with Service Providers

• Engage with equipment manufacturers and integrators to understand system-specific security best practices.

• Encourage transparency around security patching and update timelines.

6. Train and Prepare

• Develop and test manual operation procedures for OT systems in case of cyber disruptions.

• Educate staff on the latest phishing and intrusion tactics.

Additional Resources

CISA urges all critical infrastructure operators to explore the agency’s extensive library of cybersecurity guidance, including:

• Cross-Sector Cybersecurity Performance Goals (CPGs)

• Secure-by-Design Principles

• Guides on Network Segmentation and Zero Trust

• MFA Implementation Resources

Conclusion

While the techniques used in the observed attacks may not be technically advanced, the consequences of neglecting basic cybersecurity can be severe. The alert from CISA and its federal partners serves as a stark reminder: cybersecurity diligence must extend to operational technology, not just IT systems.

Organizations across the energy sector are urged to take immediate steps to secure their networks and protect the continuity of services that underpin national security and economic stability.