The following message was shared with us by the Multi-State Information Sharing and Analysis Center (MS-ISAC). Critical Infrastructure members should take special note of the following content.
TLP: CLEAR
Date: May 8, 2025
Earlier this week, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation and other US government (USG) partners published a fact sheet urging critical infrastructure entities with operational technology (OT) and industrial control systems (ICS) to implement five primary mitigations that will improve their cybersecurity posture and reduce risk to unsophisticated cyber threat activity. The authoring agencies also encourage critical infrastructure entities to regularly communicate with their third-party managed service providers, system integrators, and system manufacturers who may be able to provide system-specific configuration guidance.
In addition to this fact sheet, CISA and USG partners published an operational alert warning of unsophisticated cyber actor(s) targeting ICS/SCADA systems within U.S. critical Infrastructure sectors, specifically in Energy and Transportation Systems. These actors often use basic and elementary intrusion techniques because they target organizations with poor cyber hygiene and exposed public-facing devices. The presence of poor cyber hygiene and exposed assets can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions, and, in severe cases, physical damage.
CISA strongly urges critical infrastructure asset owners and operators to review the fact sheet, Primary Mitigations to Reduce Cyber Threats to Operational Technology, for detailed guidance on reducing the risk of potential intrusions.
To learn more about the CISA resources for OT/ICS, visit Industrial Control Systems on CISA.gov.
Multi-State Information Sharing and Analysis Center (MS-ISAC)
31 Tech Valley Drive
East Greenbush, NY 12061
24×7 Security Operations Center
SOC@cisecurity.org – 1-866-787-4722
