Ryan Lovelace | May 7, 2025
(The Washington Times) — America’s top domestic cyber agency is sounding the alarm that hackers are targeting oil and gas infrastructure and taking advantage of poor security techniques.
The Cybersecurity and Infrastructure Security Agency said Tuesday in an alert that cyberattackers are going after industrial control systems and supervisory control and data acquisition systems.
“CISA is increasingly aware of unsophisticated cyber actor(s) targeting ICS/SCADA systems within U.S. critical Infrastructure sectors (Oil and Natural Gas), specifically in Energy and Transportation Systems,” the CISA alert said. “Although these activities often include basic and elementary intrusion techniques, the presence of poor cyber hygiene and exposed assets can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions and, in severe cases, physical damage.”
CISA also published an advisory on Tuesday for mitigations to reduce cyber threats to operational technology (OT) systems, which it authored with the FBI, Department of Energy, and the Environmental Protection Agency.
OT systems generally involve the physical environment, such as the flow of fuel through a pipeline, whereas information technology (IT) systems more directly deal with things such as communications and data management.
The first step the federal agencies recommended is for digital defenders to sever operational technology connections to the public internet.
In 2021, ransomware attackers hit major U.S. fuel supplier Colonial Pipeline. Hackers reportedly targeted the company’s IT networks and not its OT environment, but the company halted OT operations amid concerns about the hackers jumping the divide. Panic ensued and gas lines spread along the East Coast.
In 2025, the Trump administration’s new advisory urged cybersecurity professionals to segment IT and OT networks and introduce a “demilitarized zone for passing control data.” The federal agencies’ advisory said organizations should also practice and maintain the ability to operate OT systems manually.
“Business continuity and disaster recovery plans, fail-safe mechanisms, islanding capabilities, software backups, and standby systems should all be routinely tested to ensure safe manual operations in the event of an incident,” the advisory said. “The authoring organizations recommend that critical infrastructure organizations regularly communicate with their third-party managed service providers, system integrators, and system manufacturers who may be able to provide system-specific configuration guidance as they work to secure their OT.”
The federal agencies directed critical infrastructure organizations to “act now” against cyberattackers who had a low bar to clear to attack their systems.
“Cyber threat actors use simple, repeatable, and scalable toolsets available to anyone with an internet browser,” the CISA advisory said. “Critical infrastructure entities should identify their public-facing assets and remove unintentional exposure.”
