• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

Fed Issues Cyber Security Warning for Critical Infrastructure Industries: 6 Ways to Respond

With National Cyber Security Awareness Month coming to a close, the U.S. Government seized the opportunity to put a select group of businesses on notice, so to speak. In a recent joint statement, the Department of Homeland Security and the Federal Bureau of Investigation warned of “advanced persistent threats” targeting the nation’s critical infrastructure, including companies in the energy, manufacturing, nuclear, aviation, and water industries. The warning also included a look at the tactics employed by attackers as well as a rundown of what those in the crosshairs can do to stay safe.

The earliest signs of this activity can be traced back to May and it’s escalated ever since. According to the statement, in some cases, the attacks have succeeded. However, the Feds were mum as to the identity of the victims.

What do these attacks look like? Typically they are multi-stage, originating in a low-level system before spreading into something far more lucrative – and critical. The companies targeted are either the primary objective, or, they are a stepping stone to a much larger victim. The methods attackers use to conduct these campaigns vary, but some of the more common instances involve:

  • open-source reconnaissance
  • spear-phishing emails launched from compromised legitimate accounts
  • watering-hole domains
  • host-based exploitation
  • industrial control system infrastructure targeting
  • ongoing credential gathering

What comes after awareness?

Awareness only goes so far, which is why the Feds also included some steps organizations who fit the target profile can take to spot malicious activity and protect themselves. At their core, however, these are best practices that can be leveraged by all businesses, regardless of industry. Here are some of the recommendations put together by the DHS and FBI:

  • Update network blacklists. The DHS and FBI includes information on domain names, IP addresses and more known to be compromised. IT should be deployed to update network blacklists with this information to prevent access from locations known to be up to no good.
  • Implement network segmentation. As mentioned above, attackers have no problem starting small and working their way up. As such, mission critical networks – in this case, something like the industrial control system – should be segmented from lower priority items – also in this case, business-facing systems. This way, if attackers are able to gain low-level access, their efforts will be thwarted at the ground floor.
  • Audit credential usage. Attackers love to get their hands on legit credentials and then exploit them for their own gain. IT should audit the access logs of remote systems and make note of anything that looks out of sorts, for example, an inexplicable middle-of-the-night log in attempt. These audits should be extended to include remote desktop and VPN sessions if doubts are raised about activity attributed to a set of credentials.
  • Ensure regular review of deleted system logs. Unusual or unexpected deletions may be a sign of attackers attempting to cover up their tracks on a corporate network. IT personnel should regularly peruse these logs for any signs of suspicious activity.
  • Conduct end user training sessions. Whether they are on the front lines or the C-suite, users are often the easiest way in for attackers. Users must be kept up to date on the latest risks – in terms they can understand – and reminded of best practices when it comes to web browsing and email usage.  
  • Handle admin accounts with care. Admin accounts are undoubtedly high value targets and should be treated as such. Businesses should keep the total number of admin accounts to a minimum and their activity should be closely monitored, particularly in regards to privilege escalations and role changes. Additionally, network admin accounts should be cut off from the outside world to prevent them from being co-opted. Finally, wherever applicable, admin accounts should be further hardened with two-factor authentication.

Next steps: Putting those recommendations into action

These are just some of the recommendations put forth by the DHS and FBI. The full list is long and admittedly time-consuming, something no one in IT, or otherwise, wants to hear. However, these steps can have real, meaningful benefits on the health and well-being of all organizations, not just those who fall under the scope of this warning. That’s where Arraya Solutions can help. Our Cyber Security Practice has real world experience, at both the executive and the hands-on level, building and maintaining security solutions for businesses in high-risk industries. We can help execute the above steps and more to ensure manufacturers, industrial organizations, and beyond are ready for the worst today’s cyber criminals have to offer.

Start a conversation with our Cyber Security team today by visiting: https://www.arrayasolutions.com//contact-us/. Arraya can also be found on social media: LinkedIn, Twitter, and Facebook. While you’re there, leave us a comment on this or any of our posts and follow us to keep up with all of our latest industry insights, exclusive learning opportunities, and more.

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}