Washington, D.C. — The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the U.S. Coast Guard (USCG), has issued a joint Cybersecurity Advisory to enhance cyber hygiene practices across critical infrastructure sectors.
This advisory follows a proactive threat hunting engagement conducted at a U.S. critical infrastructure facility. While the assessment revealed no signs of malicious cyber activity or threat actor presence, CISA and USCG identified several cybersecurity vulnerabilities that, if left unaddressed, could be exploited.
To help mitigate these risks, the advisory outlines actionable best practices, including:
-
Avoiding the storage of passwords or credentials in plaintext
-
Refraining from sharing local administrator account credentials
-
Implementing robust, comprehensive logging mechanisms
The agencies are sharing these findings and recommended mitigations to support critical infrastructure organizations in identifying and correcting similar issues, thereby strengthening their overall cybersecurity posture.
For full details and recommended mitigations, read the joint Cybersecurity Advisory: CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at U.S. Critical Infrastructure Organization.
We invite you to share your feedback via our anonymous survey. Your input is valued and helps shape future cybersecurity efforts.
This product is subject to Notification and Privacy & Use Policy.
Contact:
CISA Media Relations
[email protected]
www.cisa.gov
