CISA and Coast Guard Uncover Critical Cybersecurity Vulnerabilities in Infrastructure Audit

Federal agencies have identified serious cybersecurity vulnerabilities during a proactive threat hunt at a U.S. critical infrastructure organization, according to a joint advisory released August 4, 2025. The Cybersecurity and Infrastructure Security Agency (CISA) and U.S. Coast Guard discovered multiple fundamental security risks that could leave critical systems exposed to attacks.

These findings highlight the importance of building strong cyber resilience in critical infrastructure to prevent potential breaches.

Major Security Gaps Identified

The investigation uncovered several high-risk vulnerabilities, with insecure credential management topping the list. Local administrator passwords were found stored in plaintext within batch scripts, with identical passwords shared across multiple workstations. This configuration could allow attackers to easily gain widespread network access.

The audit also revealed dangerous gaps between information technology (IT) and operational technology (OT) networks. Standard IT user accounts could directly access sensitive SCADA systems without proper security controls, creating significant risks to infrastructure operations and safety.

Organizations must implement comprehensive cybersecurity measures to protect critical systems from emerging threats.

Insufficient Monitoring and Server Vulnerabilities

The threat hunting team's effectiveness was hampered by inadequate system logging. The organization's security information and event management (SIEM) system lacked crucial Windows event logs from workstations. Additionally, verbose command-line auditing was not enabled, making it impossible to detect potential unauthorized access attempts.

Server configurations also raised red flags. A production server's SSL settings were found to be vulnerable to man-in-the-middle attacks, while weak password requirements left systems exposed to potential brute-force attacks.

Enhanced Security Recommendations

The advisory outlines several critical steps organizations should take to enhance their security posture:

• Implement secure credential management using encrypted password vaults and unique administrator passwords
• Establish proper network segmentation between IT and OT systems using VLANs and secure access controls
• Enable comprehensive system logging and monitoring across all critical infrastructure
• Strengthen server configurations with proper SSL/TLS settings and robust password policies

Establishing effective digital resilience strategies for long-term security is crucial for protecting critical infrastructure.

Organizations seeking additional guidance can attend the SecureWorld Critical Infrastructure virtual conference scheduled for August 28, 2025, where these findings will be discussed in detail. For more information on critical infrastructure protection, visit CISA's Infrastructure Security.

The joint advisory serves as a crucial reminder that basic security misconfigurations often create the greatest vulnerabilities in critical infrastructure. By addressing these fundamental issues, organizations can significantly improve their security posture before potential attackers exploit these weaknesses.