The Cybersecurity and Infrastructure Security Agency (CISA) issued on July 20, 2021, an alert (AA-22-2021A) addressing the successful Chinese intrusion of the United States oil and natural gas pipeline companies from 2011 to 2013. In its alert, CISA shares the frequency with which the attacks occurred, number of confirmed compromises, number of near misses, and the number of attacks whose depth of intrusion was undetermined.Chinese fingers in the infrastructure pieAttribution is an art form and one of the most difficult to achieve given the ever-evolving methods and techniques used by the attacking entity, especially when the determined entity is a nation-state with seemingly unlimited resources. CISA, together with the FBI is unambiguous in the determination and attribution of these attacks to Chinese state-sponsored actors. The target was Supervisory Control and Data Acquisition (SCADA) networks.Not surprising to CISOs the attacks were tied to a successful spear-phishing campaign that started in December 2011 and continued until February 2012. Four separate MITRE ATT&CK tactic collections were highlighted in the CISA alert:TA009 \u2013 (October 2018 updated July 2019) Adversary techniques to gather information and sources of informationTA0010 \u2013 (October 2018 updated July 2019) Adversary exfiltration techniques as they try to steal dataT1213 \u2013 (October 2018 last updated April 2021) Adversary leverage of information repositories to mine information. Of note is the value that the seemingly mundane data is to adversaries and all CISOs would be well served to remind users that the following types of information highlighted in T1213, when compromised, provide the adversaries targeting team with a plethora of data to facilitate future attacks.Policies, procedures, and standardsPhysical\/logical network diagramsSystem architecture diagramsTechnical system documentationTesting\/development credentialsWork\/project schedulesSource-code snippetsLinks to network shares and other internal resourcesT1120 \u2013 (May 2017 updated March 2020) Adversaries attempt to gather information about attached peripheral devicesCISA highlights the Chinese compromise of 13 of 23 targeted companies and noted that eight of the 23 companies may have been compromised, but the level of compromise was undetermined. Not exactly what a CISO wants to report to the C-suite\/board.Perhaps most troubling, and thus worthy of approbation, is the fact that had the Chinese attackers been more successful they could have \u201cimpersonated legitimate system operators to conduct unauthorized operations.\u201d The attackers did, however, garner access to \u201cdial-up access,\u201d which remains a mainstay within the energy sector\u2019s industrial control systems (ICS). CISA characterizes this as the Chinese preparation of the environment for \u201cfuture operations.\u201d In other words, preparing the environment in the event China had a national security reason to disrupt, damage, and impede the oil and natural gas distribution networks in the United States.The CISA alert does not identify which entities in China were responsible for these attacks. ABC News did, however, report in February 2013 on the Mandiant\/FireEye attribution of cyberattacks to China\u2019s PLA Unit 61398 located in Pudong, Shanghai. The report alleged Unit 61398 as being responsible for the theft of \u201chundreds of terabytes of data from at least 141 organizations\u201d since 2006 of which at least 115 were in the US and were spread across multiple sectors, including energy.Russia also targeted the energy sectorIn\u00a0March 2018, the CISA issued a similar alert highlighting The Russian Federation\u2019s efforts to target commercial entities within the energy sectors ICS using spear-phishing in which they gained \u201cremote access.\u201d During their presence within the network, CISA noted that the Russian intruders \u201cconducted network reconnaissance, moved laterally, and collected information pertaining to the ICS.\u201dICS CISOs: Invest in cybersecurity infrastructureThe need for CISOs responsible for industrial control systems to be investing in basic cyber infrastructure has never been more evident than the klaxon calls to move away from the use of dial-up connectivity within their infrastructure given the inherent security weaknesses which these devices present. CISA highlights these as, \u201cdirect access into the ICS environment with little or no security and no monitoring\u201d (emphasis added).This begs the question: If a company does not have access control or the ability to monitor who is accessing their ICS network, how does one determine if they have been penetrated by the Chinese or Russians? The alert highlighted how 35% of the targeted companies were unable to determine the depth of the Chinese penetration into their ICS. Imagine being one of those eight CISOs sitting there in the dark and unable to answer the question: \u201cWhat did the adversary do once they compromised our network?\u201dCISOs should take this to the bank and use this as evidence of nation-state interest, as well as justification for the infusion of resources to augment and adjust their current security posture.