The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Similar to the subcommittee hearing last week, another one was held Tuesday that focused on the water sector, titled “Securing Operational Technology: A Deep Dive into the Water Sector.” The witnesses included top water trade officials as well as leaders from Dragos and MITRE. Much of what was explored centered around the need for more cybersecurity technical resources, specifically for OT systems.
Yesterday, WaterISAC sent an advisory to members regarding the joint Cybersecurity Advisory (CSA) and guidance related to Volt Typhoon. The CSA confirms that these state-sponsored affiliated actors have an interest in and have compromised water and wastewater systems sector assets. Specifically, the U.S.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
WaterISAC is sharing this for broader awareness of the threat against out-of-date VMware ESXi servers, on the impact such incidents can have on mission critical resources, and most importantly how this incident enabled adversaries to access and encrypt a broadband radio network.
For member awareness, WaterISAC is passing along this CISA Live event titled “Boosting Water Sector Cybersecurity.” The event is being conducted tomorrow, February 7, from 11:30 AM -12:00 PM ET and hosted on LinkedIn Live.
WaterISAC is passing along this announcement regarding a hearing for members’ awareness. As indicated below, the hearing was open to the public and press and was live streamed. If you missed the live stream, members are encouraged to view the recording at House.gov.
WaterISAC has been made aware of a phishing campaign that occurred last month impersonating the Maine CDC Drinking Water Program (DWP). The fake emails were reportedly sent to all Maine water operators and requested that operators click on a link to “verify or update” their information in order to avoid having their license revoked. The attackers used the Maine.gov logo and the Division title in the email subject lines to make the message appear legitimate.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – February 6, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
