The recent electronic pager attacks by Israel against the foreign terrorist group Hezbollah emphasize the need for securing supply chains in today's increasingly complex geopolitical landscape. These incidents, which resulted in remotely detonated explosives hidden in pager and walkie-talkie batteries, serve as a stark reminder of the vulnerabilities inherent in supply networks, particularly those involving third-party hardware and software.
Threat actors continue to conduct targeted attacks against specific organizations and industries. The Aerospace defense giant General Dynamics recently experienced a highly targeted attack where threat actors compromised dozens of employee benefits accounts after a successful phishing campaign targeting its workers.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Additional Alerts, Updates, and Bulletins
This week, CISA released the National Cyber Incident Response Plan Update Public Comment Draft. The draft requests public comment on the National Cyber Incident Response Plan (NCIRP)—the public comment period is currently open and concludes on January 15, 2025.
On Tuesday, CISA and the Office of the National Cyber Director (ONCD) published a Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure. The playbook is designed to assist grant-making agencies to incorporate cybersecurity into their grant programs and assist grant-recipients to build cyber resilience into their grant-funded infrastructure projects.
Yesterday, CISA and other federal and international partners released notable updates to the Joint Cybersecurity Advisory (CSA) “IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including US Water and Wastewater Systems Facilities” originally published December 1, 2023. See WaterISACs original analysis of this joint CSA.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
WaterISAC is sharing this (TLP:CLEAR) Private Industry Notification (PIN) for member awareness. The FBI is highlighting the HiatusRAT1 scanning campaigns against Chinese-branded web cameras and DVRs. Private sector partners are encouraged to implement the recommendations listed in the “Mitigation” column of the report to reduce the likelihood and impact of these attack campaigns.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
