Today, CISA, the National Security Agency (NSA), the FBI, and international partners published a joint Cybersecurity Advisory (CSA), 2023 Top Routinely Exploited Vulnerabilities. As in prior years, this effort highlights multiple vulnerabilities that threat actors are routinely exploiting on devices and software that remain unpatched or are no longer supported by a vendor.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT Vulnerability Management
Research by a team from Georgia Tech School of Electrical and Computer Engineering has come up with an algorithm that improves upon previous detection methods of identifying internet-exposed ICS devices, in this case PLCs. Dubbed PLCHound, the new algorithm uses advanced language processing and machine learning techniques to identify devices. According to the researchers, PLCHound enabled them to identify 37 times more internet-connected PLCs than were previously estimated.
Cybersecurity presents a unique set of challenges for small organizations. Due to their limited size and budget, they often cannot afford a dedicated security team, and therefore tend to rely on just one person for their cybersecurity needs. This individual often struggles to manage all the recommended or necessary tasks due to time constraints or resource limitations, which can lead to cascading consequences where security issues are handled as they arise which, more often than not, is too late to prevent severe impacts.
The National Rural Water Association (NRWA) has partnered with the U.S. Department of Agriculture (USDA) and the White House Office of the National Cyber Director (ONCD) to launch a one-year program study to enhance cybersecurity for rural water systems. The Oregon Association of Water Utilities and Vermont Rural Water Association will help NRWA administer the one-year study.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT Vulnerability Management
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Additional Alerts, Updates, and Bulletins:
Yesterday, The FBI released a Private Industry Notification (PIN) to warn of a trend of compromised U.S. and Foreign government email addresses used to conduct fraudulent emergency data requests to U.S.-based organizations. The PIN notes that an increase of activity on criminal forums regarding the process of emergency data requests and sale of compromised credentials has led to an increased use of this threat. WaterISAC recommends members review the PIN and implement the recommended mitigations listed.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
