Today, CISA and the FBI issued another Secure by Design Alert this time focused on Eliminating Cross-Site Scripting (XSS) Vulnerabilities. This is part of an ongoing initiative to significantly reduce the prevalence of various vulnerability types.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Remote access has become part of normal operations in industrial environments. The ability to remotely connect to a network adds a great deal of convenience for end users, engineers, systems administrators, integrators, and support vendors. However, it also provides an opportunity for threat actors to infiltrate the network. Methods of remotely connecting securely should be implemented to minimize risk.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
Multiple organizations have stepped forward to provide the resources small utilities need to defend themselves from cyber threats with mostly no-cost solutions. The Institute for Security and Technology (IST) has launched a new pilot program called “UnDisruptable27” focusing on the nexus of water and urgent care to prioritize the safety, security, and resilience of basic lifeline human needs, especially at the local level.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Do you use CISA’s free products and services, such as the Vulnerability Snapshots and the Cyber Risk Summary: Water and Wastewater Systems Sector, etc.? Even if you don’t, those reasons are of interest too.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT Vulnerability Management
Today, CISA, the FBI, and other U.S. and international partners released a joint Cybersecurity Advisory (CSA) titled “Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure”. The joint advisory provides cybersecurity threat intelligence, along with tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) linked to cyber actors from the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155).
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
