If your utility participates in the DHS Chemical Facility Anti-Terrorism Standards (CFATS) program, you have likely been notified if you were impacted due to this incident. For more information, members may wish to:
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories
CISA Releases Three Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
From ransomware groups to state-sponsored actors, multiple cyber threat actor types are exploiting vulnerabilities on edge devices, remote services, and other components that are exposed at the network edge (that shouldn’t be). It’s not just known vulnerabilities that are being exploited on devices that asset owners leave unpatched. Well-resourced and capable threat actors are increasingly developing complex zero-day exploits, making it particularly important to have a plan to protect these devices before those that are able can be patched.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
Proofpoint posted research on an increase in a technique leveraging unique social engineering that directs users to copy and paste malicious PowerShell scripts to infect their computers with malware. Essentially, through the use of fake Google Chrome, Word, and OneDrive errors, users may be tricked into literally copying and pasting malicious PowerShell scripts into their Windows terminals.
WaterISAC is passing along this partner guidance for broader awareness to assist utilities with organizational cyber resilience efforts.
Today, CISA, in partnership with the Federal Bureau of Investigation (FBI), released guidance, Modern Approaches to Network Access Security, along with the following organizations:
On Thursday, June 13, CISA conducted the federal government's inaugural tabletop exercise with the private sector focused on effective and coordinated responses to artificial intelligence (AI) security incidents. The four-hour exercise brought together more than 50 AI experts from government agencies and industry partners.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additinonal alerts, updates, and bulletins:
ICS Advisories:
Yesterday, NIST through its National Cybersecurity Center of Excellence (NCCoE) released a draft Technical Note inviting public comments. The Note outlines universal remote access cybersecurity architectures and demonstrative solutions planned for the ‘Cybersecurity for the Water and Wastewater Sector: A Practical Reference Design for Mitigating Cyber Risk in Water and Wastewater Systems’ project. The public comment period is open through July 15, this year.
June was designated as National Internet Safety Month by the U.S. Senate in 2005 primarily to raise awareness of internet dangers and highlight the need for education about online safety. Since that time, with the rise of smartphones and other technologies, the amount of time people spend online has grown enormously – as have the risks.
As data from numerous studies have shown, the nation needs more education and training about the risks we face online and how to stay safe when using connected devices.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
