Yesterday, WaterISAC sent an advisory to members regarding the joint Cybersecurity Advisory (CSA) and guidance related to Volt Typhoon. The CSA confirms that these state-sponsored affiliated actors have an interest in and have compromised water and wastewater systems sector assets. Specifically, the U.S.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
WaterISAC is sharing this for broader awareness of the threat against out-of-date VMware ESXi servers, on the impact such incidents can have on mission critical resources, and most importantly how this incident enabled adversaries to access and encrypt a broadband radio network.
We are excited to announce the H2OSecCon Spring 2024 call for presentations!
For member awareness, WaterISAC is passing along this CISA Live event titled “Boosting Water Sector Cybersecurity.” The event is being conducted tomorrow, February 7, from 11:30 AM -12:00 PM ET and hosted on LinkedIn Live.
WaterISAC is passing along this announcement regarding a hearing for members’ awareness. As indicated below, the hearing was open to the public and press and was live streamed. If you missed the live stream, members are encouraged to view the recording at House.gov.
WaterISAC has been made aware of a phishing campaign that occurred last month impersonating the Maine CDC Drinking Water Program (DWP). The fake emails were reportedly sent to all Maine water operators and requested that operators click on a link to “verify or update” their information in order to avoid having their license revoked. The attackers used the Maine.gov logo and the Division title in the email subject lines to make the message appear legitimate.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – February 6, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
A subcommittee hearing held yesterday on Ensuring Cybersecurity of America’s Drinking Water Systems, top water and wastewater systems sector trade officials expressed concerns to lawmakers that utilities are in urgent need of more government funding for cybersecurity training and resources.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
