Summary: WaterISAC and EPA have released the latest quarterly edition of the National Security Information Sharing Bulletin (ISB), developed for water and wastewater utilities. Each issue focuses on key security and resilience topics, including cybersecurity, physical security, and natural disasters.
Summary: The FBI’s Internet Crime Complaint Center (IC3) released its 2024 Internet Crime Report. The report draws data from over 850,000 complaints of suspected internet crime reported to the FBI last year.
Summary: The NSA is releasing a Cybersecurity Technical Report (CTR) to share recommendations for security policies and technical requirements for operational technology (OT) smart controller devices installed in National Security Systems (NSS).
Summary: Verizon released the 18th edition of one of the most sought-after annual reports – the Data Breach Investigation Report (DBIR) – which catalogs and analyzes the past year’s trends in cyber crime and provides a comprehensive view of the global threat landscape. This year’s 100-page report covers cyber incidents and data breaches between November 1, 2023, and October 31, 2024, and includes 12,195 confirmed data breaches and 22,052 total incidents in its data set.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
Summary: April is Supply Chain Integrity Month, providing an opportunity for government, industry, and other stakeholders to increase collaboration and the sharing of best practices, risk mitigation strategies, and innovative solutions to safeguard supply chains from threats such as cyberattacks, counterfeiting, and disruptions. This year, CISA is promoting resources, tools, and information divided into four themes that help partners and stakeholders increase ICT supply chain resilience.
Summary: Wired published a recent article featuring a deep dive into the Iranian state-backed hacktivist group known as the CyberAv3ngers, stating “The group known as CyberAv3ngers has, in the last year and a half, proven to be the Iranian government's most active hackers focused on industrial control systems. Its targets include water, wastewater, oil and gas, and many other types of critical infrastructure.” The article provides an overview of the group’s history targeting critical infrastructure, giving an analysis of their tactics and capabilities.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
