The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
by Andrew Hildick-Smith, WaterISAC Advisor
The White House has just released the first edition of a guidebook to help state, local, and other levels of government unlock the benefits from the Bipartisan Infrastructure Law that was signed into law in November.
Yesterday, the National Security Agency (NSA) released Cybersecurity Advisory (CSA), Protecting VSAT Communications. VSAT (very small aperture terminal) networks are largely used for remote communications when other options are not feasible.
Today, the water sector, EPA and the White House National Security Council announced the launch of the Industrial Control Systems Cybersecurity Initiative – Water and Wastewater Sector Action Plan - a 100-day “surge” to investigate the pros and cons of utilities implementing industrial control system (ICS) monitoring and sharing monitoring results with the Cybersecurity and Infrastructure Security Agency (CISA).
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The FBI has published a TLP:WHITE Private Industry Notification (PIN) providing context and recommendations to protect against malicious activity by Iranian cyber group Emennet Pasargad. While some of the Emennet’s most notable cyber activities have involved information operations, particularly election interference activities, it has also conducted traditional cyber exploitation activity targeting several sectors, including oil and petrochemical, financial, and telecommunications, in the U.S., Europe, and the Middle East.
A new report by the Identify Theft Resource Center (ITRC) reveals that data compromises are greatly increasing. The report recorded 1,862 data compromises in 2021, up more than 68 percent compared to 2020. Utilities and manufacturers witnessed a 217 percent increase in data compromise in 2021 compared to the previous year. While phishing was the number one cause of data compromises, ransomware related data breaches have doubled every year for the past two years.
Threat actors continue abusing Microsoft Office products to fool unsuspecting individuals and to inject malware onto victims’ devices. Since December, threat actors have been sending mass phishing attacks with Excel files that deceive victims into downloading Emotet onto their systems. After victims open the Excel file, it prompts them to enable macros which subsequently downloads Emotet and enables other malicious activity.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
