It is certainly not impossible to maintain an air gapped control system network, but all too often risk assessments and penetration tests reveal they are a dying breed. Likewise, numerous case studies and research into ICS-focused adversaries reveal many threat groups leveraging IT exploits to traverse into the OT network. Both scenarios confirm the fact that OT and IT cybersecurity need each other for a holistic security posture.
The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory noting that Google and Microsoft recently published reports on advanced persistent threat (APT) actors targeting cybersecurity researchers. The APT actors are using fake social media profiles and legitimate-looking websites to lure security researchers into visiting malicious websites to steal information, including exploits and zero-day vulnerabilities.
On Tuesday, Siemens released five advisories related to vulnerabilities in its products used in industrial environments regarding the NAME:WRECK vulnerability disclosed by Forescout that same day.
The Canadian Security Intelligence Service’s (CSIS’s) just-released Public Report 2020 shines light on threats to Canada’s security by providing an overview of the organization’s major efforts in the past year and a section on the country’s threat environment. It begins by noting how the COVID-19 pandemic created a situation ripe for exploitation by threat actors, who sought to take advantage of organizations working on COVID-19 research and more individuals working from home.
The Office of the Director of National Intelligence has released its Annual Threat Assessment of the U.S. Intelligence Community, which examines worldwide threat trends relevant to the security of the country.
Cybersecurity is an organizational initiative; a necessity. It’s not us (OT) versus them (IT). Cybersecurity is not solely a technology problem. IT standards do not always translate well to secure ICS/SCADA systems and processes; however, much can be gained by understanding IT security principles and how they may or may not relate to OT security. Likewise, IT security needs to know/understand the engineering and operations of control systems so together they can better architect secure solutions.
Today is Identity Management Day, which aims to inform business leaders, IT decision makers, and the general public about the dangers of casually or improperly managing and securing digital identities by raising awareness, sharing best practices, and leveraging the support of vendors in the identity security space. The Identity Defined Security Alliance, which operates in partnership with the National Cybersecurity Alliance (the host of National Cybersecurity Month) has posted information and resources to its website to help with this effort.
Yesterday President Joe Biden announced his intent to nominate key members of his administration to lead on national security, homeland security, and law enforcement at the White House and across key agencies. Two of the positions include the National Cyber Director, which is new, and the Cybersecurity and Infrastructure Security Agency (CISA) Director, a role in which Brandon Wales has served in an acting capacity since November.
Credit rating agency Fitch Ratings published an advisory last week announcing that cybersecurity attacks and preparedness efforts “could pose financial and operating risks that ultimately affect utility credit quality.”
The Cybersecurity and Infrastructure Security Agency (CISA) has published its 2020 Year in Review report, discussing its activities in the past year in support of the physical security and cybersecurity of the nation, including its critical infrastructure. The report includes a timeline of events, which include a number of emergency directives CISA released, including one in December to address the SolarWinds exploitation campaign.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
