Remote access has become part of normal operations in industrial environments. The ability to remotely connect to a network adds a great deal of convenience for end users, engineers, systems administrators, integrators, and support vendors. However, it also provides an opportunity for threat actors to infiltrate the network. Methods of remotely connecting securely should be implemented to minimize risk.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
Multiple organizations have stepped forward to provide the resources small utilities need to defend themselves from cyber threats with mostly no-cost solutions. The Institute for Security and Technology (IST) has launched a new pilot program called “UnDisruptable27” focusing on the nexus of water and urgent care to prioritize the safety, security, and resilience of basic lifeline human needs, especially at the local level.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Do you use CISA’s free products and services, such as the Vulnerability Snapshots and the Cyber Risk Summary: Water and Wastewater Systems Sector, etc.? Even if you don’t, those reasons are of interest too.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT Vulnerability Management
Today, CISA, the FBI, and other U.S. and international partners released a joint Cybersecurity Advisory (CSA) titled “Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure”. The joint advisory provides cybersecurity threat intelligence, along with tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) linked to cyber actors from the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155).
The Office of the National Cyber Director released a report Tuesday, “Roadmap to Enhancing Internet Routing Security,” designed to help fortify a vulnerable element of the internet known as Border Gateway Protocol (BGP). Administration officials have cautioned that certain technical rules for internet data routing, which is BGP, are vulnerable to hackers, and that the United States is not adequately prepared to safeguard against it.
A recent report from LexisNexis Risk Solutions reveals a concerning trend in password attacks, highlighting that as many as one in four password reset attempts via desktop browsers are fraudulent. Researchers identified approximately 70,000 weekly password reset attacks in the UK, a significant escalation attributed to "detail change" attacks, which surged by 232% in 2023.
On Tuesday, the Michigan Department of Environment, Great Lakes, and Energy (EGLE) unveiled an initiative aimed at enhancing cybersecurity preparedness for drinking water and wastewater treatment operators throughout Michigan. This initiative intends to establish a comprehensive strategy that bolsters operators' resilience against both online and offline threats.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
