CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – February 13, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Yesterday, CISA—on behalf of the collective group of industry and government partners that comprise the Joint Cyber Defense Collaborative (JCDC)—released JCDC’s 2024 Priorities. Similar to the 2023 JCDC Planning Agenda, JCDC’s 2024 Priorities will help focus the group on developing high-impact and collaborative solutions to the most pressing cybersecurity challenges.
The focused goals of the 2024 priorities are to:
WaterISAC and the National Rural Water Association (NRWA) recently announced a formal collaboration effort intended to educate rural utilities across the country about both cyber and physical security threats. The collaboration comes in hopes to increase resilience efforts among some of the country’s smallest and often overlooked utilities, including 25,000 NRWA members that serve populations of 3,300 or fewer.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Similar to the subcommittee hearing last week, another one was held Tuesday that focused on the water sector, titled “Securing Operational Technology: A Deep Dive into the Water Sector.” The witnesses included top water trade officials as well as leaders from Dragos and MITRE. Much of what was explored centered around the need for more cybersecurity technical resources, specifically for OT systems.
Yesterday, WaterISAC sent an advisory to members regarding the joint Cybersecurity Advisory (CSA) and guidance related to Volt Typhoon. The CSA confirms that these state-sponsored affiliated actors have an interest in and have compromised water and wastewater systems sector assets. Specifically, the U.S.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
WaterISAC is sharing this for broader awareness of the threat against out-of-date VMware ESXi servers, on the impact such incidents can have on mission critical resources, and most importantly how this incident enabled adversaries to access and encrypt a broadband radio network.
We are excited to announce the H2OSecCon Spring 2024 call for presentations!
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
