Last week, CISA released an update to the joint guidance “Product Security Bad Practices,” originally released in October last year. This guidance gives an overview of exceptionally risky product security practices for software manufacturers who produce software in support of critical infrastructure or national critical functions.
The bad practices are divided into three categories:
A recent report from Cybersecurity firm KnowBe4 indicates the effectiveness of security awareness training (SAT) on overall organizational security. The report, titled “Effective Security Awareness Training Really Does Reduce Breaches,” notes that organizations who implement effective SAT programs are 8.3 times less likely to appear on public data breach lists annually compared to general statistics.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Yesterday, CISA released the “JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet” to enhance information sharing between the public and private sectors in response to AI-related cyber threats. Developed in conjunction with the FBI, NSA's AI Security Center, and various industry partners including Google, IBM, and Microsoft, the playbook aims to create a “unified approach” to managing these threats.
The New York State Intelligence Center (NYSIC) recently released a TLP:CLEAR cyber intelligence bulletin titled “Best Practices to Mitigate Threat Actor Targeting of IP Cameras.” The report highlights how internet protocol (IP) cameras and other internet of things (IoT) connected devices pose a significant vulnerability for organizations that utilize them and emphasizes the need for these organizations to implement certain mitigation strategies.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
According to cybersecurity company Check Point, infostealers are on the rise with a 58% increase in infection attempts year-over-year.
Yesterday, CISA released their “Cybersecurity Performance Goals Adoption Report”, highlighting the benefits that the Cybersecurity Performance Goals (CPGs) have incurred on U.S. critical infrastructure. The CPGs are based on 7,791 critical infrastructure organizations enrolled in CISA’s Vulnerability Scanning service between August 1, 2022 and August 31, 2024.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
