Given the blurred lines between work and personal online activities, it’s not only important to keep users aware of cyber threats that put our organizations at risk, but it’s equally important to make security awareness personal and enable users to keep themselves safe from online harm.
Today, CISA, the FBI, and MS-ISAC released an updated joint guide, Understanding and Responding to Distributed Denial-Of-Service Attacks, which addresses the specific needs and challenges faced by organizations in defending against DDoS attacks. The updated guidance now includes detailed insight into three different types of DDoS techniques:
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – March 21, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as other alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
Earlier today, EPA Administrator Michael Regan and National Security Advisor Jake Sullivan sent a letter to all U.S. Governors inviting state environmental, health and homeland security Secretaries to a convening by their deputies to discuss the urgent need to safeguard water sector critical infrastructure against cyber threats.
Today, CISA—along with the NSA, FBI, and other U.S. government and international partners—published a joint fact sheet titled “PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders” which warns critical infrastructure leaders of the urgent risk posed by Volt Typhoon, the China state-sponsored threat actor, and provides guidance on specific actions to prioritize the protection of their organization from this threat activity.
A recent survey conducted by MITRE and the Harris Poll reveals that a significant portion of the U.S. population is concerned about the nation’s critical infrastructure, with cyberattacks being considered the greatest risk.
The Record has posted an overview of ongoing efforts to find a cybersecurity regulatory solution for the water and wastewater systems sector in the wake of the withdraw of the EPA memorandum last year. WaterISAC is providing this for your situational awareness.
For more details, access The Record.
On Monday, the Australian Cyber and Infrastructure Security Centre (CISC) unveiled an enhanced self-assessment tool called the Organisational Resilience HealthCheck Tool along with a refreshed “Organisational Resilience: Good Practice Guide” to complement it.
Whether your utility is considering running SCADA in the cloud or not, this new guidance from UKs National Cyber Security Centre is good for awareness of the options.
The NCSC has published new guidance on cloud-hosted Supervisory Control and Data Acquisition (SCADA).
This guidance does not aim to provide a definitive view on whether SCADA in the cloud is the best option for every OT organization. However, it will help to:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
