The National Security Agency (NSA) has released the Cybersecurity Information Sheet (CSI) “Procurement and Acceptance Testing Guide for Servers, Laptops, and Desktop Computers,” encouraging U.S. government departments and agencies operating National Security Systems (NSS) to implement a robust supply chain risk management strategy.
WaterISAC regularly provides awareness of recent CISA reporting. While direct relevance to your utility/organization on the details of each report may vary, activity alerts like this are practical for general awareness and greater understanding of active threats and adversary capabilities.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the launch of “Secure Our World,” a nationwide cybersecurity public awareness campaign to educate all Americans on how to stay safe online.
Bleeping Computer has written an article discussing the ZeroFont phishing technique and its implications for network defense.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
ICS/OT/SCADA Threats & Vulnerabilities
The cost of an insider threat compromising an organization is at the highest it’s ever been, according to a recent report from the cybersecurity firm DTEX Systems. The report also found organizations are spending more time to recover from an insider threat incident.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Six Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
The Cybersecurity and Infrastructure Security Agency (CISA) has released the new Hardware Bill of Materials Framework (HBOM) for Supply Chain Risk Management product from the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force.
Proofpoint has written a blog discussing the various social engineering tactics utilized in BEC attacks, through the lens of 10 different open-source attacks. Common themes between all the examples utilized include comprehensive reconnaissance and quickly gaining trust.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
