ICS-security

CISA and Five Allies Tell You Not to Put LLMs in Safety-Critical OT Systems — Here's the Actual Guidance

A joint guidance document issued by CISA, the Australian Signals Directorate's ACSC, and international partners establishes principles for integrating AI into operational technology environments. The guidance explicitly differentiates acceptable AI use by Purdue Model layer, warns against LLM-first approaches for safety-critical decisions in OT, and requires AI vendors supplying OT environments to provide software bills of materials, data residency documentation, and transparent AI feature disclosure. For organizations running smart buildings and industrial systems, this is the clearest official framework yet for AI in OT.

May 26, 2026

CISA's May 2026 ICS Advisory Wave: Schneider Electric, Advantech, Axis, Rockwell, and Mitsubishi

CISA's May 2026 ICS advisory release covers critical vulnerabilities across five major industrial and building automation vendors: Schneider Electric EcoStruxure Foxboro DCS, Advantech WebAccess/SCADA, Axis Communications security cameras, Rockwell Automation Micro820/850/870 controllers, and Mitsubishi Electric ICONICS products. The highest-severity advisory involves a CVSS 9.8 deserialization vulnerability in Schneider's DCS Advisor component. Combined, the advisories affect SCADA systems, IP cameras, PLCs, and building HMI software that are standard in smart office and industrial deployments.

May 19, 2026

CVE-2026-32746: The Telnet Vulnerability in Legacy OT That Gives Attackers Root Before the Login Prompt

CVE-2026-32746 is a pre-authentication remote code execution vulnerability in GNU Inetutils telnetd, scoring 9.8 Critical on CVSS 3.1 and affecting all versions up to and including 2.7. An unauthenticated attacker can trigger root-level code execution during the initial TCP handshake — before any login prompt appears. The vulnerability affects embedded systems, PLCs, SCADA components, and IoT devices that expose telnet interfaces, as well as major Linux distributions that include Inetutils in their default package sets.

May 15, 2026

VoltRuptor: The ICS/SCADA Malware Being Sold on Dark Web Markets That Targets Industrial Infrastructure

A sophisticated ICS and SCADA malware toolkit called VoltRuptor, attributed to a group calling itself the Infrastructure Destruction Squad, is being sold through dark web channels in 2026. The malware supports multiple industrial protocols, includes persistence and anti-forensics capabilities, and is designed explicitly to cause operational disruption in industrial environments. Its availability as a commercial product lowers the barrier to sophisticated OT attacks significantly.

May 12, 2026

NIST's New OT Visibility Project: Why You Can't Secure What You Can't See in a Smart Office Network

NIST's National Cybersecurity Center of Excellence has announced a new initiative focused on helping critical infrastructure organizations gain visibility into their operational technology environments. The project addresses a foundational problem that smart office and connected building operators face: most organizations do not have an accurate, current picture of what OT and IoT devices are on their networks or what those devices are doing.

April 27, 2026

The Skills Gap Is Now a Breach Statistic: What the SANS 2026 Workforce Report Means for OT and Smart Building Security

The SANS 2026 Cybersecurity Workforce Research Report, released at RSAC 2026, found that skills gaps — not headcount shortages — have become the leading workforce challenge in cybersecurity, with 27% of organizations reporting breaches directly linked to capability gaps. In OT and smart building environments, where specialized knowledge is scarce and AI is eliminating the training pipeline, the implications are severe.

April 26, 2026

Lights Out: How Power Grid Attacks Are Crippling Smart Cities in the 2026 Conflict

Iraq went dark. Iran hit 1% connectivity. When the power grid falls, smart cities become dumb targets. Here's the pattern emerging from the 2026 conflict — and what it means for IoT-dependent enterprises.

March 8, 2026

When Water Becomes a Weapon: Critical Infrastructure Under Fire in the 2026 Iran Conflict

Iran just struck a Bahrain desalination plant. The US hit one in Iran. Meanwhile, IRGC-linked hackers have been inside American water systems since 2023. Here's what the 2026 war means for water infrastructure security.