Water Sector
5 articles covering water OT/ICS security
Water Sector Cyber Threats 2026 — From Oldsmar to Nation-State Pre-Positioning
Water and wastewater systems face a growing and diverse cyber threat — from opportunistic attacks exploiting internet-exposed HMIs to sophisticated nation-state pre-positioning campaigns. This briefing covers the current threat landscape, attack vectors, and sector-specific defensive priorities.
Volt Typhoon Pre-Positioning in US and UK OT Networks
China-nexus threat actor Volt Typhoon has systematically infiltrated operational technology networks across US and UK critical infrastructure sectors, establishing persistent footholds in energy, water, and communications systems for potential future disruption.
OT Network Segmentation: Purdue Model, DMZ Design, and Historian Isolation
A practical guide to network segmentation in OT environments, covering the Purdue Reference Model, industrial DMZ architecture, data historian isolation, and the tradeoffs between operational access and security posture.
Modbus and DNP3: Inherent Security Weaknesses in Legacy Industrial Protocols
Modbus and DNP3 were designed for reliability and interoperability, not security. An analysis of the structural security weaknesses in both protocols—unauthenticated commands, lack of encryption, spoofing, and replay attacks—and the compensating controls available to practitioners.
The OT Asset Inventory Problem: Visibility Gaps, Passive Discovery, and Unmanaged Devices
Most industrial operators cannot accurately enumerate the devices on their OT networks. This visibility gap is the foundational barrier to OT security—you cannot protect what you cannot see. A practical look at passive discovery tools, the limits of vendor inventories, and strategies for building actionable asset visibility.