Daily OT Security News – April 28, 2026
The operational technology (OT), industrial control systems (ICS), and Internet of Things (IoT) security landscape continues to evolve rapidly amid increasing threats targeting critical infrastructure and distributed assets. As adversaries expand their tactics and attack surfaces, defenders must stay informed on emerging risks and developments to protect vital systems that underpin energy, water, and manufacturing sectors worldwide.
OT-ISAC Flags Rising Energy Sector Cyber Risk as OT Exposure Spreads Beyond Control Rooms
The OT Cybersecurity Information Sharing and Analysis Center (OT-ISAC) issued a comprehensive advisory highlighting escalating cyber threats across the energy sector from November 2025 to April 2026. Key concerns include destructive attacks in Poland’s renewable and combined heat and power environments, exploitation of internet-facing PLCs linked to Iranian actors, and ongoing targeting of engineering workstations and energy-sector vulnerabilities. The advisory underscores that cyber risk now extends to remote renewable sites, RTUs, PLCs, protection relays, battery energy storage systems (BESS), distributed energy resources (DER), EVSE backends, and identity systems.
Source: Read full article
CISA and NCSC Warn of Firestarter Malware Enabling Persistent Backdoor Access to Cisco Firewall Infrastructure
CISA and the UK’s National Cyber Security Centre (NCSC) jointly released an analysis of the ‘Firestarter’ malware, a Linux ELF backdoor targeting Cisco Firepower and Secure Firewall devices. Firestarter allows remote control of systems running ASA or Firepower Threat Defense software and persists through firmware updates and reboots, requiring a full power cycle to remove. Emergency Directive 25-03 mandates federal agencies to identify and mitigate compromises, with initial access linked to exploitation of CVE-2025-20333 and CVE-2025-20362.
Source: Read full article
Major Critical Infrastructure Supplier Itron Reports Cyberattack on Smart Meter Networks
Itron disclosed a cyberattack on its corporate networks detected on April 13, 2026, affecting its smart meter and energy/water measurement device operations. While remediation efforts are underway and customer data access is not believed to have occurred, the company has not detailed the compromised systems or attack discovery methods. This incident highlights growing supply chain risks to critical infrastructure sectors, given Itron’s extensive footprint across electric, gas, and water utilities worldwide.
Source: Read full article
ICS Intrusion Detection Systems Have Significant Blind Spots, New Research Finds
Research from RWTH Aachen University reveals three major blind spots in ICS intrusion detection systems impacting their effectiveness in operational environments. The study notes conflicting results from discretization methods, scalability and false alert issues with LLM-based detection on large clusters, and the inability of timing-based systems to differentiate cyberattacks from benign wireless interference such as 5G or Wi-Fi. Procurement teams face challenges in evaluating IDS products due to unclear vendor optimization metrics, creating gaps between marketed and actual performance.
Source: Read full article
U.S. Legislation Introduced to Allow Critical Infrastructure Operators to Neutralize Rogue Drones
Senator Tom Cotton introduced the Critical Infrastructure Airspace Defense Act to empower federally certified personnel at critical infrastructure facilities with legal authority to detect and neutralize unauthorized drones. The bill addresses existing legal gaps preventing private operators from countering drone threats and proposes a $250 million grant program (FY2027–2031) to support deployment of approved counter-drone technologies. This legislation aims to strengthen defenses for power plants, nuclear sites, pipelines, and other vital assets against growing unmanned aircraft system risks.
Source: Read full article
As cyber threats continue to evolve and expand across operational environments, staying vigilant and informed remains critical for all OT/ICS/IoT stakeholders. Regularly updating defenses, sharing intelligence, and understanding emerging risks will be essential to safeguarding our critical infrastructure.
