Daily OT Security News: July 15, 2026

Today’s OT/ICS threat landscape is defined by rapid vulnerability disclosures, new federal coordination efforts leveraging AI, renewed debate over public‑private collaboration frameworks, emerging wireless infrastructure risks, and vendor innovation toward OT‑focused zero trust. Patching activity and research disclosures underscore persistent exposure in industrial products even as policy and technology responses accelerate.

Patch Tuesday: Siemens, Schneider and Rockwell remediate multiple critical ICS vulnerabilities

Major industrial vendors released a wave of advisories addressing a range of critical defects across control systems and building-management products. Siemens published nine advisories including a CVSS 10.0 token‑invalidation flaw in Opencenter X that enables full authentication bypass and other critical fixes across Mendix, Simatic S7‑1500, Cadra and Desigo CC; Schneider Electric fixed high‑severity code‑execution and authentication‑bypass issues; and Rockwell issued 12 advisories including an unauthenticated CLI access flaw in 1715 Redundant IO and several critical DoS issues affecting CompactLogix, ControlLogix and GuardLogix controllers. Government CERTs and CISA redistributed several vendor advisories, while Germany’s VDE CERT published additional product notices.

Source: SecurityWeek, July 15, 2026

White House unveils GOLD EAGLE: an AI clearinghouse for coordinated vulnerability response

The administration launched GOLD EAGLE, an AI‑powered clearinghouse intended to accelerate exploit detection and prioritize remediation for federal agencies and critical infrastructure operators under Executive Order 14409. The initiative aims to reduce duplicative scanning and deliver prioritized guidance by using frontier AI to aggregate and triage vulnerability intelligence, positioning the program as a “force multiplier” for government‑industry resilience efforts. GOLD EAGLE is presented as a centralized mechanism to improve the pace and coordination of vulnerability response across sectors.

Source: WhiteHouse.gov, July 14, 2026

DHS proposes ANCHOR‑CI to replace CIPAC, but industry warns of missing liability protections

DHS proposed the Alliance of National Councils for Homeland Operational Resilience – Critical Infrastructure (ANCHOR‑CI) as a replacement for the terminated CIPAC program, establishing sector, cross‑sector, industry and regional councils managed by CISA to facilitate cybersecurity collaboration. While stakeholder groups such as WaterISAC and Health‑ISAC express cautious optimism about restored engagement channels, critics caution that the absence of the liability protections that existed under CIPAC may inhibit candid information sharing on sensitive vulnerabilities. The proposal seeks to rebuild government‑industry coordination while debate continues over legal safeguards that enable frank discussion.

Source: Utility Dive, July 15, 2026

Researchers demonstrate how 6 GHz Wi‑Fi AFC weaknesses could be weaponized against critical systems

Research from Penn State and Idaho National Laboratory exposes fundamental trust assumptions in Automated Frequency Coordination (AFC) systems for the 6 GHz band, showing that client‑side GPS/GNSS, DNS and NTP inputs can be spoofed to obtain unauthorized channel and power assignments or to induce denial‑of‑service conditions. Proof‑of‑concept attacks against commercial access points include location spoofing, NTP/DNS manipulation and AFC server impersonation, highlighting risks to radio towers, cellular backhaul and public‑safety links. The researchers recommend mitigations such as geofencing, multi‑source location verification, authenticated NTP/DNS and anomaly detection to reduce attack surface.

Source: Dark Reading, July 14, 2026

Cyolo launches CPS Segmentation to deliver OT‑first zero‑trust microsegmentation

Cyolo introduced CPS Segmentation, an OT‑focused zero‑trust microsegmentation product that discovers assets, maps communication flows and applies least‑privilege policies to limit lateral movement in cyber‑physical environments. The platform supports blast‑radius analysis, policy simulation and enforcement across the segmentation lifecycle, aiming to provide containment capabilities without disruptive network redesigns. Cyolo frames the product as a continuous cycle of discovery, refinement, validation and enforcement to keep policies aligned as industrial environments evolve.

Source: Konsulteer / Cyolo, July 14–15, 2026

Key takeaways for OT/ICS practitioners: prioritize remediation of newly disclosed critical vendor flaws and monitor redistributed CERT advisories; assess how national coordination efforts like GOLD EAGLE may change vulnerability triage and information sharing; engage with ANCHOR‑CI discussions while advocating for legal protections that enable frank exchanges; evaluate exposure of wireless AFC and 6 GHz deployments and apply multi‑vector location and time authenticity checks; and consider OT‑native microsegmentation to limit lateral movement without disruptive network overhauls.

Share this