Daily OT Security News: July 16, 2026

Today’s briefing highlights escalating threats from state-sponsored actors targeting critical infrastructure, ongoing challenges in patch management, and significant shifts in OT security strategies. Advances in supplier cybersecurity due diligence and AI-driven vulnerability remediation also underscore evolving defenses in the OT/ICS landscape.


Iranian APT Exploits Rockwell PLCs Across US Critical Infrastructure

Since March 2026, Iran-linked APT actors associated with the IRGC Cyber Electronic Command have actively exploited internet-facing Rockwell Automation PLCs, including CompactLogix and Micro850 models. Targets span government services, water/wastewater, and energy sectors, with attackers leveraging leased third-party infrastructure and Rockwell’s Studio 5000 Logix Designer software to extract project files and manipulate HMI/SCADA displays. Key targeted ports include 44818, 2222, 102, 22, and 502. Siemens S7 PLCs may also be at risk. Mitigations focus on removing PLCs from direct internet exposure, setting physical mode switches to run, and reviewing related IOCs.

Source: CISA Joint Advisory AA26-097A


Only 31% of Critical Infrastructure Organizations Patch Critical Flaws Within Three Days

Onyxia Cyber’s third annual CISO report, surveying 300 CISOs, reveals critical infrastructure sectors significantly lag in patch management. Merely 31.3% of these organizations aim to resolve critical vulnerabilities within three days, compared to 61.4% in financial services and 69.0% in IT/technology. Notably, zero critical infrastructure CISOs mandate 100% MFA coverage, versus 35% in finance. The sector also trails in phishing reporting expectations, highlighting systemic identity and access management blind spots affecting power grids, water systems, and transportation.

Source: Onyxia Cyber / Automation.com


OT Security Evolves from Compliance to Risk-Informed, Performance-Based Programs

Industry experts from E-ISAC, Imperium Global Advisors, and consulting firms emphasize a major OT security paradigm shift driven by NERC CIP-015. Organizations are moving beyond checkbox compliance toward risk-informed, performance-based programs with entity-defined network baselines. Attackers increasingly exploit trusted tools and insider access, including potential foreign adversaries. Chinese nation-state activities employ stealthy techniques evading traditional detection, while AI accelerates both vulnerability discovery and attack sophistication. Regulatory harmonization efforts continue to face challenges despite multi-administration initiatives.

Source: Industrial Defender Blog


NIST SP 1326 Formalizes Supplier Cybersecurity Due Diligence in OT Procurement

NIST finalized SP 1326, providing a quick-start guide for assessing cybersecurity supply chain risks prior to OT procurement. The framework evaluates foreign ownership, provenance, resilience, and foundational cybersecurity practices. Concurrently, the US Department of War suspended CMMC Phase II transition for a 60-day review, delaying third-party certification planned for November 2026. Australia’s CISC launched consultations on 21 reforms to the Security of Critical Infrastructure Act, addressing AI misuse and interconnected system risks. Vendors Fortinet, Tosi, and Cyolo expanded OT visibility, segmentation, and secure access solutions.

Source: Takepoint Research


Bastazo and Nozomi Networks Launch AI-Driven OT Vulnerability Remediation Platform

Bastazo and Nozomi Networks announced an integrated AI-powered platform to bridge vulnerability detection and automated remediation for critical infrastructure operators. The solution fuses Nozomi’s asset inventory, vulnerability data, and network topology with Bastazo’s attack simulation engine. It prioritizes vulnerabilities using AI-driven SSVC, focusing on the 3-5% posing genuine risk, and automates remediation playbooks aligned with OT change windows and safety protocols, supporting NERC CIP and NIST CSF audits. Advanced attack path analysis simulates adversary movement to identify highest-impact control points.

Source: Yahoo Finance / PR Newswire


Analyst Note: The OT/ICS threat landscape in mid-2026 is marked by sophisticated state-sponsored intrusions exploiting legacy and internet-facing assets, compounded by persistent patching and identity management gaps. Emerging AI-driven defenses and formalized supply chain due diligence offer promising advances, but organizations must accelerate risk-informed security adoption to mitigate evolving adversary tactics.

Share this