As the operational technology (OT) and industrial control system (ICS) landscape continues to evolve, emerging vulnerabilities and strategic shifts in infrastructure security dominate the headlines. Today’s briefing highlights critical advisories, new governance initiatives, and evolving cybersecurity mandates shaping the future of OT security.
CISA Issues Multiple ICS Advisories Including Critical CVSS 10.0 Flaw in StoneFly Storage Concentrator
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a series of ICS advisories on June 30, 2026, identifying significant vulnerabilities across several industrial control system products. Most notably, the StoneFly Storage Concentrator is affected by a critical CVSS 10.0 flaw encompassing five CVEs. Additional severe vulnerabilities were reported for Mitsubishi Electric MELSOFT and the OFFIS DCMTK Toolkit, highlighting widespread risks across OT environments.
Source: CISA ICS Advisories
DHS Launches ANCHOR-CI: New Critical Infrastructure Advisory Councils Outside Federal Transparency Rules
The Department of Homeland Security has established ANCHOR-CI, a new advisory council designed to enhance collaboration between critical infrastructure operators and government agencies. Replacing the previous partnership council disbanded in 2025, ANCHOR-CI will operate under CISA oversight but is exempt from the Federal Advisory Committee Act, enabling more sensitive risk discussions without public disclosure requirements.
Source: GovInfoSecurity
NCSC Publishes Penetration Tester Insights on Hardening OT and Critical Infrastructure Networks
The UK’s National Cyber Security Centre (NCSC) released new guidance on July 1, 2026, drawing from penetration testers’ experiences to bolster OT and critical infrastructure defenses. Key recommendations include secure-by-design approaches, phishing-resistant multi-factor authentication, elimination of default credentials, and strict IT/OT network segmentation to prevent lateral movement. The guidance also underscores the importance of robust logging and monitoring capabilities for effective threat detection and response.
Source: Infosecurity Magazine
Bajaj Auto Confirms Ransomware Attack Disrupting Manufacturing Operations
Indian automotive manufacturer Bajaj Auto has confirmed a ransomware attack that disrupted parts of its IT infrastructure and that of its technology subsidiary in late June 2026. This incident caused operational disruptions and contributed to a decline in the company’s share price despite strong sales performance. Manufacturing remains the most targeted industrial sector for ransomware in 2026, accounting for nearly 29% of total incidents.
Source: NDTV Profit
White House Executive Order 14412 Mandates Post-Quantum Cryptography Migration for Critical Infrastructure by 2030
On June 22, 2026, the White House issued Executive Order 14412, mandating all federal agencies, contractors, and critical infrastructure sectors to adopt post-quantum cryptography (PQC) by 2030 for key establishment and by 2031 for digital signatures. The order tasks CISA with coordinating this migration alongside Sector Risk Management Agencies and requires dedicated PQC migration leads. Experts caution that legacy OT and IoT systems present unique challenges due to hardware limitations and extended device lifecycles.
Source: Entrust
As cyber threats to OT and critical infrastructure grow increasingly sophisticated, vigilance and proactive security measures remain essential. Stay informed and prepared to defend against emerging risks in this dynamic environment.