As operational technology (OT) environments continue to expand and interconnect with diverse IoT devices, the cybersecurity landscape is evolving rapidly. Today’s briefing highlights key developments in OT security, from strategic acquisitions and new federal guidelines to targeted ransomware attacks and critical vulnerability disclosures.
Dragos Acquires xIoT Security Firm Phosphorus to Expand OT Coverage
Dragos has acquired Phosphorus, an xIoT security specialist, to broaden its OT security platform into the wider “xOT” space that includes billions of connected IoT devices within critical infrastructure. Phosphorus’s platform enhances visibility by identifying connected assets, assessing exposures, and automating remediation actions such as password rotation and firmware updates at scale. Dragos CEO Robert M. Lee emphasized the need for unified visibility across all devices to secure the extended OT environment effectively.
Source: SecurityWeek
CISA Issues 15 ICS Advisories for ABB, Schneider Electric, Mitsubishi Electric, and Others
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released 15 new ICS security advisories covering vulnerabilities in products from major vendors including ABB, Schneider Electric, and Mitsubishi Electric. These advisories impact sectors such as maritime navigation, building automation, physical security, EV charging, and industrial manufacturing. A notable highlight is a session hijacking vulnerability affecting ABB EIBPORT controllers, underscoring the ongoing risk posed by unpatched OT devices.
Source: CISA
NIST Releases Draft SP 1800-41 — Ransomware Response and Recovery Guide for Manufacturing OT/ICS
NIST and the National Cybersecurity Center of Excellence published the draft of Special Publication 1800-41, offering comprehensive guidance for ransomware response and recovery in manufacturing OT/ICS environments. Developed with input from industry leaders like Dragos and Siemens, the framework addresses the critical gap that only 54% of OT and ICS systems are currently backed up. The guide outlines a five-phase approach emphasizing physical safety and deterministic restoration, with a public comment period open through July 8, 2026.
Source: Homeland Security Today
Cl0p Ransomware Group Targets Naval Shipyard OT Systems in Early 2026 Intrusion
Netwitness published a detailed incident response case study revealing that the Cl0p ransomware group targeted a naval shipyard’s OT systems in early 2026. The attackers initially compromised corporate IT via phishing, then moved laterally through Active Directory before accessing OT jump boxes controlling propulsion and weapons systems. Detection of anomalous SMB traffic and PowerShell activity enabled responders to isolate OT networks at the DMZ, preventing ransomware deployment without disrupting production.
Source: Netwitness
CISA Schedules June Town Halls on CIRCIA Cyber Incident Reporting Rule for Critical Infrastructure
CISA announced virtual town hall meetings starting June 15, 2026, to solicit stakeholder feedback on the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) rulemaking. The sessions will include representatives from all 16 critical infrastructure sectors, focusing on compliance requirements such as mandatory incident reporting within 72 hours and ransom payment disclosures within 24 hours. This rule will impose significant new obligations on OT-heavy industries to enhance incident transparency.
Source: Industrial Cyber
As OT environments grow more complex and interconnected, maintaining continuous vigilance remains essential. Stay informed, apply timely updates, and prioritize proactive security measures to safeguard critical infrastructure against evolving threats.
