Today’s OT/ICS/IoT/CPS briefing: five concise updates on incident response capacity, major industry M&A, a wide-reaching ransomware supply-chain disruption in mining, critical UPS management card vulnerabilities, and U.S. telecom supply-chain review amid an ongoing espionage campaign.
Experts warn of a mismatch in U.S. OT incident‑response capacity
Speakers at the Critical Effect conference warned that a large-scale cyberattack against operational technology in U.S. critical infrastructure would quickly overwhelm available online and offline response resources. Panelists highlighted cross‑sector dependencies—such as power affecting water and hospitals—and argued that even an attack affecting 1% of U.S. community water systems could exceed global OT incident‑response capacity. The session also noted Accenture’s acquisition of a majority stake in Dragos and quoted Dragos leadership on improved OT incident‑response capabilities.
Accenture acquires majority stake in Dragos in roughly $4.1B deal
Accenture has purchased a majority stake in Dragos for an investment reported at about $4.1 billion, reflecting increased convergence of IT and OT security needs. The deal underscores growing market demand for industrial cybersecurity, driven by rising attacker focus on OT systems that can cause real‑world disruptions. The acquisition positions a major professional services firm deeper in the OT security market.
Scope Systems ransomware incident disrupts dozens of mining customers
A ransomware attack on Scope Systems’ hosted ERP stack disrupted operations at dozens of primarily Australian mining companies, including major gold producers. Industry sources described the event as the broadest‑reaching cyber incident in mining history by number of affected firms, and it highlighted IT/OT convergence risks from cloud‑hosted ERP and IIoT monitoring. The incident follows survey findings that many mining cyber incidents originate via third‑party supplier access to CPS.
Critical Vertiv UPS management‑card flaws allow bypass and remote code execution
Claroty Team82 disclosed two critical vulnerabilities in Vertiv Liebert IS‑UNITY‑DP and Liebert RDU101 management cards: CVE‑2025‑46412, an authentication bypass (CVSS 9.8), and CVE‑2025‑41426, a stack‑based buffer overflow enabling remote code execution (CVSS 9.8). An unauthenticated attacker could access the UPS web interface and potentially force shutdowns or manipulate UPS state during power events, impacting data centers, hospitals, manufacturing OT, and financial infrastructure. Vertiv has released firmware fixes for the affected devices.
FCC reviews telecom supply‑chain reporting amid Salt Typhoon espionage
The U.S. Federal Communications Commission is seeking public comment on information collection requirements tied to its supply‑chain security oversight under the Secure and Trusted Communications Networks Reimbursement Program. The review occurs against the backdrop of the Salt Typhoon campaign, a long‑running cyber espionage operation linked to state‑backed actors that has targeted global telecommunications and ISP infrastructure. The campaign has exploited routing and edge device vulnerabilities to extract configuration data and maintain persistent access.
