Today’s briefing highlights critical developments in OT and IoT security, including new zero-trust guidance for operational technology, a severe vulnerability in an NSA OT mapping tool, and ongoing cyber threats targeting critical infrastructure. We also cover a major vendor breach and the persistent impact of decade-old IoT vulnerabilities fueling widespread attacks.
US Agencies Release Zero-Trust Guidance for Operational Technology
On May 1, 2026, CISA, FBI, and the Departments of Defense, Energy, and State jointly published guidance on implementing zero-trust principles in OT environments. The document addresses challenges such as legacy systems and physical safety, recommending governance frameworks, supply chain oversight with SBOMs, network segmentation, and identity management. While experts acknowledge the technical soundness, concerns remain over funding and support for smaller utilities and under-resourced operators.
Source: Facilities Dive
CISA Warns of Critical Vulnerability in NSA GRASSMARLIN OT Mapping Tool
CISA issued an advisory for CVE-2026-6807, a critical vulnerability in the NSA’s open-source GRASSMARLIN tool used to map ICS/OT network topology. The flaw allows attackers to exfiltrate sensitive files, potentially exposing detailed industrial infrastructure maps. Since the tool reached end-of-life in 2017, no patch will be released, and organizations are urged to remove or isolate affected instances immediately.
Source: TechJack Solutions
Itron Discloses Cyberattack on Utility Network Systems
Itron, a global supplier of smart meter devices for energy and water utilities, revealed a cyberattack on its networks discovered in mid-April 2026. The company stated it remediated unauthorized activity with no detected customer data access or operational disruption. Itron’s widespread deployment in critical infrastructure and smart city projects underscores the importance of securing vendor supply chains.
Source: TechTarget SearchSecurity
Iranian Cyber Threat Actors Escalate Attacks on US Critical Infrastructure
Since February 2026, Iran-linked cyber groups have intensified destructive campaigns targeting US and allied critical infrastructure. Their tactics include deploying data-wiping malware and exploiting vulnerabilities in PLCs and Rockwell Automation devices. CISA warns that internet-accessible infrastructure remains highly vulnerable, recommending removal of exposed devices, multi-factor authentication, and hardened administrative controls.
Source: TechTarget SearchSecurity
Decade-Old IoT Vulnerabilities Continue to Drive Millions of Cyberattacks
Security firm SonicWall reports that a single vulnerability in Hikvision IP cameras accounted for 67 million attack attempts in the UK during 2025. Despite reduced ransomware volume, successful breaches increased by 20%, disproportionately impacting SMBs. AI-enabled attacks surged by 89%, exploiting vulnerabilities including CVE-2026-22885 and CVE-2026-20761 in the EnOcean SmartServer platform, risking remote compromise of smart buildings and industrial sites.
Source: SC Media World
These developments underscore the evolving threat landscape in OT and IoT environments, highlighting the need for continued vigilance, proactive vulnerability management, and investment in security frameworks tailored to critical infrastructure.
