Ampyx Cyber Blog
The Intersection of Regulation & Resilience
NERC MSPP Rules of Procedure: Standards Committee Retired in May 2026 Draft
NERC's May 2026 draft Rules of Procedure revisions retire the Standards Committee, eliminate ballot pools, restructure the Registered Ballot Body, and create a new Reliability Standards Body under the RISC. The MSPP Task Force implementation package is the most consequential governance change to NERC standards development since the ERO model was certified in 2006.
Computational Load and the Convergence Problem: What NERC's May 2026 Actions Mean for Critical Infrastructure
Documented load losses approaching one thousand megawatts in seconds. A Level 3 Essential Action Alert. A final Reliability Guideline. Proposed registration of a new Computational Load Entity. NERC's May 2026 actions mark a structural shift in how data centers, hyperscale AI training, and cryptocurrency mining are treated under the North American grid reliability framework.
What Multi-Region Entities Need to Know About Coordinated Oversight in 2026 [Updated]
NERC's Coordinated Oversight Program lets multi-region entities consolidate compliance monitoring under one Lead Regional Entity, eliminating duplicate audits across six footprints. New for 2026: Category 2 GO/GOP eligibility opens May 15, annual asset verification becomes formal, periodic group reviews go standard. Breakdown of qualifications, modification paths, and audit prep questions.
Protocol Converters: The 2023 SAR Just Got Validated (Again)
The 2023 NERC SAR asked whether protocol converters belong inside CIP-002. A new disclosure of 22 CVEs in serial-to-Ethernet hardware, set against a decade of advisories across the category, settles the question. The categorization debate now has its empirical record, and asset owners have CIP-007 R2 and CIP-013 work to do that does not wait for the standard.
Funded, Not Secured: The April 20 DPA Determinations & the Bulk Electric System
Two April 20 Defense Production Act determinations expand domestic capacity for grid components and large-scale energy infrastructure. Neither addresses cybersecurity. For the electric sector, NERC CIP and Order 693 standards still apply. A practitioner's view of intersections with CIP-013, CIP-014, PRC, FAC, and TPL, and why domestic capacity is not domestic assurance.
Inside the ERPQ: How One Form Shapes Your Audit
NERC's Currently Compliant Episode 9 introduced the consolidated Entity Risk Profile Questionnaire (ERPQ). What the podcast did not draw is the bigger picture: with ICE eliminated and continuous internal controls evaluation now embedded across CMEP, the ERPQ is the entry point into how the ERO Enterprise sees you for every monitoring cycle.
Is Something Weird Happening on Your System?
Learn how critical infrastructure operators can spot the early signs of cyber intrusions directly from the control room. Drawing on the latest NERC and CISA guidance, this updated guide details specific physical hardware, workstation, and SCADA anomalies to watch for. Empower your frontline staff with a proactive "See Something, Say Something" cyber defense strategy tailored for OT environments.
Cyber-Informed Transmission Planning: Seven Pilots, CIP Leverage
NERC's April 2026 release of the Cyber-Informed Transmission Planning lessons learned captures seven 2024 pilots. None triggered a corrective action plan. The report's most consequential finding: strengthening low-impact CIP requirements is likely a more cost-effective leverage point than expanding TPL-001 to embed coordinated cyber contingencies.
CMEP Version 9: Maintenance on the Surface, Three Signals Underneath
NERC released CMEP Manual Version 9 on March 1, 2026. On the surface it is a maintenance release. Underneath, three signals matter: the Global Internal Audit Standards join the authoritative guidance stack, Rules of Procedure Appendix 4C moved, and a decade-old CIP Version 3 artifact got scrubbed from the Sampling Guide. None of it redraws CMEP. All of it reinforces v8's direction.
CIP-003 Low Impact Vendor Remote Access: Expert Audit Questions
A deep dive into NERC’s Currently Compliant Podcast Episode 8, extracting every key question being asked about CIP-003-9 vendor remote access. These questions provide a clear view into audit expectations across the ERO Enterprise and highlight where entities are struggling with visibility, control validation, and monitoring of vendor access.
Claude Mythos and the OT Threat Horizon: What Utility Operators Need to Know Now
Anthropic's Claude Mythos can autonomously discover zero-day vulnerabilities across every major OS and browser, and the same codebases run in OT/SCADA environments. This post breaks down why Mythos-class AI exploitation tools directly implicate utility operators, which NERC CIP obligations are already in play, and what actions defenders should take before the patch window closes.
FERC Issues Orders on Virtualization and Low Impact: What Changed and What You Need to Do
FERC unanimously approved Order Nos. 918 and 919 on March 19, 2026, finalizing CIP virtualization standards and new low-impact BES Cyber System controls, plus an updated "Control Center" definition. All CIP-registered entities are affected. Implementation windows are 24 and 36 months respectively. Compliance programs should begin gap assessments now.
The E-ISAC's 2025 Report: Real Progress, Remaining Constraints
The E-ISAC's 2025 End-of-Year Report shows real growth in membership, engagement, and threat intelligence output. But a structural challenge rooted in its funding and governance relationship with NERC continues to limit the incident sharing that collective defense depends on. Comparing E-ISAC's reported numbers against peer ISACs in health and financial services reveals how much ground remains.
Cyber on Tap, Part Two: New York's Water Cybersecurity Regulation Is Now in Force
New York's Appendix 5-E cybersecurity regulation for public water systems took effect March 11, 2026, making it the first mandatory, enforceable water cybersecurity framework in the country. This post covers who is in scope, what is required, when it is due, and what resources are available to help. It also examines what New York's action means in the context of a federal policy environment that is actively stepping back from sector-specific cybersecurity regulation.
Industry Recognition: Patrick Miller Inducted into Industrial Cyber Hall of Fame
Ampyx Cyber President and CEO Patrick Miller has been inducted into the Industrial Cyber Hall of Fame, joining a distinguished group of practitioners who helped define industrial cybersecurity as a discipline. The recognition highlights over three decades of work in grid security, NERC CIP development, and critical infrastructure protection around the globe.
National Cyber Strategy: What It Means for Critical Infrastructure
The Trump administration released its long-awaited National Cyber Strategy. Six pages, six pillars, and a clear signal that federal cyber policy is shifting toward offensive posture and regulatory streamlining. For critical infrastructure operators, the document raises more questions than it answers. Here is what it says, what it doesn't, and what you should do about it.
Redesigning the Machine: NERC Board Accepts Transformational Standards Modernization Plan
The NERC Board has approved a historic transformation of the standards development process to meet the speed of the modern grid. Aiming for a 12–18 month timeline, the new framework re-engineers how NERC addresses risks from data centers, IBRs, and VPPs. Read our deep dive into the 2027 roadmap, the new SME pool, and the upcoming shift in voting eligibility.
Poland's Energy Sector Attack: When Cyber Sabotage Targets OT [Updated]
On December 29, 2025, Poland experienced coordinated destructive cyberattacks across 30+ wind/solar farms, a CHP plant, and manufacturing. Attackers exploited FortiGate devices without MFA, used default credentials on OT equipment, and deployed custom wiper malware designed to damage industrial controls. Every failure was preventable.
Humans, Engineering Shifts, Required Investment, and Commitment for Operational Security
New secure connectivity guidance describes a greenfield target architecture, but most OT environments are brownfield reality. True resilience isn't achieved through technology alone. Human expertise, manual operating capability, physical engineering controls, and sustained investment are equally critical. Without these foundations, digital security layers risk becoming expensive new failure modes.
How CMEP Version 8 Reshapes NERC’s Compliance Model
The CMEP Version 8 does not rewrite NERC compliance, rather it stabilizes it. Building on years of evolution, the updated Manual reinforces risk-based oversight, professional judgment, technical competence, and enterprise consistency across all Reliability Standards. The result is a more mature, defensible compliance model that shapes how audits, enforcement, and reliability governance now operate.