NERC’s new CIP Roadmap signals a major shift in how cyber risk will be regulated across the power grid. This Policy Pulse explains what NERC released, why it matters, what standards and guidance are coming next, and how utilities, generators, and grid operators should prepare for expanding CIP scope and enforcement.
Read MoreVolt Typhoon represents a quiet but strategic cyber threat to U.S. electric utilities, characterized by long-term access and persistence rather than immediate disruption. Rather than deploying malware, the actor relies on legitimate administrative tools to maintain durable access inside critical infrastructure networks. This blog examines what makes Volt Typhoon different and why early detection depends on behavioral context, not signatures.
Read MoreUEFI Secure Boot is widely assumed to be enabled and enforcing, yet recent vulnerabilities show how easily trust at boot time can silently fail. NSA’s new guidance breaks down how Secure Boot actually works, where configurations commonly go wrong, and how organizations can validate and recover trust in the earliest stages of system startup.
Read MoreThe 2025 USCC Annual Report outlines national security risks from PRC-linked technologies in the U.S. energy sector. It offers clear, field-informed recommendations, including testimony from Ampyx Cyber’s CEO, on supply chain threats, OT device transparency, and cyber response. Read the full analysis and policy roadmap.
Read MoreCISA’s Cybersecurity Performance Goals 2.0 reshape baseline expectations for critical infrastructure. The update elevates governance, strengthens OT-specific requirements, and shifts from checklist controls to outcome-driven resilience. This Policy Pulse post breaks down what changed, why it matters, and how operators should prepare.
Read MoreThe 2025 National Security Strategy weaves cybersecurity into every major national priority, from resilient infrastructure and protected supply chains to technology leadership and secure global partnerships. This overview highlights the core cyber related themes and what they signal for critical infrastructure and industry.
Read MoreThe Electric Reliability Organization’s (ERO) 2026 Compliance Monitoring and Enforcement Program Implementation Plan (CMEP) signals a new era in how risk-based oversight keeps pace with a rapidly transforming grid. Released in October, the plan refines NERC’s compliance priorities for the coming year, retiring Incident Response as a distinct risk element and introducing Grid Transformation as a central theme.
Read MoreNERC calls grid reliability a “five-alarm fire.” With data centers, AI, and extreme weather straining capacity, CIP programs must evolve from reactive compliance to proactive resilience. This post outlines how utilities can strengthen controls, close documentation gaps, and build CIP programs ready for the future grid.
Read MoreNATF has released new CIP-015 INSM guidance that confirms a risk-based approach for collection points, clarifies scope around ESP boundaries, contains numerous useful reference models, and reinforces practical retention strategies. It aligns closely with our INSM playbook, especially on passive visibility, multicast deduplication, and EACMS/BCSI determinations for INSM platforms.
Read MoreFERC’s latest CIP audit lessons for 2025 highlight three rising compliance risks. Entities are undercounting DERs in GOP control center impact ratings, outsourcing compliance work without adequate oversight, and moving EACMS or PACS functions to the cloud without a defensible evidence path. These issues now represent real audit exposure across the US bulk power system.
Read MoreFERC Order 912 marks a shift in supply chain cybersecurity for the Bulk-Power System. It directs NERC to strengthen supply chain protections by closing gaps in risk identification, reassessment, and response, and by extending coverage to Protected Cyber Assets. Vendor data validation is encouraged but not mandated, and NERC has 18 months to deliver new or revised standards.
Read MoreFERC’s September 2025 actions reshaped grid reliability standards by tightening security requirements for low-impact assets, adding authentication, encryption, and monitoring; new requirements and new definitions to support secure adoption of virtualization technologies; and expanding supply chain protections to cover Protected Cyber Assets and other connected systems.
Read MoreVirginia moves cyber into DER interconnection. State Corporation Commission (SCC) Staff proposes adopting IEEE 1547.3-2023 and the NARUC/DOE Baselines, requiring utilities to publish minimum cybersecurity standards, audit & report annually, and align Technical Interconnection (TIIR) settings for secure comms/ports. Bottom line: meeting utility cyber controls becomes a condition of interconnection.
Read MoreFERC Order 907-A clarifies CIP-015 on shared networks. INSM must monitor only east-west traffic used for access monitoring of EACMS and PACS. Non-CIP assets and data flows are out of scope, even in mixed-use or commingled PACS/EACMS environments. Learn practical patterns to filter collection, segment analytics, and produce audit-ready evidence.
Read MoreAmpyx Cyber is expanding its training portfolio with new courses designed for utilities and critical infrastructure teams. From NERC CIP Bootcamp to OT vulnerability management and ICS packet analysis, our offerings provide more ways to build cyber resilience with practical, field-tested learning.
Read MoreThe NERC 2025 RISC Report elevates cybersecurity to the core of grid reliability, alongside grid transformation, extreme events, interdependencies, and volatile energy policy. Unlike past reviews, this report is a forward-looking roadmap, urging modernization, cross-sector coordination, and resilience in a digitized, high-risk energy landscape.
Read MoreUpcoming NERC CIP-002 grid rules change which control centers fall under stricter cybersecurity protections. This post explains the new test in plain language, who is likely covered, and when local, load-serving areas can qualify for an exception. We also share a quick checklist to help utilities document what they have today and avoid surprises later.
Read MoreCISA’s new OT asset-inventory guidance puts structure behind “know your system.” This post translates it into action: a practical, prioritized field set and taxonomy you can implement now. We added a lightweight BIA overlay that links asset criticality to mission impact. We also show where to emphasize configuration baselines, change control, and logging to improve monitoring and decision quality.
Read MoreNERC CIP-015 makes east-west visibility inside the ESP mandatory. This playbook shows how to stand up INSM the right way through risk-based data feeds, ICS-aware anomaly detection, evaluation tied to incident response, and defensible evidence on a timeline to 10/1/2028 and beyond. Avoid common pitfalls and design now for the likely CIP-015-2 expansion.
Read MoreLearn how to build scalable, OT-aware security monitoring using (free, no cost) open-source tools like Security Onion, Wazuh, Malcolm, and The Hive. Whether you're launching a SOC or growing your MSSP, this guide covers deployment models, costs, timelines, and training to get you started fast - and smart.
Read More
