Ampyx Cyber Blog
The Intersection of Regulation & Resilience
NERC’s CIP Roadmap and the Future of Grid Cybersecurity
NERC’s new CIP Roadmap signals a major shift in how cyber risk will be regulated across the power grid. This Policy Pulse explains what NERC released, why it matters, what standards and guidance are coming next, and how utilities, generators, and grid operators should prepare for expanding CIP scope and enforcement.
FERC Staff Report Offers Lessons Learned from 2024 CIP Audits: What You Need to Know
In its 2024 CIP audit report, the Federal Energy Regulatory Commission (FERC) shared critical lessons learned from the latest round of reliability audits, revealing key areas where NERC-registered entities can strengthen their security posture. While many organizations successfully met compliance requirements, the report highlighted specific gaps in asset categorization, control center segmentation, and data protection that could pose significant operational risks.
Securing Control Center communications is more than encryption
While encryption meets the security objective of CIP-012, entities can utilize additional security controls to provide a defense in depth approach and in some cases utilize controls other than encryption.