Ampyx Cyber Blog
The Intersection of Regulation & Resilience
Protocol Converters: The 2023 SAR Just Got Validated (Again)
The 2023 NERC SAR asked whether protocol converters belong inside CIP-002. A new disclosure of 22 CVEs in serial-to-Ethernet hardware, set against a decade of advisories across the category, settles the question. The categorization debate now has its empirical record, and asset owners have CIP-007 R2 and CIP-013 work to do that does not wait for the standard.
Is Something Weird Happening on Your System?
Learn how critical infrastructure operators can spot the early signs of cyber intrusions directly from the control room. Drawing on the latest NERC and CISA guidance, this updated guide details specific physical hardware, workstation, and SCADA anomalies to watch for. Empower your frontline staff with a proactive "See Something, Say Something" cyber defense strategy tailored for OT environments.
National Cyber Strategy: What It Means for Critical Infrastructure
The Trump administration released its long-awaited National Cyber Strategy. Six pages, six pillars, and a clear signal that federal cyber policy is shifting toward offensive posture and regulatory streamlining. For critical infrastructure operators, the document raises more questions than it answers. Here is what it says, what it doesn't, and what you should do about it.
New Joint Agency Guidance: Secure Connectivity Principles for OT
A Five Eyes plus European intelligence coalition has published a new doctrine for securing OT connectivity against nation-state threats. This Deep Dive examines what the NCSC principles mean for utilities and industrial operators, what breaks in legacy environments, and the safety, cost, and engineering realities of moving from compliance-driven security to true operational resilience.
Volt Typhoon and the Quiet Pre-Positioning of the U.S. Power Grid [Updated]
Volt Typhoon represents a quiet but strategic cyber threat to U.S. electric utilities, characterized by long-term access and persistence rather than immediate disruption. Rather than deploying malware, the actor relies on legitimate administrative tools to maintain durable access inside critical infrastructure networks. This blog examines what makes Volt Typhoon different and why early detection depends on behavioral context, not signatures.
Cybersecurity Performance Goals 2.0: Governance First, Outcomes Always
CISA’s Cybersecurity Performance Goals 2.0 reshape baseline expectations for critical infrastructure. The update elevates governance, strengthens OT-specific requirements, and shifts from checklist controls to outcome-driven resilience. This Policy Pulse post breaks down what changed, why it matters, and how operators should prepare.
Foundations for OT Cybersecurity: From Inventory to Impact
CISA’s new OT asset-inventory guidance puts structure behind “know your system.” This post translates it into action: a practical, prioritized field set and taxonomy you can implement now. We added a lightweight BIA overlay that links asset criticality to mission impact. We also show where to emphasize configuration baselines, change control, and logging to improve monitoring and decision quality.
Automation and AI Risks in Long Duration Energy Storage Systems (LDES): Risk Mitigation and Regulatory Responsibilities
As Long Duration Energy Storage Systems (LDES) become essential to the future of grid resiliency and renewable integration, the infusion of automation and artificial intelligence (AI) into these technologies presents a range of strategic risks. These include cybersecurity vulnerabilities, operational uncertainties, automation-induced failures, and regulatory gaps. This white paper outlines the major categories of risk and identifies key government, regulatory, and standards bodies responsible for managing and mitigating these challenges.
Analysis of the June 6th, 2025 Executive Order on Cybersecurity
On June 6, 2025, President Donald J. Trump issued a new Executive Order (EO) titled “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Orders 13694 and 14144.” This directive serves as a recalibration of federal cybersecurity strategy, signaling a shift away from prescriptive mandates toward more targeted, agency-specific authority and risk-informed investment in critical initiatives. It amends prior EOs while preserving core elements of federal cybersecurity policy.
Proactive Cyber Defense: Recognizing Cyber Intrusions for Critical Infrastructure System Operators
Leveraging Guidance from the Electric & Water Sectors and Broadening for all Critical Infrastructure. In an era marked by rapid digital transformation and increasing cyber threats, whether electric, water and wastewater systems, chemical, or any other of the critical infrastructure sectors, it is imperative for control system operators to be well-versed in recognizing and responding to cyber intrusions.
Reporting Cyber Incidents under DHS CIRCIA’s Proposed Rulemaking
The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) on April 4, 2024 published its proposed rules requiring critical infrastructure entities to report significant cyber incidents and ransom payments to CISA. The proposed regulations are intended to consolidate, fortify, and strengthen the United States’ cyber defenses in critical infrastructure (CI) sectors.
The new National Cybersecurity Strategy: what does it mean for you?
The White House issued its new National Cybersecurity Strategy on Thursday, laying out its plan for securing the country from cyberattacks. Patrick C. Miller answers questions about the strategy and how it could impact you.
48 hours to compromise: why your shields need to stay up
Brand new industrial security researchers find a zero day in an industrial device just 48 hours. If they can find it, so can attackers. Here's what that means for your security program.
Internal network security monitoring for visibility
Internal Network Security Monitoring (INSM) - visibility into what’s happening on your internal OT/ICS networks - is showing up in important places like the National Security Memorandum, CISA guidance and FERC rulemaking notices.
Communication avalanche: What utilities need to think about before a nation-state cyberattack happens to them
Utilities are preparing for the technical side of a cyberattack generated by the Russia-Ukraine conflict. But there is another aspect to these attacks that can cause chaos if you’re not ready. We’ll explore that here.
What is an SBOM and how can it help?
An SBOM is a software bill of materials and it can be a crucial tool in critical infrastructure cybersecurity. In this video, Ampere's Patrick C. Miller talks about how it works.
Do I have to comply with the new National Security memorandum on industrial security?
Is the new National Security Memorandum on industrial security mandatory? Watch this interview with Ampere Industrial Security's Patrick Miller for answers that will help guide your next steps.
Industry brief: National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems
Recent activity from the Biden Administration represents a pivotal moment in the establishment of baseline cybersecurity standards for critical infrastructure.
The new National Security Memorandum on industrial security: What does it mean for me?
What do you need to know now that the White House has issued its National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems? Watch this interview with Ampere Industrial Security's Patrick Miller.