Ampyx Cyber Blog
The Intersection of Regulation & Resilience
CIP-015-1 INSM: A Practical Playbook
NERC CIP-015 makes east-west visibility inside the ESP mandatory. This playbook shows how to stand up INSM the right way through risk-based data feeds, ICS-aware anomaly detection, evaluation tied to incident response, and defensible evidence on a timeline to 10/1/2028 and beyond. Avoid common pitfalls and design now for the likely CIP-015-2 expansion.
FERC Finalizes INSM Standard: CIP-015-1 and the New Visibility Mandate for the Grid
On June 26, the Federal Energy Regulatory Commission issued Order No. 907, approving the new NERC Reliability Standard CIP-015-1: Cyber Security – Internal Network Security Monitoring (INSM). This marks a critical shift in how we approach cybersecurity within the Bulk Electric System. It also raises the bar significantly on what’s expected for visibility inside the network perimeter.
Four Years In: What NERC’s Cyber Security Incident Reporting Data Tells Us (and What It Doesn’t)
In the world of Bulk Electric System (BES) cybersecurity, signals of risk don’t always arrive with alarms blaring or malware lighting up dashboards. Sometimes, the signs are quieter—brute force login failures, odd port scans, or a sudden spike in account lockouts. The annual CIP-008-6 report, filed March 21, 2025 by NERC, shines a small but telling light on just such signals.
FERC Proposes New Standards for INSM: Internal Network Security Monitoring (CIP-015-1)
The Federal Energy Regulatory Commission (FERC) has issued a new Notice of Proposed Rulemaking (NOPR) under Docket No. RM24-7-000. This proposed rule seeks to approve NERC’s proposed Critical Infrastructure Protection (CIP) Reliability Standard CIP-015-1. The new standard focuses on Internal Network Security Monitoring (INSM) to detect and address cyber threats within the electronic security perimeter of the Bulk Electric System (BES).
Ask An Expert
GOT A TOUGH QUESTION?
Sometimes you just need to phone a friend. Ask us anything, any time. You don’t need to be an existing or prospective client. No cost, no hassle and no commitment. We will not put you on a contact list and our sales team won’t harass you. We will always respect your privacy. We promise. Just real answers from real experts for real problems.