Ampyx Cyber Blog
The Intersection of Regulation & Resilience
CIP-002-8, Decoded: Who’s In, Who’s Out Under the New 2.12
Upcoming NERC CIP-002 grid rules change which control centers fall under stricter cybersecurity protections. This post explains the new test in plain language, who is likely covered, and when local, load-serving areas can qualify for an exception. We also share a quick checklist to help utilities document what they have today and avoid surprises later.
CIP-015-1 INSM: A Practical Playbook
NERC CIP-015 makes east-west visibility inside the ESP mandatory. This playbook shows how to stand up INSM the right way through risk-based data feeds, ICS-aware anomaly detection, evaluation tied to incident response, and defensible evidence on a timeline to 10/1/2028 and beyond. Avoid common pitfalls and design now for the likely CIP-015-2 expansion.
Strategic Value of Self-Reporting in NERC CIP Compliance
Self-reporting in NERC CIP isn’t a weakness. It’s a sign of maturity. Proactive disclosures build regulatory trust, reinforce internal controls, and empower compliance teams to improve. When done right, self-reporting signals ownership, not failure, and positions your program as resilient, transparent, and credible.
Monitoring Meets Mandate: Will the Next CIP-015 Standard Deliver on FERC’s Vision?
FERC approved CIP-015-1, but also ordered NERC to expand it. The new SAR outlines how INSM requirements will extend beyond the ESP to include EACMS and PACS systems. This post breaks down how the SAR aligns with FERC’s directive, what still needs attention, and why internal visibility is no longer optional.
Help Shape the Future of the NERC CIP Standards
NERC is asking for industry input on the future of CIP Standards. As part of its 2025 Work Plan, NERC has launched a survey to identify and prioritize emerging security risks to the Bulk Power System. The results will directly inform a roadmap for updating the CIP Standards to address today’s evolving threat landscape. What’s happening, why it matters, and how you can participate before the July 22 deadline.
FERC Quietly Closes The Books on RM20-12-000
FERC has officially closed Docket RM20-12-000, ending a five-year inquiry into potential gaps in the CIP Reliability Standards. While the docket is withdrawn, the underlying concerns—data security, anomaly detection, and coordinated cyberattacks—are being addressed through recent standards like CIP-015-1 (INSM) and proposed updates to CIP-003.
FERC Finalizes INSM Standard: CIP-015-1 and the New Visibility Mandate for the Grid
On June 26, the Federal Energy Regulatory Commission issued Order No. 907, approving the new NERC Reliability Standard CIP-015-1: Cyber Security – Internal Network Security Monitoring (INSM). This marks a critical shift in how we approach cybersecurity within the Bulk Electric System. It also raises the bar significantly on what’s expected for visibility inside the network perimeter.
NERC CIP-002 Standards Authorization Request - Project 2021-03
NERC’s CIP-002 Project 2021-03 (Phase 2) introduces key updates to improve clarity and consistency in identifying and classifying BES Cyber Systems. The revisions address long-standing ambiguities by clarifying functional entity roles, refining the treatment of communication protocol converters, revising Criterion 1.3 to establish objective criteria for high-impact control centers, and expanding Criterion 2.6 to include control centers operated by Generator Operators and Transmission Owners. These changes aim to eliminate gaps in protection, align risk-based categorizations across all entities, and support more consistent compliance with CIP standards.
Four Years In: What NERC’s Cyber Security Incident Reporting Data Tells Us (and What It Doesn’t)
In the world of Bulk Electric System (BES) cybersecurity, signals of risk don’t always arrive with alarms blaring or malware lighting up dashboards. Sometimes, the signs are quieter—brute force login failures, odd port scans, or a sudden spike in account lockouts. The annual CIP-008-6 report, filed March 21, 2025 by NERC, shines a small but telling light on just such signals.
FERC Proposes New Standards for INSM: Internal Network Security Monitoring (CIP-015-1)
The Federal Energy Regulatory Commission (FERC) has issued a new Notice of Proposed Rulemaking (NOPR) under Docket No. RM24-7-000. This proposed rule seeks to approve NERC’s proposed Critical Infrastructure Protection (CIP) Reliability Standard CIP-015-1. The new standard focuses on Internal Network Security Monitoring (INSM) to detect and address cyber threats within the electronic security perimeter of the Bulk Electric System (BES).
FERC’s New Proposed Rule on Supply Chain Risk Management (SCRM)
The Federal Energy Regulatory Commission (FERC) has released a new Notice of Proposed Rulemaking (NOPR) under Docket No. RM24-4-000, focusing on supply chain risk management (SCRM) for the Bulk-Power System (BPS). This proposed directive aims to fill critical gaps in existing NERC Critical Infrastructure Protection (CIP) standards and bolster the defenses of our nation’s critical infrastructure.
FERC Staff Report Offers Lessons Learned from 2024 CIP Audits: What You Need to Know
In its 2024 CIP audit report, the Federal Energy Regulatory Commission (FERC) shared critical lessons learned from the latest round of reliability audits, revealing key areas where NERC-registered entities can strengthen their security posture. While many organizations successfully met compliance requirements, the report highlighted specific gaps in asset categorization, control center segmentation, and data protection that could pose significant operational risks.
Proactive Cyber Defense: Recognizing Cyber Intrusions for Critical Infrastructure System Operators
Leveraging Guidance from the Electric & Water Sectors and Broadening for all Critical Infrastructure. In an era marked by rapid digital transformation and increasing cyber threats, whether electric, water and wastewater systems, chemical, or any other of the critical infrastructure sectors, it is imperative for control system operators to be well-versed in recognizing and responding to cyber intrusions.
CIP-015: The Crucial Role of INSM in Strengthening Grid Security
introduction of CIP-015, a new regulation aimed at enhancing grid security by mandating Internal Network Security Monitoring (INSM) for high and medium impact Bulk Electric System (BES) Cyber Systems. This development, initiated by FERC Order No. 887, responds to the need for robust monitoring within trusted network zones to detect and mitigate potential cyber threats. CIP-015 emerges as a standalone standard after industry feedback suggested that INSM requirements did not align well with existing frameworks, shifting towards an objective-based rather than prescriptive approach.
NERC's New INSM Regulation: Assessing Impact and Ambiguity
The recent draft release of NERC's new CIP Standard for Internal Network Security Monitoring (INSM) sparks a conversation filled with anticipation and skepticism. With directives from FERC Order 887 echoing in its language, the draft attempts to navigate through the challenges of creating a new regulation to address situations where vendors or individuals with authorized access are considered secure and trustworthy but could still introduce a cybersecurity risk.
Understanding NERC's CIP-004-7 and CIP-011-3: A Deep Dive into BCSI Access, Cloud Challenges, and Encryption
Stay ahead of the curve with a comprehensive overview of NERC's new Critical Infrastructure Protection (CIP) standards, CIP-004-7 and CIP-011-3, set to be effective from January 1st, 2024. Understand the pivotal changes concerning BES Cyber System Information (BCSI) access, the nuances of cloud BCSI, and the strategic choices around encryption.
New cybersecurity controls for vendor access to low impact NERC CIP assets
FERC has approved new cybersecurity standards to improve risk management practices and supply chain risk management for low impact assets. The new standards, designated CIP-003-9, require utilities to establish and maintain a documented supply chain cyber risk management plan and implement vendor-focused cybersecurity protections for their low impact BES Cyber Systems.
Securing Control Center communications is more than encryption
While encryption meets the security objective of CIP-012, entities can utilize additional security controls to provide a defense in depth approach and in some cases utilize controls other than encryption.
The new National Cybersecurity Strategy: what does it mean for you?
The White House issued its new National Cybersecurity Strategy on Thursday, laying out its plan for securing the country from cyberattacks. Patrick C. Miller answers questions about the strategy and how it could impact you.
A former vendor's take on CIP-013 Supply Chain Risk Management
David Foose, a former vendor, takes us on a brief walk through the history and the justifications Supply Chain Security and the birth of NERC CIP 13. With this, we explore what might have been and where it may have unfortunately veered off into constant contract negotiation entities find themselves today.
Ask An Expert
GOT A TOUGH QUESTION?
Sometimes you just need to phone a friend. Ask us anything, any time. You don’t need to be an existing or prospective client. No cost, no hassle and no commitment. We will not put you on a contact list and our sales team won’t harass you. We will always respect your privacy. We promise. Just real answers from real experts for real problems.