Ampyx Cyber Blog

The Intersection of Regulation & Resilience

INSM Just Got Clearer: Key Takeaways from the NATF Guidance
Deep Dive Patrick Miller Deep Dive Patrick Miller

INSM Just Got Clearer: Key Takeaways from the NATF Guidance

NATF has released new CIP-015 INSM guidance that confirms a risk-based approach for collection points, clarifies scope around ESP boundaries, contains numerous useful reference models, and reinforces practical retention strategies. It aligns closely with our INSM playbook, especially on passive visibility, multicast deduplication, and EACMS/BCSI determinations for INSM platforms.

Read More
CIP-015-1 INSM: A Practical Playbook
Deep Dive Patrick Miller Deep Dive Patrick Miller

CIP-015-1 INSM: A Practical Playbook

NERC CIP-015 makes east-west visibility inside the ESP mandatory. This playbook shows how to stand up INSM the right way through risk-based data feeds, ICS-aware anomaly detection, evaluation tied to incident response, and defensible evidence on a timeline to 10/1/2028 and beyond. Avoid common pitfalls and design now for the likely CIP-015-2 expansion.

Read More
FERC Finalizes INSM Standard: CIP-015-1 and the New Visibility Mandate for the Grid
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

FERC Finalizes INSM Standard: CIP-015-1 and the New Visibility Mandate for the Grid

On June 26, the Federal Energy Regulatory Commission issued Order No. 907, approving the new NERC Reliability Standard CIP-015-1: Cyber Security – Internal Network Security Monitoring (INSM). This marks a critical shift in how we approach cybersecurity within the Bulk Electric System. It also raises the bar significantly on what’s expected for visibility inside the network perimeter.

Read More
Four Years In: What NERC’s Cyber Security Incident Reporting Data Tells Us (and What It Doesn’t)
Deep Dive Patrick Miller Deep Dive Patrick Miller

Four Years In: What NERC’s Cyber Security Incident Reporting Data Tells Us (and What It Doesn’t)

In the world of Bulk Electric System (BES) cybersecurity, signals of risk don’t always arrive with alarms blaring or malware lighting up dashboards. Sometimes, the signs are quieter—brute force login failures, odd port scans, or a sudden spike in account lockouts. The annual CIP-008-6 report, filed March 21, 2025 by NERC, shines a small but telling light on just such signals.

Read More
FERC Proposes New Standards for INSM: Internal Network Security Monitoring (CIP-015-1)
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

FERC Proposes New Standards for INSM: Internal Network Security Monitoring (CIP-015-1)

The Federal Energy Regulatory Commission (FERC) has issued a new Notice of Proposed Rulemaking (NOPR) under Docket No. RM24-7-000. This proposed rule seeks to approve NERC’s proposed Critical Infrastructure Protection (CIP) Reliability Standard CIP-015-1. The new standard focuses on Internal Network Security Monitoring (INSM) to detect and address cyber threats within the electronic security perimeter of the Bulk Electric System (BES).

Read More