Ampyx Cyber Blog

The Intersection of Regulation & Resilience

Funded, Not Secured: The April 20 DPA Determinations & the Bulk Electric System
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

Funded, Not Secured: The April 20 DPA Determinations & the Bulk Electric System

Two April 20 Defense Production Act determinations expand domestic capacity for grid components and large-scale energy infrastructure. Neither addresses cybersecurity. For the electric sector, NERC CIP and Order 693 standards still apply. A practitioner's view of intersections with CIP-013, CIP-014, PRC, FAC, and TPL, and why domestic capacity is not domestic assurance.

Read More
New NSA UEFI Guidance: Trust Starts Before the OS
Deep Dive Patrick Miller Deep Dive Patrick Miller

New NSA UEFI Guidance: Trust Starts Before the OS

UEFI Secure Boot is widely assumed to be enabled and enforcing, yet recent vulnerabilities show how easily trust at boot time can silently fail. NSA’s new guidance breaks down how Secure Boot actually works, where configurations commonly go wrong, and how organizations can validate and recover trust in the earliest stages of system startup.

Read More