Ampyx Cyber Blog
The Intersection of Regulation & Resilience
Computational Load and the Convergence Problem: What NERC's May 2026 Actions Mean for Critical Infrastructure
Documented load losses approaching one thousand megawatts in seconds. A Level 3 Essential Action Alert. A final Reliability Guideline. Proposed registration of a new Computational Load Entity. NERC's May 2026 actions mark a structural shift in how data centers, hyperscale AI training, and cryptocurrency mining are treated under the North American grid reliability framework.
Is Something Weird Happening on Your System?
Learn how critical infrastructure operators can spot the early signs of cyber intrusions directly from the control room. Drawing on the latest NERC and CISA guidance, this updated guide details specific physical hardware, workstation, and SCADA anomalies to watch for. Empower your frontline staff with a proactive "See Something, Say Something" cyber defense strategy tailored for OT environments.
Claude Mythos and the OT Threat Horizon: What Utility Operators Need to Know Now
Anthropic's Claude Mythos can autonomously discover zero-day vulnerabilities across every major OS and browser, and the same codebases run in OT/SCADA environments. This post breaks down why Mythos-class AI exploitation tools directly implicate utility operators, which NERC CIP obligations are already in play, and what actions defenders should take before the patch window closes.
Cyber on Tap, Part Two: New York's Water Cybersecurity Regulation Is Now in Force
New York's Appendix 5-E cybersecurity regulation for public water systems took effect March 11, 2026, making it the first mandatory, enforceable water cybersecurity framework in the country. This post covers who is in scope, what is required, when it is due, and what resources are available to help. It also examines what New York's action means in the context of a federal policy environment that is actively stepping back from sector-specific cybersecurity regulation.
Industry Recognition: Patrick Miller Inducted into Industrial Cyber Hall of Fame
Ampyx Cyber President and CEO Patrick Miller has been inducted into the Industrial Cyber Hall of Fame, joining a distinguished group of practitioners who helped define industrial cybersecurity as a discipline. The recognition highlights over three decades of work in grid security, NERC CIP development, and critical infrastructure protection around the globe.
National Cyber Strategy: What It Means for Critical Infrastructure
The Trump administration released its long-awaited National Cyber Strategy. Six pages, six pillars, and a clear signal that federal cyber policy is shifting toward offensive posture and regulatory streamlining. For critical infrastructure operators, the document raises more questions than it answers. Here is what it says, what it doesn't, and what you should do about it.
Poland's Energy Sector Attack: When Cyber Sabotage Targets OT [Updated]
On December 29, 2025, Poland experienced coordinated destructive cyberattacks across 30+ wind/solar farms, a CHP plant, and manufacturing. Attackers exploited FortiGate devices without MFA, used default credentials on OT equipment, and deployed custom wiper malware designed to damage industrial controls. Every failure was preventable.
Humans, Engineering Shifts, Required Investment, and Commitment for Operational Security
New secure connectivity guidance describes a greenfield target architecture, but most OT environments are brownfield reality. True resilience isn't achieved through technology alone. Human expertise, manual operating capability, physical engineering controls, and sustained investment are equally critical. Without these foundations, digital security layers risk becoming expensive new failure modes.
New Joint Agency Guidance: Secure Connectivity Principles for OT
A Five Eyes plus European intelligence coalition has published a new doctrine for securing OT connectivity against nation-state threats. This Deep Dive examines what the NCSC principles mean for utilities and industrial operators, what breaks in legacy environments, and the safety, cost, and engineering realities of moving from compliance-driven security to true operational resilience.
Volt Typhoon and the Quiet Pre-Positioning of the U.S. Power Grid [Updated]
Volt Typhoon represents a quiet but strategic cyber threat to U.S. electric utilities, characterized by long-term access and persistence rather than immediate disruption. Rather than deploying malware, the actor relies on legitimate administrative tools to maintain durable access inside critical infrastructure networks. This blog examines what makes Volt Typhoon different and why early detection depends on behavioral context, not signatures.
New NSA UEFI Guidance: Trust Starts Before the OS
UEFI Secure Boot is widely assumed to be enabled and enforcing, yet recent vulnerabilities show how easily trust at boot time can silently fail. NSA’s new guidance breaks down how Secure Boot actually works, where configurations commonly go wrong, and how organizations can validate and recover trust in the earliest stages of system startup.
Reinforcing the U.S. Grid: The 2025 USCC Report on Chinese Energy Influence
The 2025 USCC Annual Report outlines national security risks from PRC-linked technologies in the U.S. energy sector. It offers clear, field-informed recommendations, including testimony from Ampyx Cyber’s CEO, on supply chain threats, OT device transparency, and cyber response. Read the full analysis and policy roadmap.
Cybersecurity Performance Goals 2.0: Governance First, Outcomes Always
CISA’s Cybersecurity Performance Goals 2.0 reshape baseline expectations for critical infrastructure. The update elevates governance, strengthens OT-specific requirements, and shifts from checklist controls to outcome-driven resilience. This Policy Pulse post breaks down what changed, why it matters, and how operators should prepare.
Skills Elevated: More Ways to Build Cyber Resilience
Ampyx Cyber is expanding its training portfolio with new courses designed for utilities and critical infrastructure teams. From NERC CIP Bootcamp to OT vulnerability management and ICS packet analysis, our offerings provide more ways to build cyber resilience with practical, field-tested learning.
Foundations for OT Cybersecurity: From Inventory to Impact
CISA’s new OT asset-inventory guidance puts structure behind “know your system.” This post translates it into action: a practical, prioritized field set and taxonomy you can implement now. We added a lightweight BIA overlay that links asset criticality to mission impact. We also show where to emphasize configuration baselines, change control, and logging to improve monitoring and decision quality.
Building Blocks of OT Security Monitoring: A Deep Dive for SOC Builders and MSSPs
Learn how to build scalable, OT-aware security monitoring using (free, no cost) open-source tools like Security Onion, Wazuh, Malcolm, and The Hive. Whether you're launching a SOC or growing your MSSP, this guide covers deployment models, costs, timelines, and training to get you started fast - and smart.
Cyber on Tap: NY's Water Utilities Face New Cyber Rulebook
New York has proposed the first mandatory cybersecurity regulation for water and wastewater systems, targeting utilities serving over 3,300 people. With requirements for vulnerability assessments, incident reporting, and executive oversight, this rule signals a shift toward enforceable cyber resilience and other states may soon follow.
The Human Factor: The Greatest Challenge in Organizational Cybersecurity
Despite significant investments in technical controls, frameworks, and compliance efforts such as NIST SP 800-171 Rev 3, NIST SP 800-53 Rev 5, and NERC CIP standards, many organizations still struggle with implementing effective cybersecurity programs. The root of this challenge is not just technology or documentation — it's human behavior.
The Pillars of an Effective Incident Response Plan
A strong Incident Response Plan (IRP) is more than just a document—it’s a foundation built on key elements like asset inventory, network diagrams, logging, communication strategies, backups, and clear roles. In this blog, Dan Ricci, Senior Cybersecurity Consultant at Ampyx Cyber, breaks down the critical components every IRP needs to be resilient and effective in the face of cyber incidents.
Chinese-made technology in U.S. critical infrastructure: an interview with Patrick Miller
Patrick C. Miller of Ampyx Cyber testifies in front of the Senate U.S. - China Economic and Security Review Commission on Thursday, April 24 about the threat of Chinese-made technologies in U.S. critical infrastructure, including power systems and telecom. Here is a short interview with Patrick Miller about his testimony.