Ampyx Cyber Blog
The Intersection of Regulation & Resilience
INSM Just Got Clearer: Key Takeaways from the NATF Guidance
NATF has released new CIP-015 INSM guidance that confirms a risk-based approach for collection points, clarifies scope around ESP boundaries, contains numerous useful reference models, and reinforces practical retention strategies. It aligns closely with our INSM playbook, especially on passive visibility, multicast deduplication, and EACMS/BCSI determinations for INSM platforms.
CIP-015 Clarified: Mixed-use PACS/EACMS and What’s Actually In Scope
FERC Order 907-A clarifies CIP-015 on shared networks. INSM must monitor only east-west traffic used for access monitoring of EACMS and PACS. Non-CIP assets and data flows are out of scope, even in mixed-use or commingled PACS/EACMS environments. Learn practical patterns to filter collection, segment analytics, and produce audit-ready evidence.
CIP-015-1 INSM: A Practical Playbook
NERC CIP-015 makes east-west visibility inside the ESP mandatory. This playbook shows how to stand up INSM the right way through risk-based data feeds, ICS-aware anomaly detection, evaluation tied to incident response, and defensible evidence on a timeline to 10/1/2028 and beyond. Avoid common pitfalls and design now for the likely CIP-015-2 expansion.
FERC Finalizes INSM Standard: CIP-015-1 and the New Visibility Mandate for the Grid
On June 26, the Federal Energy Regulatory Commission issued Order No. 907, approving the new NERC Reliability Standard CIP-015-1: Cyber Security – Internal Network Security Monitoring (INSM). This marks a critical shift in how we approach cybersecurity within the Bulk Electric System. It also raises the bar significantly on what’s expected for visibility inside the network perimeter.
FERC Proposes New Standards for INSM: Internal Network Security Monitoring (CIP-015-1)
The Federal Energy Regulatory Commission (FERC) has issued a new Notice of Proposed Rulemaking (NOPR) under Docket No. RM24-7-000. This proposed rule seeks to approve NERC’s proposed Critical Infrastructure Protection (CIP) Reliability Standard CIP-015-1. The new standard focuses on Internal Network Security Monitoring (INSM) to detect and address cyber threats within the electronic security perimeter of the Bulk Electric System (BES).
CIP-015: The Crucial Role of INSM in Strengthening Grid Security
introduction of CIP-015, a new regulation aimed at enhancing grid security by mandating Internal Network Security Monitoring (INSM) for high and medium impact Bulk Electric System (BES) Cyber Systems. This development, initiated by FERC Order No. 887, responds to the need for robust monitoring within trusted network zones to detect and mitigate potential cyber threats. CIP-015 emerges as a standalone standard after industry feedback suggested that INSM requirements did not align well with existing frameworks, shifting towards an objective-based rather than prescriptive approach.
NERC's New INSM Regulation: Assessing Impact and Ambiguity
The recent draft release of NERC's new CIP Standard for Internal Network Security Monitoring (INSM) sparks a conversation filled with anticipation and skepticism. With directives from FERC Order 887 echoing in its language, the draft attempts to navigate through the challenges of creating a new regulation to address situations where vendors or individuals with authorized access are considered secure and trustworthy but could still introduce a cybersecurity risk.
NERC Initiates Data Collection on INSM for Low Impact CIP Assets
NERC has initiated the Internal Network Security Monitoring (INSM) Data Request in response to a directive from FERC. This effort aims to gather data on the risks of not implementing INSM in medium and low impact BES Cyber Systems. NERC is collecting information from utilities in the electric power industry regarding facility numbers, network configurations, malicious code detection, implementation challenges, and alternative solutions. The data must be submitted by July 25, 2023.
Alexa, can you tell me when my grid is hacked?
A new addition to the NERC CIP regulation is coming for the electric sector requiring anomaly detection and internal network security monitoring to detect active attacks on critical systems.
Internal network security monitoring for visibility
Internal Network Security Monitoring (INSM) - visibility into what’s happening on your internal OT/ICS networks - is showing up in important places like the National Security Memorandum, CISA guidance and FERC rulemaking notices.