Ampyx Cyber Blog
The Intersection of Regulation & Resilience
Computational Load and the Convergence Problem: What NERC's May 2026 Actions Mean for Critical Infrastructure
Documented load losses approaching one thousand megawatts in seconds. A Level 3 Essential Action Alert. A final Reliability Guideline. Proposed registration of a new Computational Load Entity. NERC's May 2026 actions mark a structural shift in how data centers, hyperscale AI training, and cryptocurrency mining are treated under the North American grid reliability framework.
Is Something Weird Happening on Your System?
Learn how critical infrastructure operators can spot the early signs of cyber intrusions directly from the control room. Drawing on the latest NERC and CISA guidance, this updated guide details specific physical hardware, workstation, and SCADA anomalies to watch for. Empower your frontline staff with a proactive "See Something, Say Something" cyber defense strategy tailored for OT environments.
Claude Mythos and the OT Threat Horizon: What Utility Operators Need to Know Now
Anthropic's Claude Mythos can autonomously discover zero-day vulnerabilities across every major OS and browser, and the same codebases run in OT/SCADA environments. This post breaks down why Mythos-class AI exploitation tools directly implicate utility operators, which NERC CIP obligations are already in play, and what actions defenders should take before the patch window closes.
Cyber on Tap, Part Two: New York's Water Cybersecurity Regulation Is Now in Force
New York's Appendix 5-E cybersecurity regulation for public water systems took effect March 11, 2026, making it the first mandatory, enforceable water cybersecurity framework in the country. This post covers who is in scope, what is required, when it is due, and what resources are available to help. It also examines what New York's action means in the context of a federal policy environment that is actively stepping back from sector-specific cybersecurity regulation.
Industry Recognition: Patrick Miller Inducted into Industrial Cyber Hall of Fame
Ampyx Cyber President and CEO Patrick Miller has been inducted into the Industrial Cyber Hall of Fame, joining a distinguished group of practitioners who helped define industrial cybersecurity as a discipline. The recognition highlights over three decades of work in grid security, NERC CIP development, and critical infrastructure protection around the globe.
National Cyber Strategy: What It Means for Critical Infrastructure
The Trump administration released its long-awaited National Cyber Strategy. Six pages, six pillars, and a clear signal that federal cyber policy is shifting toward offensive posture and regulatory streamlining. For critical infrastructure operators, the document raises more questions than it answers. Here is what it says, what it doesn't, and what you should do about it.
Poland's Energy Sector Attack: When Cyber Sabotage Targets OT [Updated]
On December 29, 2025, Poland experienced coordinated destructive cyberattacks across 30+ wind/solar farms, a CHP plant, and manufacturing. Attackers exploited FortiGate devices without MFA, used default credentials on OT equipment, and deployed custom wiper malware designed to damage industrial controls. Every failure was preventable.
Humans, Engineering Shifts, Required Investment, and Commitment for Operational Security
New secure connectivity guidance describes a greenfield target architecture, but most OT environments are brownfield reality. True resilience isn't achieved through technology alone. Human expertise, manual operating capability, physical engineering controls, and sustained investment are equally critical. Without these foundations, digital security layers risk becoming expensive new failure modes.
New Joint Agency Guidance: Secure Connectivity Principles for OT
A Five Eyes plus European intelligence coalition has published a new doctrine for securing OT connectivity against nation-state threats. This Deep Dive examines what the NCSC principles mean for utilities and industrial operators, what breaks in legacy environments, and the safety, cost, and engineering realities of moving from compliance-driven security to true operational resilience.
Volt Typhoon and the Quiet Pre-Positioning of the U.S. Power Grid [Updated]
Volt Typhoon represents a quiet but strategic cyber threat to U.S. electric utilities, characterized by long-term access and persistence rather than immediate disruption. Rather than deploying malware, the actor relies on legitimate administrative tools to maintain durable access inside critical infrastructure networks. This blog examines what makes Volt Typhoon different and why early detection depends on behavioral context, not signatures.
New NSA UEFI Guidance: Trust Starts Before the OS
UEFI Secure Boot is widely assumed to be enabled and enforcing, yet recent vulnerabilities show how easily trust at boot time can silently fail. NSA’s new guidance breaks down how Secure Boot actually works, where configurations commonly go wrong, and how organizations can validate and recover trust in the earliest stages of system startup.
Reinforcing the U.S. Grid: The 2025 USCC Report on Chinese Energy Influence
The 2025 USCC Annual Report outlines national security risks from PRC-linked technologies in the U.S. energy sector. It offers clear, field-informed recommendations, including testimony from Ampyx Cyber’s CEO, on supply chain threats, OT device transparency, and cyber response. Read the full analysis and policy roadmap.
Cybersecurity Performance Goals 2.0: Governance First, Outcomes Always
CISA’s Cybersecurity Performance Goals 2.0 reshape baseline expectations for critical infrastructure. The update elevates governance, strengthens OT-specific requirements, and shifts from checklist controls to outcome-driven resilience. This Policy Pulse post breaks down what changed, why it matters, and how operators should prepare.
Skills Elevated: More Ways to Build Cyber Resilience
Ampyx Cyber is expanding its training portfolio with new courses designed for utilities and critical infrastructure teams. From NERC CIP Bootcamp to OT vulnerability management and ICS packet analysis, our offerings provide more ways to build cyber resilience with practical, field-tested learning.
Foundations for OT Cybersecurity: From Inventory to Impact
CISA’s new OT asset-inventory guidance puts structure behind “know your system.” This post translates it into action: a practical, prioritized field set and taxonomy you can implement now. We added a lightweight BIA overlay that links asset criticality to mission impact. We also show where to emphasize configuration baselines, change control, and logging to improve monitoring and decision quality.
Building Blocks of OT Security Monitoring: A Deep Dive for SOC Builders and MSSPs
Learn how to build scalable, OT-aware security monitoring using (free, no cost) open-source tools like Security Onion, Wazuh, Malcolm, and The Hive. Whether you're launching a SOC or growing your MSSP, this guide covers deployment models, costs, timelines, and training to get you started fast - and smart.
Cyber on Tap: NY's Water Utilities Face New Cyber Rulebook
New York has proposed the first mandatory cybersecurity regulation for water and wastewater systems, targeting utilities serving over 3,300 people. With requirements for vulnerability assessments, incident reporting, and executive oversight, this rule signals a shift toward enforceable cyber resilience and other states may soon follow.
Broad Scope, Big Impact: NY Mandates Cyber Rules for Public Sector
New York's new cybersecurity law, Chapter 177 of 2025 (S.7672A / A.6769A), introduces mandatory incident reporting, ransom payment disclosures, annual training, and data protection requirements for public-sector entities. Its broad definitions suggest applicability to both IT and OT systems, signaling a significant expansion in cybersecurity oversight for municipalities and public authorities.
Automation and AI Risks in Long Duration Energy Storage Systems (LDES): Risk Mitigation and Regulatory Responsibilities
As Long Duration Energy Storage Systems (LDES) become essential to the future of grid resiliency and renewable integration, the infusion of automation and artificial intelligence (AI) into these technologies presents a range of strategic risks. These include cybersecurity vulnerabilities, operational uncertainties, automation-induced failures, and regulatory gaps. This white paper outlines the major categories of risk and identifies key government, regulatory, and standards bodies responsible for managing and mitigating these challenges.
The Human Factor: The Greatest Challenge in Organizational Cybersecurity
Despite significant investments in technical controls, frameworks, and compliance efforts such as NIST SP 800-171 Rev 3, NIST SP 800-53 Rev 5, and NERC CIP standards, many organizations still struggle with implementing effective cybersecurity programs. The root of this challenge is not just technology or documentation — it's human behavior.