Ampyx Cyber Blog
The Intersection of Regulation & Resilience
Broad Scope, Big Impact: NY Mandates Cyber Rules for Public Sector
New York's new cybersecurity law, Chapter 177 of 2025 (S.7672A / A.6769A), introduces mandatory incident reporting, ransom payment disclosures, annual training, and data protection requirements for public-sector entities. Its broad definitions suggest applicability to both IT and OT systems, signaling a significant expansion in cybersecurity oversight for municipalities and public authorities.
Cyber Stress Testing: Strengthening Cyber Resilience in the EU Energy Sector
As cyber threats grow more complex, the EU energy sector is turning to stress testing to bolster its resilience. This post explores ENISA’s 2025 Cyber Stress Test Handbook and how it helps energy providers simulate real-world attacks, uncover vulnerabilities, and strengthen defenses in alignment with NIS2, CER, and the Cyber Solidarity Act.
The Pillars of an Effective Incident Response Plan
A strong Incident Response Plan (IRP) is more than just a document—it’s a foundation built on key elements like asset inventory, network diagrams, logging, communication strategies, backups, and clear roles. In this blog, Dan Ricci, Senior Cybersecurity Consultant at Ampyx Cyber, breaks down the critical components every IRP needs to be resilient and effective in the face of cyber incidents.
Reporting Cyber Incidents under DHS CIRCIA’s Proposed Rulemaking
The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) on April 4, 2024 published its proposed rules requiring critical infrastructure entities to report significant cyber incidents and ransom payments to CISA. The proposed regulations are intended to consolidate, fortify, and strengthen the United States’ cyber defenses in critical infrastructure (CI) sectors.
The importance of network segmentation for critical infrastructure
Network Segmentation - creating specialized, highly-protected network segments for critical systems - can provide necessary isolation and defense against ransomware and other attacks on critical infrastructure.
Ask An Expert
GOT A TOUGH QUESTION?
Sometimes you just need to phone a friend. Ask us anything, any time. You don’t need to be an existing or prospective client. No cost, no hassle and no commitment. We will not put you on a contact list and our sales team won’t harass you. We will always respect your privacy. We promise. Just real answers from real experts for real problems.