Ampyx Cyber Blog
The Intersection of Regulation & Resilience
The E-ISAC's 2025 Report: Real Progress, Remaining Constraints
The E-ISAC's 2025 End-of-Year Report shows real growth in membership, engagement, and threat intelligence output. But a structural challenge rooted in its funding and governance relationship with NERC continues to limit the incident sharing that collective defense depends on. Comparing E-ISAC's reported numbers against peer ISACs in health and financial services reveals how much ground remains.
New Joint Agency Guidance: Secure Connectivity Principles for OT
A Five Eyes plus European intelligence coalition has published a new doctrine for securing OT connectivity against nation-state threats. This Deep Dive examines what the NCSC principles mean for utilities and industrial operators, what breaks in legacy environments, and the safety, cost, and engineering realities of moving from compliance-driven security to true operational resilience.
Volt Typhoon and the Quiet Pre-Positioning of the U.S. Power Grid [Updated]
Volt Typhoon represents a quiet but strategic cyber threat to U.S. electric utilities, characterized by long-term access and persistence rather than immediate disruption. Rather than deploying malware, the actor relies on legitimate administrative tools to maintain durable access inside critical infrastructure networks. This blog examines what makes Volt Typhoon different and why early detection depends on behavioral context, not signatures.
Reinforcing the U.S. Grid: The 2025 USCC Report on Chinese Energy Influence
The 2025 USCC Annual Report outlines national security risks from PRC-linked technologies in the U.S. energy sector. It offers clear, field-informed recommendations, including testimony from Ampyx Cyber’s CEO, on supply chain threats, OT device transparency, and cyber response. Read the full analysis and policy roadmap.
Monitoring Meets Mandate: Will the Next CIP-015 Standard Deliver on FERC’s Vision?
FERC approved CIP-015-1, but also ordered NERC to expand it. The new SAR outlines how INSM requirements will extend beyond the ESP to include EACMS and PACS systems. This post breaks down how the SAR aligns with FERC’s directive, what still needs attention, and why internal visibility is no longer optional.
FERC Finalizes INSM Standard: CIP-015-1 and the New Visibility Mandate for the Grid
On June 26, the Federal Energy Regulatory Commission issued Order No. 907, approving the new NERC Reliability Standard CIP-015-1: Cyber Security – Internal Network Security Monitoring (INSM). This marks a critical shift in how we approach cybersecurity within the Bulk Electric System. It also raises the bar significantly on what’s expected for visibility inside the network perimeter.
Testimony Before the U.S.-China Economic and Security Review Commission: Protecting U.S. Energy Infrastructure from Strategic Risks
On April 24, 2025, Patrick Miller testified before the U.S.-China Economic and Security Review Commission on the growing cybersecurity and supply chain risks facing U.S. energy infrastructure. My testimony focused on how Chinese state-aligned actors are embedding themselves within critical systems and why securing our grid is essential to preserving America's economic leadership, technological advancement, and national security.
Exploring the Evolving Landscape of ICS/OT Cybersecurity at RSAC 2024
The RSA Conference 2024 spotlighted the critical importance of ICS/OT cybersecurity, reflecting a significant increase in attention compared to previous years. Ampyx Cyber CEO, Patrick Miller noted the strong presence of AI-driven security tools on the vendor floor and highlighted the conference's rich agenda featuring discussions on the convergence of IT and OT. As digital transformation continues, the industry's commitment to enhancing ICS/OT cybersecurity is more evident than ever.