Ampyx Cyber Blog
The Intersection of Regulation & Resilience
Securing Control Center communications is more than encryption
While encryption meets the security objective of CIP-012, entities can utilize additional security controls to provide a defense in depth approach and in some cases utilize controls other than encryption.
The new National Cybersecurity Strategy: what does it mean for you?
The White House issued its new National Cybersecurity Strategy on Thursday, laying out its plan for securing the country from cyberattacks. Patrick C. Miller answers questions about the strategy and how it could impact you.
Is SBOM the answer?
Government and industry experts have recently pointed to software bill of materials (SBOM) as a requirement for organizations, but what are you getting? David Foose spends some time exploring aspects of SBOM fever.
S4x23 Trip Report
This year, the S4 event hosted by Dale Peterson (DigitalBond) was bigger than ever. New venue, new content, new challenges, new theme, and a new feel. Here’s a report of my experience with some bad, some good and some great things that happened.
A former vendor's take on CIP-013 Supply Chain Risk Management
David Foose, a former vendor, takes us on a brief walk through the history and the justifications Supply Chain Security and the birth of NERC CIP 13. With this, we explore what might have been and where it may have unfortunately veered off into constant contract negotiation entities find themselves today.
Alexa, can you tell me when my grid is hacked?
A new addition to the NERC CIP regulation is coming for the electric sector requiring anomaly detection and internal network security monitoring to detect active attacks on critical systems.
48 hours to compromise: why your shields need to stay up
Brand new industrial security researchers find a zero day in an industrial device just 48 hours. If they can find it, so can attackers. Here's what that means for your security program.
The importance of network segmentation for critical infrastructure
Network Segmentation - creating specialized, highly-protected network segments for critical systems - can provide necessary isolation and defense against ransomware and other attacks on critical infrastructure.
Internal network security monitoring for visibility
Internal Network Security Monitoring (INSM) - visibility into what’s happening on your internal OT/ICS networks - is showing up in important places like the National Security Memorandum, CISA guidance and FERC rulemaking notices.
There is a better way to do this: why critical infrastructure cybersecurity regulations are heading in the wrong direction
I helped write and establish the NERC CIP regulations. But now I want change. There is a way to save time, money and headaches while actually improving security for critical infrastructure.
Communication avalanche: What utilities need to think about before a nation-state cyberattack happens to them
Utilities are preparing for the technical side of a cyberattack generated by the Russia-Ukraine conflict. But there is another aspect to these attacks that can cause chaos if you’re not ready. We’ll explore that here.
20 years of NERC CIP - What's next?
Two industry veterans who cultivated NERC CIP over the past 20 years discuss how it all started, and what’s next for electric power industry security regulations. Patrick C. Miller, one of the first NERC CIP auditors in the country, and Carter Manucy, a utility IT/OT Security Director, talk about the regulation that changed the electric sector cybersecurity landscape forever.
How it started, where it's going: 20 years of NERC CIP
Two key people who helped start NERC CIP 20 years ago talk about how and why it came together, and where it could go next. Patrick C. Miller, one of the first NERC CIP auditors in the country, and Earl Shockley, a former leader at NERC, talk about this momentous regulation that changed the electric sector cybersecurity landscape forever.
Should the water sector follow the cybersecurity path of NERC CIP?
Water is essential for life – in so many ways. It’s so essential, we should do whatever is necessary to have a safe, reliable, and secure water/wastewater system, right? But from what I have seen both personally and in many public reports, we’re far from it. So, what is necessary to secure the water sector in the US?
What is an SBOM and how can it help?
An SBOM is a software bill of materials and it can be a crucial tool in critical infrastructure cybersecurity. In this video, Ampere's Patrick C. Miller talks about how it works.
What's next for industrial supply chain security?
Critical infrastructure needs to focus on supply chain security. Watch this interview with Ampere's Patrick C. Miller about what is next and how to prepare.
Do I have to comply with the new National Security memorandum on industrial security?
Is the new National Security Memorandum on industrial security mandatory? Watch this interview with Ampere Industrial Security's Patrick Miller for answers that will help guide your next steps.
New alliance works to improve the cybersecurity of the U.S. electric grid
New alliance works to improve the cybersecurity of the U.S. electric grid.
Ampere Industrial Security and INPOWERD have combined forces to help utilities and energy companies raise their levels of cybersecurity, reliability and compliance
Industry brief: National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems
Recent activity from the Biden Administration represents a pivotal moment in the establishment of baseline cybersecurity standards for critical infrastructure.
The new National Security Memorandum on industrial security: What does it mean for me?
What do you need to know now that the White House has issued its National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems? Watch this interview with Ampere Industrial Security's Patrick Miller.