Ampyx Cyber Blog

The Intersection of Regulation & Resilience

NERC Initiates Data Collection on INSM for Low Impact CIP Assets
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

NERC Initiates Data Collection on INSM for Low Impact CIP Assets

NERC has initiated the Internal Network Security Monitoring (INSM) Data Request in response to a directive from FERC. This effort aims to gather data on the risks of not implementing INSM in medium and low impact BES Cyber Systems. NERC is collecting information from utilities in the electric power industry regarding facility numbers, network configurations, malicious code detection, implementation challenges, and alternative solutions. The data must be submitted by July 25, 2023.

Read More
New Low Impact NERC CIP-003-9 Regulations: Vendor Supply Chain Security
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

New Low Impact NERC CIP-003-9 Regulations: Vendor Supply Chain Security

On March 16 2023, FERC issued a new Order approving NERC CIP-003-9 introducing new requirements for vendor electronic remote access security controls to low impact BES Cyber Systems. These new security controls are intended to allow detection and the ability to disable vendor remote access in the event of a known or suspected malicious communication.

Read More
New cybersecurity controls for vendor access to low impact NERC CIP assets
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

New cybersecurity controls for vendor access to low impact NERC CIP assets

FERC has approved new cybersecurity standards to improve risk management practices and supply chain risk management for low impact assets. The new standards, designated CIP-003-9, require utilities to establish and maintain a documented supply chain cyber risk management plan and implement vendor-focused cybersecurity protections for their low impact BES Cyber Systems.

Read More
Is SBOM the answer?
Deep Dive Patrick Miller Deep Dive Patrick Miller

Is SBOM the answer?

Government and industry experts have recently pointed to software bill of materials (SBOM) as a requirement for organizations, but what are you getting? David Foose spends some time exploring aspects of SBOM fever.

Read More
S4x23 Trip Report
Event Edge Patrick Miller Event Edge Patrick Miller

S4x23 Trip Report

This year, the S4 event hosted by Dale Peterson (DigitalBond) was bigger than ever. New venue, new content, new challenges, new theme, and a new feel. Here’s a report of my experience with some bad, some good and some great things that happened.

Read More
20 years of NERC CIP - What's next?
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

20 years of NERC CIP - What's next?

Two industry veterans who cultivated NERC CIP over the past 20 years discuss how it all started, and what’s next for electric power industry security regulations. Patrick C. Miller, one of the first NERC CIP auditors in the country, and Carter Manucy, a utility IT/OT Security Director, talk about the regulation that changed the electric sector cybersecurity landscape forever.

Read More
How it started, where it's going: 20 years of NERC CIP
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

How it started, where it's going: 20 years of NERC CIP

Two key people who helped start NERC CIP 20 years ago talk about how and why it came together, and where it could go next. Patrick C. Miller, one of the first NERC CIP auditors in the country, and Earl Shockley, a former leader at NERC, talk about this momentous regulation that changed the electric sector cybersecurity landscape forever.

Read More