Ampyx Cyber Blog
The Intersection of Regulation & Resilience
Proactively Enhancing Safety in Long Duration Energy Storage: Lessons, Challenges, and Future Strategies
As Long Duration Energy Storage (LDES) technologies gain prominence in modern energy infrastructure, ensuring the safety of workers and surrounding communities is critical. By examining past incidents involving lithium-ion Battery Energy Storage Systems (BESS) and other storage solutions, we can extract crucial lessons to mitigate risks in LDES deployment.
Ampyx Cyber Appoints Andrew A. Luccitti as Chief Revenue Officer
Ampyx Cyber appoints Andrew A. Luccitti as Chief Revenue Officer to drive growth and strengthen cybersecurity solutions for critical infrastructure. With over 25 years of experience, Andrew joins CEO Patrick C Miller to enhance compliance, security, and cyber insurance readiness as the company expands its services.
FERC Proposes New Standards for INSM: Internal Network Security Monitoring (CIP-015-1)
The Federal Energy Regulatory Commission (FERC) has issued a new Notice of Proposed Rulemaking (NOPR) under Docket No. RM24-7-000. This proposed rule seeks to approve NERC’s proposed Critical Infrastructure Protection (CIP) Reliability Standard CIP-015-1. The new standard focuses on Internal Network Security Monitoring (INSM) to detect and address cyber threats within the electronic security perimeter of the Bulk Electric System (BES).
FERC’s New Proposed Rule on Supply Chain Risk Management (SCRM)
The Federal Energy Regulatory Commission (FERC) has released a new Notice of Proposed Rulemaking (NOPR) under Docket No. RM24-4-000, focusing on supply chain risk management (SCRM) for the Bulk-Power System (BPS). This proposed directive aims to fill critical gaps in existing NERC Critical Infrastructure Protection (CIP) standards and bolster the defenses of our nation’s critical infrastructure.
FERC Staff Report Offers Lessons Learned from 2024 CIP Audits: What You Need to Know
In its 2024 CIP audit report, the Federal Energy Regulatory Commission (FERC) shared critical lessons learned from the latest round of reliability audits, revealing key areas where NERC-registered entities can strengthen their security posture. While many organizations successfully met compliance requirements, the report highlighted specific gaps in asset categorization, control center segmentation, and data protection that could pose significant operational risks.
Proactive Cyber Defense: Recognizing Cyber Intrusions for Critical Infrastructure System Operators
Leveraging Guidance from the Electric & Water Sectors and Broadening for all Critical Infrastructure. In an era marked by rapid digital transformation and increasing cyber threats, whether electric, water and wastewater systems, chemical, or any other of the critical infrastructure sectors, it is imperative for control system operators to be well-versed in recognizing and responding to cyber intrusions.
Exploring the Evolving Landscape of ICS/OT Cybersecurity at RSAC 2024
The RSA Conference 2024 spotlighted the critical importance of ICS/OT cybersecurity, reflecting a significant increase in attention compared to previous years. Ampyx Cyber CEO, Patrick Miller noted the strong presence of AI-driven security tools on the vendor floor and highlighted the conference's rich agenda featuring discussions on the convergence of IT and OT. As digital transformation continues, the industry's commitment to enhancing ICS/OT cybersecurity is more evident than ever.
Reporting Cyber Incidents under DHS CIRCIA’s Proposed Rulemaking
The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) on April 4, 2024 published its proposed rules requiring critical infrastructure entities to report significant cyber incidents and ransom payments to CISA. The proposed regulations are intended to consolidate, fortify, and strengthen the United States’ cyber defenses in critical infrastructure (CI) sectors.
Ampere Industrial Security Evolves into Ampyx Cyber
Ampere Industrial Security, renowned for its expertise in industrial security, announces its rebranding to Ampyx Cyber, marking a new chapter in its global presence with offices in Portland, OR, USA, and a new European base in Tallinn, Estonia. This strategic change represents an expanded commitment to providing top-tier cybersecurity solutions across continents.
Embracing AI for the Electric Grid: Insights from NERC
In the rapidly evolving landscape of the electric sector, the integration of cutting-edge technologies is not just an option; it's a necessity. Among these, artificial intelligence (AI) stands out as a transformative force, offering unprecedented opportunities to enhance grid reliability, security, and efficiency. Recognizing this potential, the North American Electric Reliability Corporation (NERC) has provided insightful comments on how AI can be harnessed to address the challenges and opportunities within the electric grid.
CIP-015: The Crucial Role of INSM in Strengthening Grid Security
introduction of CIP-015, a new regulation aimed at enhancing grid security by mandating Internal Network Security Monitoring (INSM) for high and medium impact Bulk Electric System (BES) Cyber Systems. This development, initiated by FERC Order No. 887, responds to the need for robust monitoring within trusted network zones to detect and mitigate potential cyber threats. CIP-015 emerges as a standalone standard after industry feedback suggested that INSM requirements did not align well with existing frameworks, shifting towards an objective-based rather than prescriptive approach.
FERC Chairman's Reliability Report: A Year in Review
In 2023, FERC Chairman Willie L. Phillips' report highlighted advancements in U.S. power grid reliability, focusing on enhanced cybersecurity measures, physical grid security improvements, and resilience against extreme weather. Key initiatives included the implementation of new cybersecurity standards, incentive-based cybersecurity investments, and transmission reforms to accommodate evolving energy resources. These efforts underscore FERC's commitment to maintaining a resilient and secure electric grid.
NERC's New INSM Regulation: Assessing Impact and Ambiguity
The recent draft release of NERC's new CIP Standard for Internal Network Security Monitoring (INSM) sparks a conversation filled with anticipation and skepticism. With directives from FERC Order 887 echoing in its language, the draft attempts to navigate through the challenges of creating a new regulation to address situations where vendors or individuals with authorized access are considered secure and trustworthy but could still introduce a cybersecurity risk.
Embracing the Cloud: A New Era for BES Operations
This insightful blog post delves into the critical aspects of cloud migration, offering a strategic roadmap for businesses. It emphasizes the importance of a well-thought-out plan, highlighting the need for compatibility assessment, data security, and cost management. The article also stresses the significance of choosing the right cloud provider and preparing the workforce through training and support. This guide is an essential resource for organizations seeking to navigate the complexities of transitioning to cloud computing, ensuring a seamless and successful migration.
Understanding NERC's CIP-004-7 and CIP-011-3: A Deep Dive into BCSI Access, Cloud Challenges, and Encryption
Stay ahead of the curve with a comprehensive overview of NERC's new Critical Infrastructure Protection (CIP) standards, CIP-004-7 and CIP-011-3, set to be effective from January 1st, 2024. Understand the pivotal changes concerning BES Cyber System Information (BCSI) access, the nuances of cloud BCSI, and the strategic choices around encryption.
Inverter-Based Resources - Guide to Potential NERC CIP Impacts of Upcoming Regulatory Changes
Upcoming NERC regulatory changes are expected to result in a significant increase in registrations of inverter-based resources, resulting in the likelihood of control centers to be categorized as North American Electrical Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Medium-Impact Control Centers and/or Low-Impact Control Centers and correspondingly to meet the relevant NERC CIP requirements.
The European Union's Upgraded NIS2 Cybersecurity Framework
The European Union, with its commitment to digital governance and cyber protection, has recently updated its foundational cybersecurity framework, repealing the previous Network and Information Systems Directive (“NIS”) with the NIS2 Directive. Take a dive into the notable changes, implications, and suggested actions for businesses that fall under its scope.
NERC Initiates Data Collection on INSM for Low Impact CIP Assets
NERC has initiated the Internal Network Security Monitoring (INSM) Data Request in response to a directive from FERC. This effort aims to gather data on the risks of not implementing INSM in medium and low impact BES Cyber Systems. NERC is collecting information from utilities in the electric power industry regarding facility numbers, network configurations, malicious code detection, implementation challenges, and alternative solutions. The data must be submitted by July 25, 2023.
New Low Impact NERC CIP-003-9 Regulations: Vendor Supply Chain Security
On March 16 2023, FERC issued a new Order approving NERC CIP-003-9 introducing new requirements for vendor electronic remote access security controls to low impact BES Cyber Systems. These new security controls are intended to allow detection and the ability to disable vendor remote access in the event of a known or suspected malicious communication.
New cybersecurity controls for vendor access to low impact NERC CIP assets
FERC has approved new cybersecurity standards to improve risk management practices and supply chain risk management for low impact assets. The new standards, designated CIP-003-9, require utilities to establish and maintain a documented supply chain cyber risk management plan and implement vendor-focused cybersecurity protections for their low impact BES Cyber Systems.