Policy Pulse - Regulatory Roundtable: Cyber Strategy, Large Loads, AI & CISA in Flux
Season 4 - Episode 2
Host: Patrick Miller
Guests: Joy Ditto, Earl Shockley
Policy Pulse: Regulatory Roundable is a new monthly feature of the Critical Assets Podcast. Join Patrick Miller, Joy Ditto, and Earl Shockley as they break down the latest policy, regulatory, and legislative changes impacting critical infrastructure, OT, and cybersecurity. If it affects your assets, audits, or authority, we’re covering it, straight from the policy frontlines.
Episode Summary
Patrick Miller reconvenes with Joy Ditto (Joy Ditto Consulting) and Earl Shockley (INPOWERD) for a tour of the past two months in critical infrastructure policy. The episode opens on the administration's new National Cybersecurity Strategy and its six pillars, with focus on the openly offensive "shape adversary behavior" posture and the asymmetric risk it creates for asset owners likely to absorb retaliation.
The panel then digs into the pressures reshaping the bulk electric system: data center designation, cloud-hosted control centers running NERC standards while the underlying compute is unregulated, and the physics of computational loads that behave nothing like traditional load. Earl walks through the recent NERC Level 3 alert on large load connections, an unusually serious signal that industry processes are behind.
The discussion also covers April infrastructure executive orders that release funding but ignore cybersecurity, hyperscalers displacing utilities as the top buyers of bulk electrical equipment, the multi-agency zero trust in OT guidance, and CISA's leadership uncertainty after Sean Plankey withdrew his nomination. On the AI front, the group unpacks what Anthropic's Mythos and the Glasswing response mean for vulnerability discovery at scale, and why no OT vendors are on the Glasswing list.
Closing thoughts include Joy's note on satellite cybersecurity and a rare bipartisan Senate trip to China, Earl's emphasis that computational load is now an enterprise governance issue rather than a technical one, and Patrick's plea to stop making the adversary's job easy.
Topics Covered
The new National Cybersecurity Strategy and its six pillars
Offensive cyber posture and the asymmetric risk to asset owners
Data center designation as critical infrastructure
Cloud control centers and the NERC 100-series standards
Computational load, grid stability, and loss of system inertia
NERC Level 3 alert on large load connections
April infrastructure executive orders and the missing cyber language
Supply chain shifts and hyperscalers as the top equipment buyers
CISA Fortify guidance and CISA's current leadership status
Anthropic's Mythos, the Glasswing response, and the OT vendor gap
Satellite cybersecurity and bipartisan engagement on China policy
Basic hygiene: get exposed devices off the internet
Recent Podcasts
