The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) on April 4, 2024 published its proposed rules requiring critical infrastructure entities to report significant cyber incidents and ransom payments to CISA. The proposed regulations are intended to consolidate, fortify, and strengthen the United States’ cyber defenses in critical infrastructure (CI) sectors.
Read MoreAmpere Industrial Security, renowned for its expertise in industrial security, announces its rebranding to Ampyx Cyber, marking a new chapter in its global presence with offices in Portland, OR, USA, and a new European base in Tallinn, Estonia. This strategic change represents an expanded commitment to providing top-tier cybersecurity solutions across continents.
Read MoreIn the rapidly evolving landscape of the electric sector, the integration of cutting-edge technologies is not just an option; it's a necessity. Among these, artificial intelligence (AI) stands out as a transformative force, offering unprecedented opportunities to enhance grid reliability, security, and efficiency. Recognizing this potential, the North American Electric Reliability Corporation (NERC) has provided insightful comments on how AI can be harnessed to address the challenges and opportunities within the electric grid.
Read Moreintroduction of CIP-015, a new regulation aimed at enhancing grid security by mandating Internal Network Security Monitoring (INSM) for high and medium impact Bulk Electric System (BES) Cyber Systems. This development, initiated by FERC Order No. 887, responds to the need for robust monitoring within trusted network zones to detect and mitigate potential cyber threats. CIP-015 emerges as a standalone standard after industry feedback suggested that INSM requirements did not align well with existing frameworks, shifting towards an objective-based rather than prescriptive approach.
Read MoreIn 2023, FERC Chairman Willie L. Phillips' report highlighted advancements in U.S. power grid reliability, focusing on enhanced cybersecurity measures, physical grid security improvements, and resilience against extreme weather. Key initiatives included the implementation of new cybersecurity standards, incentive-based cybersecurity investments, and transmission reforms to accommodate evolving energy resources. These efforts underscore FERC's commitment to maintaining a resilient and secure electric grid.
Read MoreThe recent draft release of NERC's new CIP Standard for Internal Network Security Monitoring (INSM) sparks a conversation filled with anticipation and skepticism. With directives from FERC Order 887 echoing in its language, the draft attempts to navigate through the challenges of creating a new regulation to address situations where vendors or individuals with authorized access are considered secure and trustworthy but could still introduce a cybersecurity risk.
Read MoreThis insightful blog post delves into the critical aspects of cloud migration, offering a strategic roadmap for businesses. It emphasizes the importance of a well-thought-out plan, highlighting the need for compatibility assessment, data security, and cost management. The article also stresses the significance of choosing the right cloud provider and preparing the workforce through training and support. This guide is an essential resource for organizations seeking to navigate the complexities of transitioning to cloud computing, ensuring a seamless and successful migration.
Read MoreStay ahead of the curve with a comprehensive overview of NERC's new Critical Infrastructure Protection (CIP) standards, CIP-004-7 and CIP-011-3, set to be effective from January 1st, 2024. Understand the pivotal changes concerning BES Cyber System Information (BCSI) access, the nuances of cloud BCSI, and the strategic choices around encryption.
Read MoreUpcoming NERC regulatory changes are expected to result in a significant increase in registrations of inverter-based resources, resulting in the likelihood of control centers to be categorized as North American Electrical Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Medium-Impact Control Centers and/or Low-Impact Control Centers and correspondingly to meet the relevant NERC CIP requirements.
Read MoreThe European Union, with its commitment to digital governance and cyber protection, has recently updated its foundational cybersecurity framework, repealing the previous Network and Information Systems Directive (“NIS”) with the NIS2 Directive. Take a dive into the notable changes, implications, and suggested actions for businesses that fall under its scope.
Read MoreAmpere Industrial Security, the global leader in industrial cybersecurity consulting, and DeNexus Inc, the leading provider of second-generation cyber risk quantification and management to large industrial facilities, OT service providers, and the cyber risk transfer market, announce their partnership today.
Read MoreNERC has initiated the Internal Network Security Monitoring (INSM) Data Request in response to a directive from FERC. This effort aims to gather data on the risks of not implementing INSM in medium and low impact BES Cyber Systems. NERC is collecting information from utilities in the electric power industry regarding facility numbers, network configurations, malicious code detection, implementation challenges, and alternative solutions. The data must be submitted by July 25, 2023.
Read MoreOn March 16 2023, FERC issued a new Order approving NERC CIP-003-9 introducing new requirements for vendor electronic remote access security controls to low impact BES Cyber Systems. These new security controls are intended to allow detection and the ability to disable vendor remote access in the event of a known or suspected malicious communication.
Read MoreFERC has approved new cybersecurity standards to improve risk management practices and supply chain risk management for low impact assets. The new standards, designated CIP-003-9, require utilities to establish and maintain a documented supply chain cyber risk management plan and implement vendor-focused cybersecurity protections for their low impact BES Cyber Systems.
Read MoreWhile encryption meets the security objective of CIP-012, entities can utilize additional security controls to provide a defense in depth approach and in some cases utilize controls other than encryption.
Read MoreThe White House issued its new National Cybersecurity Strategy on Thursday, laying out its plan for securing the country from cyberattacks. Patrick C. Miller answers questions about the strategy and how it could impact you.
Read MoreGovernment and industry experts have recently pointed to software bill of materials (SBOM) as a requirement for organizations, but what are you getting? David Foose spends some time exploring aspects of SBOM fever.
Read MoreThis year, the S4 event hosted by Dale Peterson (DigitalBond) was bigger than ever. New venue, new content, new challenges, new theme, and a new feel. Here’s a report of my experience with some bad, some good and some great things that happened.
Read MoreDavid Foose, a former vendor, takes us on a brief walk through the history and the justifications Supply Chain Security and the birth of NERC CIP 13. With this, we explore what might have been and where it may have unfortunately veered off into constant contract negotiation entities find themselves today.
Read MoreFERC has issued Order 887, directing NERC to create new Critical Infrastructure Protection (CIP) cybersecurity standards for Internal Network Monitoring Systems (INSM). Hear from a real electric utility asset owner, Carter Manucy of FMPA, on what this means for the industry and what you should do next.
Read More
