CIP-015: The Crucial Role of INSM in Strengthening Grid Security

introduction of CIP-015, a new regulation aimed at enhancing grid security by mandating Internal Network Security Monitoring (INSM) for high and medium impact Bulk Electric System (BES) Cyber Systems. This development, initiated by FERC Order No. 887, responds to the need for robust monitoring within trusted network zones to detect and mitigate potential cyber threats. CIP-015 emerges as a standalone standard after industry feedback suggested that INSM requirements did not align well with existing frameworks, shifting towards an objective-based rather than prescriptive approach.

INSMPatrick MillerMarch 27, 2024INSM, Internal Network Security Monitoring, NERC CIP, FERC, FERC 887

NERC's New INSM Regulation: Assessing Impact and Ambiguity

The recent draft release of NERC's new CIP Standard for Internal Network Security Monitoring (INSM) sparks a conversation filled with anticipation and skepticism. With directives from FERC Order 887 echoing in its language, the draft attempts to navigate through the challenges of creating a new regulation to address situations where vendors or individuals with authorized access are considered secure and trustworthy but could still introduce a cybersecurity risk.

INSMPatrick MillerDecember 20, 2023INSM, Internal Network Security Monitoring, NERC CIP

Understanding NERC's CIP-004-7 and CIP-011-3: A Deep Dive into BCSI Access, Cloud Challenges, and Encryption

Stay ahead of the curve with a comprehensive overview of NERC's new Critical Infrastructure Protection (CIP) standards, CIP-004-7 and CIP-011-3, set to be effective from January 1st, 2024. Understand the pivotal changes concerning BES Cyber System Information (BCSI) access, the nuances of cloud BCSI, and the strategic choices around encryption.

BCSIPatrick MillerNovember 2, 2023NERC CIP, BCSI

New Low Impact NERC CIP-003-9 Regulations: Vendor Supply Chain Security

On March 16 2023, FERC issued a new Order approving NERC CIP-003-9 introducing new requirements for vendor electronic remote access security controls to low impact BES Cyber Systems. These new security controls are intended to allow detection and the ability to disable vendor remote access in the event of a known or suspected malicious communication.

NERC CIPPatrick MillerApril 6, 2023NERC CIP, CIP-003, Low Impact

New cybersecurity controls for vendor access to low impact NERC CIP assets

FERC has approved new cybersecurity standards to improve risk management practices and supply chain risk management for low impact assets. The new standards, designated CIP-003-9, require utilities to establish and maintain a documented supply chain cyber risk management plan and implement vendor-focused cybersecurity protections for their low impact BES Cyber Systems.

NERC CIPPatrick MillerMarch 22, 2023NERC CIP, CIP-003

Securing Control Center communications is more than encryption

While encryption meets the security objective of CIP-012, entities can utilize additional security controls to provide a defense in depth approach and in some cases utilize controls other than encryption.

NERC CIPPatrick MillerMarch 10, 2023NERC CIP, CIP-012

There is a better way to do this: why critical infrastructure cybersecurity regulations are heading in the wrong direction

I helped write and establish the NERC CIP regulations. But now I want change. There is a way to save time, money and headaches while actually improving security for critical infrastructure.

NERC CIPPatrick MillerFebruary 19, 2022NERC CIP

20 years of NERC CIP - What's next?

Two industry veterans who cultivated NERC CIP over the past 20 years discuss how it all started, and what’s next for electric power industry security regulations. Patrick C. Miller, one of the first NERC CIP auditors in the country, and Carter Manucy, a utility IT/OT Security Director, talk about the regulation that changed the electric sector cybersecurity landscape forever.

NERC CIPPatrick MillerDecember 29, 2021NERC CIP

How it started, where it's going: 20 years of NERC CIP

Two key people who helped start NERC CIP 20 years ago talk about how and why it came together, and where it could go next. Patrick C. Miller, one of the first NERC CIP auditors in the country, and Earl Shockley, a former leader at NERC, talk about this momentous regulation that changed the electric sector cybersecurity landscape forever.

NERC CIPPatrick MillerDecember 8, 2021NERC CIP

Should the water sector follow the cybersecurity path of NERC CIP?

Water is essential for life – in so many ways. It’s so essential, we should do whatever is necessary to have a safe, reliable, and secure water/wastewater system, right? But from what I have seen both personally and in many public reports, we’re far from it. So, what is necessary to secure the water sector in the US?

NERC CIPPatrick MillerNovember 14, 2021NERC CIP, Water

Ampyx Cyber Blog

Social & other feeds

Contact information

Site Navigation