AMPYX CYBER

The new National Cyber Strategy calls compliance checklists a problem. We've been saying that for years. But deregulation and security aren't the same thing either. What replaces a requirement matters more than removing it. Full analysis at https://ampyxcyber.com/blog/redesigning-the-machine-nerc-board-accepts-transformational-standards-modernization-plan-p2b7w

Coordinated destructive cyberattacks across 30+ renewable farms, a CHP plant, and manufacturing in Poland. Not ransomware. Sabotage. Custom wiper malware designed to damage RTUs, PLCs, relays, and serial device servers. https://ampyxcyber.com/blog/polands-energy-sector-attack-when-cyber-sabotage-targets-ot

Coordinated destructive cyberattacks across 30+ renewable farms, a CHP plant, and manufacturing in Poland. Not ransomware. Sabotage. Custom wiper malware designed to damage RTUs, PLCs, relays, and serial device servers. https://ampyxcyber.com/blog/polands-energy-sector-attack-when-cyber-sabotage-targets-ot

Just dropped: Our first Policy Pulse - Regulatory Roundtable panel podcast episode With JoyDitto & Earl Shockley.

We tackle:
- NERC low-impact crackdown
- Audit competency & CMEP reform
- AI in OT & the looming cyber strategy
- Talent gaps in the sector

https://ampyxcyber.com/podcast/policy-pulse-regulatory-roundtable-nerc-cip-cybersecurity-strategy-ai-electric-sector

Coordinated destructive cyberattacks across 30+ renewable farms, a CHP plant, and manufacturing in Poland. Not ransomware. Sabotage. CERT Polska just published the most detailed OT attack post-mortem we've seen. https://ampyxcyber.com/blog/polands-energy-sector-attack-when-cyber-sabotage-targets-ot

Secure connectivity guidance often assumes greenfield architectures. Most OT environments are brownfield reality. Real resilience is not just network controls. It is people, manual capability, physical engineering, training, and sustained investment. https://ampyxcyber.com/blog/humans-engineering-shifts-required-investment-and-commitment-for-operational-security

Just dropped: Our first Policy Pulse - Regulatory Roundtable panel podcast episode With JoyDitto & Earl Shockley.

We tackle:
- NERC low-impact crackdown
- Audit competency & CMEP reform
- AI in OT & the looming cyber strategy
- Talent gaps in the sector

https://ampyxcyber.com/podcast/policy-pulse-regulatory-roundtable-nerc-cip-cybersecurity-strategy-ai-electric-sector

NERC’s CMEP Version 8 does not change the Reliability Standards. It stabilizes how compliance monitoring and enforcement operate across the ERO Enterprise. What this means for audits, risk-based scope, technical competence, & ERO-wide consistency at https://ampyxcyber.com/blog/how-cmep-version-8-reshapes-nercs-compliance-model

Secure connectivity guidance often assumes greenfield architectures. Most OT environments are brownfield reality. Real resilience is not just network controls. It is people, manual capability, physical engineering, training, and sustained investment. https://ampyxcyber.com/blog/humans-engineering-shifts-required-investment-and-commitment-for-operational-security

NERC’s December 2025 Internal Controls Guide quietly reshapes CMEP. ICE is gone. Continuous, risk based control oversight now drives COPs, audit depth, and regulatory trust. Internal controls are no longer periodic. They are always on. Full analysis: https://ampyxcyber.com/blog/from-spot-evaluations-to-continuous-oversight-nercs-new-internal-controls-model

NERC’s CMEP Version 8 does not change the Reliability Standards. It stabilizes how compliance monitoring and enforcement operate across the ERO Enterprise. What this means for audits, risk-based scope, technical competence, & ERO-wide consistency at https://ampyxcyber.com/blog/how-cmep-version-8-reshapes-nercs-compliance-model

A new joint US/UK/EU agency coalition just released a new OT secure connectivity doctrine. We break down what it really means for utilities and industrial operators, what breaks in legacy environments, and the safety/engineering realities behind it https://ampyxcyber.com/blog/new-joint-agency-guidance-secure-connectivity-principles-for-ot

NERC’s new CIP Roadmap marks a major shift in how cyber risk will be regulated across the power grid. MFA for low impact systems, protection of telecom dependent control traffic, cloud security, and new focus on IBRs, DERs, EVSE, and large loads.

https://ampyxcyber.com/blog/nercs-cip-roadmap-and-the-future-of-grid-cybersecurity

NERC’s December 2025 Internal Controls Guide quietly reshapes CMEP. ICE is gone. Continuous, risk based control oversight now drives COPs, audit depth, and regulatory trust. Internal controls are no longer periodic. They are always on. Full analysis: https://ampyxcyber.com/blog/from-spot-evaluations-to-continuous-oversight-nercs-new-internal-controls-model

A new joint US/UK/EU agency coalition just released a new OT secure connectivity doctrine. We break down what it really means for utilities and industrial operators, what breaks in legacy environments, and the safety/engineering realities behind it https://ampyxcyber.com/blog/new-joint-agency-guidance-secure-connectivity-principles-for-ot

Now hiring: Business Development Administrator (remote, contract 1099). Track RFx, support proposals, keep the pipeline organized, and coordinate docs and timelines. Join a mission-driven team protecting critical infrastructure. Apply: https://www.linkedin.com/jobs/view/4358329695

Now hiring: Business Development Administrator (remote, contract 1099). Track RFx, support proposals, keep the pipeline organized, and coordinate docs and timelines. Join a mission-driven team protecting critical infrastructure. Apply: https://www.linkedin.com/jobs/view/4358329695