The E-ISAC is doing serious work inside a structure that limits how far that work can go. Both things are true. Our analysis of the 2025 End-of-Year Report:
https://ampyxcyber.com/blog/the-e-isacs-2025-report-real-progress-remaining-constraintsNERC Industry Survey: Physical Supply Chain Risk Management
https://www.surveymonkey.com/r/SCS-PhysicalRiskReport
Supply Chain Subcommittee (SCS) is seeking industry feedback on physical supply risks to inform the physical supply risk report.
FERC approved Orders 918 & 919 today. CIP virtualization standards, new low-impact controls, and an updated Control Center definition. All registered entities affected. 24 and 36 month implementation windows. Start your assessments now.
Full breakdown: https://ampyxcyber.com/blog/ferc-issues-orders-on-virtualization-and-low-impact-what-changed-and-what-you-need-to-do
The E-ISAC is doing serious work inside a structure that limits how far that work can go. Both things are true. Our analysis of the 2025 End-of-Year Report:
https://ampyxcyber.com/blog/the-e-isacs-2025-report-real-progress-remaining-constraintsThe new National Cyber Strategy calls compliance checklists a problem. We've been saying that for years. But deregulation and security aren't the same thing either. What replaces a requirement matters more than removing it. Full analysis at
https://ampyxcyber.com/blog/redesigning-the-machine-nerc-board-accepts-transformational-standards-modernization-plan-p2b7wThe new National Cyber Strategy calls compliance checklists a problem. We've been saying that for years. But deregulation and security aren't the same thing either. What replaces a requirement matters more than removing it. Full analysis at
https://ampyxcyber.com/blog/redesigning-the-machine-nerc-board-accepts-transformational-standards-modernization-plan-p2b7wCoordinated destructive cyberattacks across 30+ renewable farms, a CHP plant, and manufacturing in Poland. Not ransomware. Sabotage. Custom wiper malware designed to damage RTUs, PLCs, relays, and serial device servers.
https://ampyxcyber.com/blog/polands-energy-sector-attack-when-cyber-sabotage-targets-ot
Poland's Energy Sector Attack: When Cyber Sabotage Targets OT — AMPYX CYBER
On December 29, 2025, Poland experienced coordinated destructive cyberattacks across 30+ wind/solar farms, a CHP plant, and manufacturing. Attackers exploited FortiGate devices without MFA, used default credentials on OT equipment, and deployed custom wiper malware designed to damage industrial cont
Coordinated destructive cyberattacks across 30+ renewable farms, a CHP plant, and manufacturing in Poland. Not ransomware. Sabotage. Custom wiper malware designed to damage RTUs, PLCs, relays, and serial device servers.
https://ampyxcyber.com/blog/polands-energy-sector-attack-when-cyber-sabotage-targets-otPoland's Energy Sector Attack: When Cyber Sabotage Targets OT — AMPYX CYBER
On December 29, 2025, Poland experienced coordinated destructive cyberattacks across 30+ wind/solar farms, a CHP plant, and manufacturing. Attackers exploited FortiGate devices without MFA, used default credentials on OT equipment, and deployed custom wiper malware designed to damage industrial cont
Just dropped: Our first Policy Pulse - Regulatory Roundtable panel podcast episode With JoyDitto & Earl Shockley.
We tackle:
- NERC low-impact crackdown
- Audit competency & CMEP reform
- AI in OT & the looming cyber strategy
- Talent gaps in the sector
https://ampyxcyber.com/podcast/policy-pulse-regulatory-roundtable-nerc-cip-cybersecurity-strategy-ai-electric-sector
Policy Pulse: Regulatory Roundtable - NERC CIP, Cybersecurity Strategy, AI & Electric Sector — AMPYX CYBER
Policy Pulse: Regulatory Roundable is a new monthly feature of the Critical Assets Podcast. Join Patrick Miller, Joy Ditto, and Earl Shockley as they break down the latest policy, regulatory, and legislative changes impacting critical infrastructure, OT, and cybersecurity. If it affects your assets,
Coordinated destructive cyberattacks across 30+ renewable farms, a CHP plant, and manufacturing in Poland. Not ransomware. Sabotage. CERT Polska just published the most detailed OT attack post-mortem we've seen.
https://ampyxcyber.com/blog/polands-energy-sector-attack-when-cyber-sabotage-targets-otPoland's Energy Sector Attack: When Cyber Sabotage Targets OT — AMPYX CYBER
On December 29, 2025, Poland experienced coordinated destructive cyberattacks across 30+ wind/solar farms, a CHP plant, and manufacturing. Attackers exploited FortiGate devices without MFA, used default credentials on OT equipment, and deployed custom wiper malware designed to damage industrial cont
