AMPYX CYBER (formerly Ampere Industrial Security)

The new National Cyber Strategy calls compliance checklists a problem. We've been saying that for years. But deregulation and security aren't the same thing either. What replaces a requirement matters more than removing it. Full analysis at ampyxcyber.com/blog/...

Poland's Energy Sector Attack: When Cyber Sabotage Targets OT — AMPYX CYBER On December 29, 2025, Poland experienced coordinated destructive cyberattacks across 30+ wind/solar farms, a CHP plant, and manufacturing. Attackers exploited FortiGate devices without MFA, used default credentials on OT equipment, and deployed custom wiper malware designed to damage industrial controls. Every failure was preventable.

Coordinated destructive cyberattacks across 30+ renewable farms, a CHP plant, and manufacturing in Poland. Not ransomware. Sabotage. Custom wiper malware designed to damage RTUs, PLCs, relays, and serial device servers.

Poland's Energy Sector Attack: When Cyber Sabotage Targets OT — AMPYX CYBER On December 29, 2025, Poland experienced coordinated destructive cyberattacks across 30+ wind/solar farms, a CHP plant, and manufacturing. Attackers exploited FortiGate devices without MFA, used default credentials on OT equipment, and deployed custom wiper malware designed to damage industrial controls. Every failure was preventable.

Coordinated destructive cyberattacks across 30+ renewable farms, a CHP plant, and manufacturing in Poland. Not ransomware. Sabotage. Custom wiper malware designed to damage RTUs, PLCs, relays, and serial device servers.

Policy Pulse: Regulatory Roundtable - NERC CIP, Cybersecurity Strategy, AI & Electric Sector — AMPYX CYBER Policy Pulse: Regulatory Roundable is a new monthly feature of the Critical Assets Podcast. Join Patrick Miller, Joy Ditto, and Earl Shockley as they break down the latest policy, regulatory, and legislative changes impacting critical infrastructure, OT, and cybersecurity. If it affects your assets, audits, or authority, we’re covering it, straight from the policy frontlines.

Just dropped: Our first Policy Pulse - Regulatory Roundtable panel podcast episode With JoyDitto & Earl Shockley.

We tackle:
- NERC low-impact crackdown
- Audit competency & CMEP reform
- AI in OT & the looming cyber strategy
- Talent gaps in the sector

Poland's Energy Sector Attack: When Cyber Sabotage Targets OT — AMPYX CYBER On December 29, 2025, Poland experienced coordinated destructive cyberattacks across 30+ wind/solar farms, a CHP plant, and manufacturing. Attackers exploited FortiGate devices without MFA, used default credentials on OT equipment, and deployed custom wiper malware designed to damage industrial controls. Every failure was preventable.

Coordinated destructive cyberattacks across 30+ renewable farms, a CHP plant, and manufacturing in Poland. Not ransomware. Sabotage. CERT Polska just published the most detailed OT attack post-mortem we've seen.

Humans, Engineering Shifts, Required Investment, & Commitment for Operational Security — AMPYX CYBER New secure connectivity guidance describes a greenfield target architecture, but most OT environments are brownfield reality. True resilience isn't achieved through technology alone. Human expertise, manual operating capability, physical engineering controls, and sustained investment are equally critical. Without these foundations, digital security layers risk becoming expensive new failure modes.

Secure connectivity guidance often assumes greenfield architectures. Most OT environments are brownfield reality. Real resilience is not just network controls. It is people, manual capability, physical engineering, training, and sustained investment.

Policy Pulse: Regulatory Roundtable - NERC CIP, Cybersecurity Strategy, AI & Electric Sector — AMPYX CYBER Policy Pulse: Regulatory Roundable is a new monthly feature of the Critical Assets Podcast. Join Patrick Miller, Joy Ditto, and Earl Shockley as they break down the latest policy, regulatory, and legislative changes impacting critical infrastructure, OT, and cybersecurity. If it affects your assets, audits, or authority, we’re covering it, straight from the policy frontlines.

Just dropped: Our first Policy Pulse - Regulatory Roundtable panel podcast episode With JoyDitto & Earl Shockley.

We tackle:
- NERC low-impact crackdown
- Audit competency & CMEP reform
- AI in OT & the looming cyber strategy
- Talent gaps in the sector

NERC’s CMEP Version 8 does not change the Reliability Standards. It stabilizes how compliance monitoring and enforcement operate across the ERO Enterprise. What this means for audits, risk-based scope, technical competence, & ERO-wide consistency at ampyxcyber.com/blog/...

Humans, Engineering Shifts, Required Investment, & Commitment for Operational Security — AMPYX CYBER New secure connectivity guidance describes a greenfield target architecture, but most OT environments are brownfield reality. True resilience isn't achieved through technology alone. Human expertise, manual operating capability, physical engineering controls, and sustained investment are equally critical. Without these foundations, digital security layers risk becoming expensive new failure modes.

Secure connectivity guidance often assumes greenfield architectures. Most OT environments are brownfield reality. Real resilience is not just network controls. It is people, manual capability, physical engineering, training, and sustained investment.

NERC’s December 2025 Internal Controls Guide quietly reshapes CMEP. ICE is gone. Continuous, risk based control oversight now drives COPs, audit depth, and regulatory trust. Internal controls are no longer periodic. They are always on. Full analysis: ampyxcyber.com/blog/...

NERC’s CMEP Version 8 does not change the Reliability Standards. It stabilizes how compliance monitoring and enforcement operate across the ERO Enterprise. What this means for audits, risk-based scope, technical competence, & ERO-wide consistency at ampyxcyber.com/blog/...

A new joint US/UK/EU agency coalition just released a new OT secure connectivity doctrine. We break down what it really means for utilities and industrial operators, what breaks in legacy environments, and the safety/engineering realities behind it ampyxcyber.com/blog/...

NERC’s new CIP Roadmap marks a major shift in how cyber risk will be regulated across the power grid. MFA for low impact systems, protection of telecom dependent control traffic, cloud security, and new focus on IBRs, DERs, EVSE, and large loads.

ampyxcyber.com/blog/...

NERC’s December 2025 Internal Controls Guide quietly reshapes CMEP. ICE is gone. Continuous, risk based control oversight now drives COPs, audit depth, and regulatory trust. Internal controls are no longer periodic. They are always on. Full analysis: ampyxcyber.com/blog/...

A new joint US/UK/EU agency coalition just released a new OT secure connectivity doctrine. We break down what it really means for utilities and industrial operators, what breaks in legacy environments, and the safety/engineering realities behind it ampyxcyber.com/blog/...

NERC’s new CIP Roadmap marks a major shift in how cyber risk will be regulated across the power grid. MFA for low impact systems, protection of telecom dependent control traffic, cloud security, and new focus on IBRs, DERs, EVSE, and large loads.

ampyxcyber.com/blog/...

Now hiring: Business Development Administrator (remote, contract 1099). Track RFx, support proposals, keep the pipeline organized, and coordinate docs and timelines. Join a mission-driven team protecting critical infrastructure. Apply: www.linkedin.com/job...

Now hiring: Business Development Administrator (remote, contract 1099). Track RFx, support proposals, keep the pipeline organized, and coordinate docs and timelines. Join a mission-driven team protecting critical infrastructure. Apply: www.linkedin.com/job...

Now hiring: Business Development Administrator (remote, contract 1099). Track RFx, support proposals, keep the pipeline organized, and coordinate docs and timelines. Join a mission-driven team protecting critical infrastructure. Apply: www.linkedin.com/job...

Now hiring: Business Development Administrator (remote, contract 1099). Track RFx, support proposals, keep the pipeline organized, and coordinate docs and timelines. Join a mission-driven team protecting critical infrastructure. Apply: www.linkedin.com/job...

Volt Typhoon represents a different kind of cyber risk for electric utilities. After months of research, we break down what makes this threat different and what leaders should focus on now. New blog, white paper and executive brief at ampyxcyber.com/blog/...

The next NERC CIP Bootcamp is live!

Join us for 3.5 days of practical, hands-on training covering all CIP standards, packed with the latest updates from NERC, Regional Entities & drafting teams shaping current compliance & audit guidance.

Details at ampyxcyber.com/nerc-...

The next NERC CIP Bootcamp is live!

Join us for 3.5 days of practical, hands-on training covering all CIP standards, packed with the latest updates from NERC, Regional Entities & drafting teams shaping current compliance & audit guidance.

Details at ampyxcyber.com/nerc-...

UEFI Secure Boot is often assumed to be enabled and enforcing. NSA’s latest guidance shows how boot time trust can silently fail and why misconfiguration creates real supply chain risk before the OS ever loads. Full analysis at ampyxcyber.com/blog/...

Cybersecurity Performance Goals 2.0: Governance First, Outcomes Always — AMPYX CYBER CISA’s Cybersecurity Performance Goals 2.0 reshape baseline expectations for critical infrastructure. The update elevates governance, strengthens OT-specific requirements, and shifts from checklist controls to outcome-driven resilience. This Policy Pulse post breaks down what changed, why it matters, and how operators should prepare.

CISA’s Cybersecurity Performance Goals 2.0 mark a major shift toward outcome driven security for critical infrastructure. Read about what changed, why governance now leads the model, and how OT operators can use CPG 2.0 to strengthen resilience at

Reinforcing the U.S. Grid: The 2025 USCC Report on Chinese Energy Influence — AMPYX CYBER The 2025 USCC Annual Report outlines national security risks from PRC-linked technologies in the U.S. energy sector. It offers clear, field-informed recommendations, including testimony from Ampyx Cyber’s CEO, on supply chain threats, OT device transparency, and cyber response. Read the full analysis and policy roadmap.

The U.S.-China Commission’s 2025 report is out, and we’re proud to have contributed. The section on PRC-linked energy equipment highlights urgent cybersecurity priorities, many of which are actionable. Our summary and takeaways here:

The next NERC CIP Bootcamp is live!

Join us for 3.5 days of practical, hands-on training covering all CIP standards, packed with the latest updates from NERC, Regional Entities & drafting teams shaping current compliance & audit guidance.

Details at ampyxcyber.com/nerc-...

UEFI Secure Boot is often assumed to be enabled and enforcing. NSA’s latest guidance shows how boot time trust can silently fail and why misconfiguration creates real supply chain risk before the OS ever loads. Full analysis at ampyxcyber.com/blog/...