Dragos
Kristine Martz is Principal Product Advisor for Dragos Inc. and has over fifteen years of experience in power and utilities cybersecurity and regulatory compliance, with expertise in NERC standards and real-time systems security.
The electric sector's cybersecurity posture is undergoing a fundamental shift. With FERC approval of CIP-015-1, utilities are required to implement Internal Network Security Monitoring (INSM) within Electronic Security Perimeters (ESPs).
The scope expands in CIP-015-2 to require INSM for Electronic Access Control or Monitoring Systems (EACMS), Physical Access Control Systems (PACS), and Shared Cyber Infrastructure (SCI) outside of the ESP.
This marks a departure from the traditional perimeter-centric approach embodied in standards like CIP-007-6 Requirement R4, which focuses on Security Event Monitoring at the system level. This evolution recognizes that organizations must plan for scenarios where adversaries are already operating within the environment.
CIP-007-6 R4: The Legacy of Perimeter Defense. CIP-007-6 R4 mandates that Responsible Entities implement logging and alerting mechanisms for BES Cyber Systems and a specific scope of associated Cyber Assets. It emphasizes host-based monitoring — tracking login attempts, malicious code detection, and system-level events. While effective for detecting certain types of activity, this approach assumes that threats will manifest at the endpoint and that perimeter defenses will prevent deeper infiltration.