nerc-cip

Mythos and the Utility Industry: Detection Without a Patch Path Special edition — June 6, 2026 Anthropic has built a frontier model that can find and chain industrial-grade vulnerabilities, and stood up Project Glasswing — now around one hundred fifty organizations across critical infrastructure — to gate its use. The detectors and hyperscalers are inside the consortium. The equipment OEMs whose firmware is the actual attack surface for the bulk electric system — SEL, ABB, Siemens, Schneider Electric, GE Vernova — are, with a single Hitachi-shaped exception, conspicuously silent. This episode argues the load-bearing question for the grid is not who has access to Mythos; it is what happens between a Mythos finding and a patched protective relay, and the corpus says that pipeline has not been built. ...

Episode Description CISA redefines zero trust for industrial networks CISA just delivered a definitive zero trust roadmap engineered specifically for operational technology that abandons disruptive IT playbooks in favor of passive discovery. This guidance arrives as utilities execute massive risk mitigation efforts, such as PG and E locking in a nearly nineteen billion dollar wildfire plan after reporting a seventy-five percent reduction in reportable ignitions. In response to compounding industry threats, federal energy regulators are simultaneously stepping up enforcement by attaching heavy disgorgement orders to standard compliance penalties. You must master these new architectural standards to secure critical infrastructure without tripping physical safety systems or facing substantial financial clawbacks. ...

Episode Description Congress unveils energy cyber bill as grid attacks surge Congress advanced the Energy Threat Analysis Center Act to explicitly combat threat actors like Volt Typhoon targeting American power grids. This legislation follows a 70 percent surge in utility cyberattacks, with over 3,300 industrial organizations compromised last year and average recovery costs surpassing $3.12 million. In response, the Department of Defense issued specialized Zero Trust guidance, while utilities like PG and E launched multibillion-dollar, AI-driven mitigation plans to harden infrastructure. Because hardware procurement and grid upgrades lock in your risk profile for decades, integrating these defenses now is a strict financial imperative to prevent costly operational downtime. ...

Episode Description White House unveils AI rule override as grid risks surge The White House unveiled a sweeping blueprint to override state artificial intelligence laws just as United States utility cyber incidents surge roughly seventy percent. To combat escalating physical and digital threats, infrastructure operators like PG and E are rapidly deploying over 630 predictive cameras to mitigate operational risks. In response to this mounting complexity, authorities finalized a hard August 2026 deadline demanding documented operational proof of model transparency to gate audits and procurement. Technology leaders must validate their system inventories and establish compliance guardrails immediately, or they risk losing access to critical enterprise contracts. ...

Episode Description PG and E Surges Capacity to Meet AI Data Center Demand Pacific Gas and Electric launched a massive nine point six gigawatt data center pipeline while energizing its first facility in San Jose to support the explosive growth of artificial intelligence. Data centers are projected to consume four point four percent of national electricity this year, while utilities plan a record eighty-six gigawatts of new generation to prevent a capacity crisis. Federal regulators are responding with permanent cybersecurity mandates as MIT researchers warn that physics-aware AI is now required to keep the evolving energy grid stable. These structural shifts dictate if your local grid can reliably handle the massive power demands of the AI era without triggering rate hikes or blackouts. ...

Episode Description Autonomy Surges: Trust Lags, Infrastructure Unveils Gaps Automated systems are accelerating across all sectors, from AI-driven algorithm discovery to utility infrastructure, creating a sharp tension as security teams face an AI trust paradox in automated response, hesitant to hand over control despite machine-speed attacks. The practical risk of this rapid scaling became clear when the 15-hour Amazon Web Services outage generated over six million reports, triggered by an internal DNS race condition, highlighting acute concentration risk. Regulators and standards bodies pivot aggressively, with the Transportation Security Administration formalizing mandatory pipeline cybersecurity requirements effective May 2025 and the IEC 62443 standard pushing industrial networks toward zero trust microsegmentation. These governance gaps and architectural shifts mean organizations must urgently invest in robust failure containment and user-validated explainable AI to ensure automated speed doesn't compromise critical safety. ...

Episode Description Alert Crisis Surges; 87% Pivot to AI for SOC Workloads The security industry warns of a critical alert crisis, with organizations routinely abandoning 40% of alerts daily as volumes surge, forcing rapid industry transformation. Independent research unveils that AI-assisted analysts are 45% to 61% faster at complex investigations while maintaining high accuracy, effectively overcoming human fatigue. Regulatory bodies, including the EU's NIS2 Directive and NERC-CIP in North America, are accelerating this pivot by driving mandatory Zero Trust principles across industrial control systems. For technical teams, adopting AI for alert consolidation and root cause analysis is now essential to close critical security blind spots in cloud environments and ensure sustainable operations. ...

Episode Description OT Attacks Surge 140%; Ransomware Hits Physical Safety The operational technology security landscape is facing an acute crisis as cyberattacks move decisively beyond data theft to threaten physical safety and industrial process reliability. Attacks on industrial control systems have surged 140% since 2020, and the SANS report confirms 38% of recent ransomware incidents compromise system safety functions directly, demanding swift regulatory action across critical infrastructure. In response, industry consensus favors robust defense strategies like network segmentation, which has been shown to contain 87% of attacks within initial compromise zones. Technical professionals must now navigate a massive theory-practice gap where sophisticated new AI and grid optimization methods lack rigorous field validation, requiring a shift toward evidenced-based risk assessment rather than relying solely on mathematical guarantees or vendor claims. ...

Episode Description OT Ransomware Surges 140%; FLI Warns AI Lacks Safety The Future of Life Institute warns of a "striking lack" of safety commitments across major AI companies, while new research unveils that large language models are fundamentally incentivized to guess rather than acknowledge uncertainty. Simultaneously, reports confirm ransomware attacks on industrial systems surged 140% over four years, with 38% of incidents compromising physical safety systems and operational reliability. In response, the US government pivots grid security requirements to internal network monitoring; professionals must embrace architectural controls like segmentation and FinOps to reduce threat surface and curb massive cloud overspending. ...

Episode Description News Brief: Volt Typhoon's 5-Year Shadow: Critical Infra at Risk Nation-state cyber groups like Volt Typhoon have maintained persistent access to US critical infrastructure for over five years, setting conditions for operational disruption in potential "total war" scenarios. This strategic cyber threat converges with severe infrastructure risk, evidenced by the fact that 70% of US power transformers exceed 25 years of age, contributing to doubled weather-related outages in the last two decades. To cope with grid strain and capacity deficits, operators are rapidly scaling automated demand response; Enel North America demonstrated operational maturity by dispatching 1,700 DR events across 1.25 million devices in one year. Technical professionals must urgently shift from post-hoc security and explainability solutions to architectures designed intrinsically with compliance and resilience, especially as AI and operational technology convergence expands the attack surface. ...