New Cybersecurity Monitoring Requirements

Deck: 

What NERC CIP-015 Means

Fortnightly Magazine - October 2025
This full article is only accessible by current license holders. Please login to view the full content.
Don't have a license yet? Click here to sign up for Public Utilities Fortnightly, and gain access to the entire Fortnightly article database online.

On June 26, 2025, FERC issued Order No. 907 formally approving North American Electric Reliability Corporation Critical Infrastructure Protection (CIP) Standard CIP-015-1. The new standard will require Internal Network Security Monitoring (INSM) (east-west monitoring) for network traffic within Electronic Security Perimeters (ESPs), intended to improve early detection of threats that bypass traditional perimeter defenses.

CIP-015 acknowledges that adversaries can infiltrate trusted zones and highlights the importance of continuous internal visibility. By implementing INSM, entities will be better equipped to detect an adversary during the initial stages of an intrusion and reduce the risk of an adversary establishing a foothold in the environment.

Organizations with High and Medium Impact BES Cyber Systems should begin aligning resources and internal plans to meet the CIP-015-1 requirements within the implementation timeline.

See Figure One.

Why Traditional Defenses Are No Longer Enough

Historically, NERC CIP standards have focused on preventive controls – such as strong perimeter defenses, vulnerability management, and patching — based on the assumption that these measures would be sufficient to keep threats out.

This full article is only accessible by current license holders. Please login to view the full content.
Don't have a license yet? Click here to sign up for Public Utilities Fortnightly, and gain access to the entire Fortnightly article database online.