Dragos highlights that the Federal Energy Regulatory Commission (FERC) formally approved NERC Reliability Standard CIP‑015‑1 on June 26, 2025, mandating internal network security monitoring (INSM) within the Electronic Security Perimeter for all high‑impact Bulk Electric System (BES) Cyber Systems and medium‑impact systems with external connectivity. This marks a significant shift from perimeter-focused cybersecurity, requiring continuous monitoring, anomaly detection, evaluation, data retention, and integrity protection of east-west traffic inside trusted zones. Asset owners must now identify risk-based networks to monitor, detect deviations from baseline activity, preserve related data for investigation, and secure that data from tampering or deletion.

The standard’s phased compliance deadlines—June 2027 for medium-impact systems with external connectivity and June 2028 for control-center environments—underscore the need for proactive planning and implementation. Moreover, FERC has directed NERC to extend INSM to include electronic and physical access control systems (EACMS/PACS) located outside the perimeter, expanding the definition of the CIP-networked environment. Dragos advises that utilities begin preparations immediately by leveraging advanced monitoring platforms capable of passive collection, anomaly detection, and robust data protection, and notes that the Dragos Platform is designed to support these requirements with tailored detection, playbooks, and reporting capabilities.

‍

Source: https://www.dragos.com/blog/nerc-cip-015-is-approved-what-asset-owners-need-to-do/