INSIGHTS

Internal Network Security Monitoring for Utilities

Internal Network Security Monitoring (INSM) is transforming how electric utilities protect critical infrastructure. With NERC CIP-015 requirements and evolving cyber threats, INSM provides essential visibility into trusted network zones while supporting regulatory compliance and operational resilience.

INSM Fundamentals

Internal network security monitoring (INSM) provides continuous visibility into trusted network zones, enabling utilities to detect threats that bypass perimeter defenses.

INSM Requirements

NERC CIP-015 mandates comprehensive internal network security monitoring capabilities for High and Medium Impact BES Cyber Systems. Requirements include monitoring network data feeds, detecting anomalous activity, analyzing threats, protecting monitoring data, and retaining investigation records

CIP-015 Compliance Deadline: October 1, 2028

Asset owners have just over 3 years to implement internal network security monitoring for High and Medium Impact BES Cyber Systems. Start planning now

Case study

Dominion Energy Case Study: INSM Readiness as a Natural Consequence of Strong Security

This case study examines how Dominion Energy transformed their security posture through a comprehensive implementation of the Dragos Platform for internal network security monitoring. What distinguishes Dominion’s approach is their fundamental recognition that “being compliant doesn’t equal being cyber secure.”

DOWNLOAD THE case study

Related Resources

Blog

NERC CIP-015-1 Is Approved—Here’s What Asset Owners Need to Do

July 8, 2025 06:10 PM

6 min read

Shelby Brooks

Webinar

NERC CIP-015: Monitoring Deep Inside Critical Networks to Keep Adversaries Outside

Tim Conway (SANS) & Robert M. Lee (Dragos) share how to approach INSM for CIP-015—covering planning, implementation, compliance prep, and what effective INSM looks like in practice

August 19, 2025 08:56 PM

Blog

Key Insights for NERC CIP-015 Compliance: Anomaly Detection vs. Detecting Anomalous Activity

July 31, 2024 05:45 PM

4 min read

Shelby Brooks

FAQ

Begin with a comprehensive industrial cyber risk assessment guide that identifies all OT assets, evaluates current security controls, and maps potential threat vectors. The SANS 5 Critical Controls provide an excellent starting framework for prioritizing security investments.

Industrial systems prioritize availability and safety over confidentiality, operate on different protocols, and requires unique strategies outside of “patch immediately.” OT cyber risk management must account for operational impact, safety consequences, and regulatory compliance specific to industrial environments.

Insurance providers recognize that robust operational technology security programs significantly reduce claim likelihood and severity. Visibility, threat detection, and preparedness have measurable risk-reduction that can be taken into account when determining coverage, regulatory compliance, and legal considerations.

Industrial-specific threat intelligence helps organizations understand adversary tactics targeting their sector, prioritize vulnerabilities based on active threats, and implement proactive defenses rather than reactive measures.

Choose solutions that have functionality proven to reduce risk. Strong incident response capabilities with insurance industry recognition; real-time OT asset visibility, advanced threat detection specific to industrial protocols, actionable threat intelligence, and risk-based vulnerability management.

See the Dragos Platform in Action

Take the next step to protect your ICS environment now with a free demo.

REQUEST PLATFORM DEMO