As we take our final lap around 2024, the rearview mirror looks a bit like the windshield, with past themes guiding future actions. 

In 2024, the North American Energy Reliability Corporation (NERC) required registered entities to comply with more than 500 new Critical Infrastructure Protection (CIP) standards. This compelled utility and energy companies to work diligently (and strenuously) to optimize their practices in order to meet these new and often onerous requirements.

2025 is sizing up similarly with more than 100 additional mandates.

The task of upholding the information protection CIP standard has grown in tandem with the information available. The same holds true for the CIP, regarding the detection of anomalous or unauthorized network activity to facilitate improved response and recovery from an attack.

Of course, these requirements were not born in a vacuum, but from ever-increasing threats to security. 

According to Security Today, the world’s critical infrastructure was besieged by an astounding 420 million attacks across 163 countries in 2023. This 30% YoY increase in attacks on such critical sectors as power, communications, manufacturing, and transportation is equivalent to 13 attacks every second. 

Operational Technology bears the brunt of these cyber assaults. In fact, one-third of all attacks are on protocols used in automation and power.

It’s no wonder that new standards are being developed to prevent, assess, and prevent attacks through enhanced visibility and real-time contextual awareness that yield a proactive defense posture.

The new standard for meeting NERC CIP standards. 

As cybersecurity requirements harden, OT and cybersecurity teams have the difficult task of putting new systems and processes in place without new budget or time in the day to do so. With both existing and proposed changes, teams will turn more inward, seeking to detect insider threats, anomalous network activity, East-West traffic, and more. 

OT and cybersecurity professionals are tasked with employing additional tooling and data sources. Yet SecOps, ITOps and engineering teams are often and necessarily siloed, resulting in a lack of visibility needed to drive timely, efficient, effective actionability. 

Bottom line: you can’t fix what you can’t see. 

Fortunately, Splunk and Arcus make protecting operational technology standard operating procedure, even as NERC and CIP standards evolve.

Splunk + Arcus: the data and security dream team. 

Splunk, in partnership with Arcus, brings SecOps, ITOps, and engineering together to simplify and unify data points, provide insight into Asset Risk Intelligence, and integrate with OT-specific tools to streamline compliance activities. 

Splunk and Arcus act as force multipliers for security teams, automating detection and response with capabilities that address the specific challenges that NERC CIPs pose. 

Powering real-time asset inventory management

In addition to legacy features, teams now have access to real-time asset inventory with the ability to work bi-directionally with other tools like CMDBs. 

Providing monitoring options

Many Splunk-based tools include monitoring options that assist with internal network security, cyber vision integrations, and, on the horizon, an OT security accelerator. 

Thwarting the data deluge

With Arcus and Splunk, teams are no longer drowning in data that are heavy on information and light on insights. Together, these tools amalgamate data at the source to provide key insights and reduce the time that it takes to detect and respond to incidents.

Getting smarter about threat intelligence

Teams can also leverage intelligence personalization to streamline threat detection, investigation, and response through a single pane of glass. The upside is that there are fewer clicks, chair swivels, and lookups–and a more effective, efficient TDIR process to help customers proactively identify and respond to incidents. There’s also an emphasis on community defense, empowering utilities to share threat intelligence to protect the broader grid.

The power of partnership.

As the NERC regulatory, OT, and cybersecurity landscape evolves, so does Splunk. Its roadmap focuses on cloud readiness, edge analytics, and streamlining the threat detection and response process.

As an Elite Tier Partner, Arcus receives early visibility into Splunk’s roadmap for the Core Platform, Security and Observability areas of the product. This enables us to identify new and better ways for our clients to address NERC and/or OT Security requirements with the evolving portfolio of both Splunk and Cisco products. 

See what’s ahead for OT Security and NERC.

For more information on what to expect in 2025 and how Cisco, Splunk and Arcus Data will help to tackle these challenges, please register here for our upcoming SEUWG event, January 22nd.