Utilities and pipeline operators have spent years — and hundreds of millions of dollars — building compliance programs around NERC CIP standards and TSA cybersecurity directives. The Bulk Electric System is protected by mandatory access controls, audit logging, incident reporting requirements, and vendor risk management programs that have no real equivalent in most enterprise sectors.
And yet: there is a gap in these programs that is growing every week. It has nothing to do with SCADA vulnerabilities or supply chain attacks.
It has to do with what your engineers are doing on their IT workstations.
What NERC CIP Covers — and What It Doesn't
The NERC Critical Infrastructure Protection standards are mandatory requirements for securing the Bulk Electric System. NERC's January 2026 CIP Roadmap identifies emerging security risks to BPS reliability and charts a path for continued improvement. Two new standards took effect in 2026:
- CIP-003-9 (effective April 1, 2026): refines security management controls for lower-risk environments, including vendor electronic remote access requirements for Low Impact BES Cyber Systems
- CIP-015-1 (effective September 2, 2025): establishes internal network security monitoring in high and medium-impact environments — visibility into what's happening inside the network perimeter
These are meaningful improvements. CIP-003-9 addresses supply chain and vendor access risk. CIP-015-1 addresses the gap perimeter controls can't handle: detecting unusual behavior after an attacker (or insider) has gotten past the edge.
What neither standard addresses is the following scenario: an operations engineer, working on her IT workstation, opens ChatGPT to ask for help analyzing anomaly data from the Energy Management System. She pastes in operational context — grid topology data, equipment identifiers, maintenance records — to get a better answer.
None of that crosses a NERC CIP-defined BES Cyber System boundary. It happens entirely on the IT side. NERC CIP doesn't see it.
TSA Pipeline Directives Have the Same Blind Spot
The Transportation Security Administration's cybersecurity requirements for pipeline operators are equally mature. SD Pipeline-2021-02F (effective May 3, 2025, expires May 2, 2026) requires pipeline owner-operators to implement layered cybersecurity measures with a defense-in-depth approach, covering their Critical Cyber Systems.
SD Pipeline-2021-01G (January 2026) requires designating a Cybersecurity Coordinator, reporting cybersecurity incidents to CISA, and conducting regular vulnerability assessments. The assessment framework aligns with NIST CSF functions and categories.
These directives are serious compliance obligations. But like NERC CIP, they focus on defined Critical Cyber Systems: the OT infrastructure that directly controls pipeline operations. The IT workstation where a pipeline engineer uses Microsoft Copilot to draft a maintenance report isn't a Critical Cyber System under the TSA framework — even if that report contains information about SCADA-monitored pressure readings, valve configurations, or control center procedures.
The IT-OT Convergence Makes This Urgent
The assumption underlying both frameworks — that IT and OT environments are largely separate, with a meaningful boundary between corporate networks and operational technology — is no longer accurate.
The IT-OT boundary is a myth. For a decade, the energy industry operated on the comforting assumption that an air gap, real or logical, separated the corporate network from the operational technology that controls generation, transmission, and distribution. That assumption is dead.
Engineers working on predictive maintenance, anomaly detection, and grid optimization routinely work with data from both environments. Corporate email contains details about outage schedules and maintenance windows. Collaboration tools carry engineering diagrams. And increasingly, employees are using AI tools on their corporate workstations to accelerate work that inherently involves operationally sensitive information.
When a control center operator uses ChatGPT to summarize a complex equipment failure report, or a pipeline safety engineer asks Claude to help analyze incident data, the prompt they type contains information that would be sensitive in any operational context — even if it doesn't technically qualify as BES CUI or BCSI under current NERC definitions.
What the Audit Trail Doesn't Capture
NERC CIP-015-1's internal network security monitoring requirements are designed to detect threats that have already breached the perimeter. They capture network events, anomalous behavior, and potential intrusions in high and medium-impact environments.
What they don't capture is the prompt an engineer typed at 2:47 PM on a Tuesday that included grid topology information and a request for analysis of an equipment vulnerability.
There is no NERC CIP control that asks: what did your employees submit to external AI systems this week? What operational context did they include? Were any of those submissions consistent with your data handling policies for operationally sensitive information?
TSA's SD-02F requires incident reporting for "unauthorized access of an Information or Operational Technology system" — but employee use of an authorized AI tool, even with sensitive operational content, doesn't meet that definition. The audit trail that satisfies your Cybersecurity Coordinator has a gap that neither the NERC CIP auditors nor TSA inspectors are asking about yet.
The word "yet" matters here.
NIST Is Filling the Framework Gap
NIST released a concept note in April 2026 for an AI Risk Management Framework Profile specifically for Trustworthy AI in Critical Infrastructure. As NIST noted directly: the profile "will guide CI operators towards specific risk management practices to consider when engaging AI-enabled capabilities."
For operators already navigating NERC CIP-014, TSA directives, and sector-specific ISAC guidance, a NIST AI RMF profile for critical infrastructure adds a new compliance dimension: not just "is your OT environment secure?" but "are the AI systems and AI tools operating in your environment governed in a way regulators can audit?"
The concept note phase is the right time to act. NIST standards have a reliable track record of becoming de facto expectations — the AI RMF 1.0 is already referenced in NERC discussions and treated by federal contractors as effectively mandatory guidance. A critical infrastructure profile will carry the same weight.
What Runtime AI Governance Looks Like for Utilities and Pipelines
The gap isn't theoretical. Utilities and pipeline operators need a governance layer that operates at the point where employees interact with AI tools — before sensitive operational information leaves the organization.
That layer should do three things:
1. Evaluate every AI interaction against your data handling policies. Not a probabilistic filter, but a deterministic policy engine that evaluates each prompt for operational data patterns — equipment identifiers, grid topology markers, SCADA-adjacent terminology, personnel records — and applies your organization's specific rules about what can and can't be submitted to external AI services.
2. Produce a tamper-evident audit trail. When your next NERC CIP audit, TSA inspection, or ISAC review asks what you have in place to govern employee AI use, the answer should be a log with user, timestamp, AI tool, policy outcome, and matched content category — not a training attestation from three years ago.
3. Cover the full surface. ChatGPT, Microsoft Copilot, Claude, Gemini, and the AI capabilities embedded in your existing enterprise tools. Policy enforcement that only covers API traffic misses the browser-based AI tools your engineers are using every day.
This is what Containment.AI provides. Our proxy and browser extension operate at the enforcement layer — between your employees and every AI endpoint they reach. Policies configure in the admin dashboard against your specific data classifications. Every interaction is logged to an immutable audit trail that satisfies the operational evidence standard that regulators in critical infrastructure sectors are increasingly demanding.
The Window Is Open — for Now
NERC, TSA, and NIST are each, in their own cadence, moving toward frameworks that will make AI governance in critical infrastructure environments an auditable compliance requirement. The organizations that build that governance infrastructure now — while the frameworks are still forming — will be positioned to demonstrate compliance when the auditors arrive, rather than scrambling to explain why they didn't see it coming.
The NERC CIP Roadmap, the TSA directive renewal cycle, and the NIST critical infrastructure AI RMF profile are all converging on the same recognition: AI tool governance isn't optional in high-consequence environments. The only question is whether your organization gets ahead of the requirement or waits for it to become an audit finding.
Containment.AI enforces AI governance policies in real time — at the proxy layer, in the browser, and in the admin dashboard — giving compliance teams in regulated and critical infrastructure environments the runtime audit trail and policy enforcement that frameworks like NERC CIP and TSA cybersecurity directives don't yet require but will. Learn more or request a demo.