Brian Harrell

Opinions expressed by ICN authors are their own.

Brian Harrell, CPP is a Director in the Risk Management, Compliance and Security Team of Navigant’s Energy Practice providing energy companies with expert consultation on risk mitigation, protective measures, and compliance guidance for NERC CIP, CFATS and MTSA projects.

Prior to Navigant, Brian was the Director of the NERC Electricity Sector Information Sharing and Analysis Center (ES-ISAC) and was charged with leading NERC’s efforts to provide timely threat and risk information to over 1900 bulk power system owners/operators and government stakeholders. In addition, Brian was a subject matter expert and Standard Drafting Team member for the recently approved CIP-014 physical security standard. Brian led many key initiatives at NERC including the creation of the Grid Security Exercise (GridEx), Critical Infrastructure Protection Committee (CIPC) physical security guidance documents, and helped position NERC as a leader in substation security. During Brian’s time at NERC, he was also the Director of Critical Infrastructure Protection Programs, where he led CIP compliance staff, the CIPC technical committee, security training, and physical security outreach. Prior to NERC, Brian was the CIP Manager for the SERC Reliability Corporation, where he oversaw security related matters for the region.

Before coming to the electricity sector, Brian was the Sector Security Specialist for the Infrastructure Security Compliance Division at the U.S. Department of Homeland Security (DHS). Brian specialized in securing high risk chemical facilities and Continuity of Operations (COOP) for DHS. Brian also served in the US Marine Corps as an Anti-Terrorism and Force Protection Instructor providing threat assessments for DOD military installations, small-arms expertise, and security force management.

Brian was recently awarded the 2014 GovSec “Gov30” award, recognizing 30 leaders for their contributions to the federal, state, or local government security community. Brian has an MA from Central Michigan University and Pennsylvania State University, and a BA from Hawaii Pacific University. He is also board certified in security management.

The opinions expressed in this blog are those of Brian Harrell and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

Protecting vital water infrastructure

Why the Ukraine power grid attacks should raise alarm

Why the Ukraine power grid attacks should raise alarm

The cyber-attacks in Ukraine are the first publicly acknowledged incidents to result in massive power outages. Grid defenders should develop anticipatory responses to these and other ICS attacks.

The private sector is the key to success for the Department of Homeland Security

The private sector is the key to success for the Department of Homeland Security

Infrastructure protection is a shared responsibility that cannot be met by government alone.

Grid security insights for 2017: Pressure mounts to prevent physical attacks

Grid security insights for 2017: Pressure mounts to prevent physical attacks

The new year will bring security challenges and its share of opportunities.

Above the lines: Addressing grid security in the press

Above the lines: Addressing grid security in the press

The electricity industry continues to improve its security posture, yet we are drowning in a sea of negative press.

Security convergence in a utility environment

Security convergence in a utility environment

It used to be that physical, operational and IT security were managed in isolation. However, criminals, activists and competitors don’t think that way and will use any vulnerability to gain access to your sensitive systems or...

Combating insider threats faced by utilities

Combating insider threats faced by utilities

Today, grid operators face daily external threats from cyber hackers and criminals vandalizing or destroying company assets. While protections are in place to help prevent these external threats, utilities must realize that insiders...

The modern look of a utility's chief security officer

The modern look of a utility's chief security officer

Security has received more attention in the last several years and organizations have realized that they lack a designated individual with the appropriate authority to carry out the security responsibilities of an organization. Enter...

Security from the outside looking in

Security from the outside looking in

Utilities that utilize red team exercises can benefit from the knowledge they produce, so long as you have executive buy in and are willing to take potential criticism.

Maintaining a utility's security and reputational risk is vitally important

Maintaining a utility's security and reputational risk is vitally important

Building a utility's reputation may take years, but it can be damaged or destroyed very quickly from a security event. Reputational risk is regarded as the greatest threat to a company's market value and standing in the community.

At the intersection of energy risk management and facility security

At the intersection of energy risk management and facility security

Security professionals in the utility sector must understand the distinct difference between risks, threats, and vulnerabilities and how they all provide useful data points for an effective risk management program. The outputs of this...

Protecting vital electricity infrastructure

Protecting vital electricity infrastructure

Attacks on critical infrastructure, specifically electric generation and transmission facilities, could be used to cause widespread panic and create economic distress.There is increased awareness of potential risks to the electric...

Load More