About UtiliSec

UtiliSec was established in 2009 by Darren Highfill as a consultancy focused on the cybersecurity and resiliency requirements of electric power delivery systems - and specifically, field deployed utility systems. Justin Searle joined as a Managing Partner in 2011, bringing a highly complimentary focus of penetration testing for smart grid systems and components. UtiliSec frequently partners with other leaders in electric power cybersecurity, and has a substantial pool of highly specialized, experienced, and proven resources available for project deployment.

Darren Highfill

As Founder and Managing Partner of UtiliSec, Darren Highfill brings over 20 years of practice in building robust and resilient software and engineering systems and solutions to the control systems security domain, with nearly a decade of focus on field-deployed electric utility systems. In addition to assisting pioneer utilities such as Southern California Edison and the Tennessee Valley Authority develop ground-breaking system security architectures that are now benchmarks for the electric power industry, Mr. Highfill has a long history of establishing, building, leading, and facilitating industry collaborative cybersecurity efforts such as ASAP-SG and the Smart Grid Security Working Group within the UCA International Users Group. Mr. Highfill is also an active member of the International Electrotechnical Commission (IEC) Technical Committee 57 Working Group 15 responsible for the IEC 62351 standard – the foremost international standard for communications security of power delivery systems, and was actively involved in the development of NIST Interagency Report 7628 "Guidelines for Smart Grid Cyber Security."

Mr. Highfill has strong relationships with federal and state regulators in the U.S. focused on cybersecurity, including the Federal Energy Regulatory Commission and the Critical Infrastructure Committee within the National Association of Regulatory Utility Commissioners (NARUC). He has a comprehensive understanding of the regulatory landscape with close contacts in relevant government and industry bodies, and has tracked the development of the NERC Critical Infrastructure Protection (CIP) Standards since the emergence of UA-1300, including participating in numerous Standards Drafting Team meetings for CIP versions 1 through 5. Mr. Highfill has also supported the U.S. Department of Energy’s Office of Electricity Delivery and Energy Reliability (OE) directly on various cybersecurity projects for industry, and supported the American Reinvestment and Recovery Act through the Pacific Northwest National Laboratory.

Mr. Highfill organized and created the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG) – a public-private partnership between the U.S. Department of Energy and a group of North American investor-owned utilities that ran for over four years starting in 2008. Throughout the project Mr. Highfill orchestrated the efforts of a multi-disciplinary and cross-organizational team of recognized domain experts, serving as Technical Lead and Editor for all five ASAP-SG Security Profiles covering advanced metering infrastructure, third-party data access, distribution management, synchrophasors, and substation automation. He presents frequently on electric utility field device security, and has authored numerous design documents and policies for domestic and international electric utility clients.

 

 

Justin Searle

Justin Searle is a Managing Partner of UtiliSec, where he helps utilities, vendors, and government understand the impact of technical, architectural, and procedural decisions on the security and resiliency of the electric grid. He is widely recognized in the industry as having a rare combination of deep technical talent and outstanding people skills, with a strong grasp of how all the pieces fit in the bigger picture of policy, architecture, and organizational structure.

Mr. Searle specializes in the penetration testing of web applications, networks, and control systems, especially those pertaining to the Energy Sector and the Smart Grid. He led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and currently plays key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). Mr. Searle has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences, and is currently an instructor for the SANS Institute. In addition to electric power industry conferences, he frequently presents at top security conferences such as Black Hat, DEFCON, OWASP, and AusCERT. Mr. Searle co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudanum.