Critical Infrastructure Protection & Resilience North America

Brian Harrell

Brian Harrell, CPP

Managing Director, Enterprise Protective Services

Duke Energy Corporation


Brian Harrell is the Managing Director of Enterprise Protective Services (EPS) at the Duke Energy Corporation where he leads the enterprise-wide physical security efforts to protect Generation, Transmission, and Distribution of electric power. In addition, EPS provides pipeline, aviation, and dam security, as well as executive protection and investigations (physical and digital).

Brian is nationally recognized for his efforts on critical infrastructure protection, continuity of operations, and enterprise risk management. Prior to coming to Duke Energy, Harrell was the President and Chief Security Officer at The Cutlass Security Group, where he provided critical infrastructure companies with consultation on risk mitigation, protective measures, and compliance guidance. He has been instrumental in providing strategic counsel and thought leadership for the security and resilience of the power grid and has helped in identifying and understanding emerging threats. Advising corporations throughout North America, Harrell has worked to increase physical and cybersecurity mitigation measures designed to deter, detect, and defend critical systems. Harrell is also a Senior Fellow at The George Washington University, Center for Cyber and Homeland Security (CCHS) where he serves as an advisor on infrastructure protection and cybersecurity policy initiatives.

Prior to starting his own firm, Harrell was the Director of the North American Electric Reliability Corporation’s (NERC) Electricity Information Sharing and Analysis Center (E-ISAC) and was charged with leading NERC’s efforts to provide timely threat information to over 1900 bulk power system owners, operators, and government stakeholders. During his time at NERC, Harrell was also the Director of Critical Infrastructure Protection Programs, where he led the creation of the Grid Security Exercise, provided leadership to Critical Infrastructure Protection (CIP) staff, and initiated security training and outreach designed to help utilities “harden” their infrastructure from attack.

Presentation: Mitigating physical attacks to critical energy infrastructure

Securing the North American power grid is a top priority for both regulators and utilities. While the industry remains focused on grid resiliency, physical and cybersecurity threats remain that could affect generation, transmission, and distribution operations. We will discuss whether NERC standards are inhibiting technological innovation and the potential for additional federal legislation.

Considerations will be given to the economic impact and interdependency of a significant outage, which can lead to utility reputational risk, and we review best practices for response and recovery after a major security breach. Find out what industry is doing today to better protect the U.S. electric infrastructure. We will discuss the threats facing transmission substations, generating plants, and energy control centers, and examine effective ways that senior security professionals can manage reputational risk.