Insights from H2OSecCon 2024: Keynote by Brian Harrell

The H2OSecCon 2024 kicked off with an impactful keynote from Brian Harrell, a seasoned expert in critical infrastructure protection and cybersecurity. I was immediately struck by his impressive career, which spans roles in the US Marine Corps, private sector organizations, and a key appointment by the President as the Assistant Secretary for Infrastructure Protection at DHS. Currently, Brian serves as the Vice President and Chief Security Officer at Avangrid, where he manages physical and cybersecurity, privacy, intelligence, and business continuity for an energy company operating in 25 states. His depth of experience and insight was truly invaluable.

I was particularly moved by Brian's dedication, especially considering his recent emergency appendectomy. Despite this, he delivered a powerful keynote that highlighted the growing interest in the water sector by nation-state adversaries, domestic violent extremists, regulators, and public utility commissions. His message underscored the critical importance of robust cybersecurity measures to protect our vital infrastructure, and it resonated deeply with me and many others in attendance.

The Evolving Threat Landscape

Brian emphasized the ever-changing threat landscape, noting that adversaries are continually looking for vulnerabilities to exploit. The rise in cyberattacks by Iranian-linked groups in Pennsylvania, Russian activists targeting Texas utilities, and Chinese malware groups like Volt Typhoon underscores the persistent and pervasive nature of these threats. He stressed the importance of having comprehensive visibility and data classification to understand what devices are connected to your system.

The Importance of Board-Level Cybersecurity Discussions

Cybersecurity for critical infrastructure is now a board-level issue. Brian highlighted the need for regular and transparent communication with boards, mayors, governors, and other stakeholders about the risks being introduced into systems and the investments required to mitigate these risks. He shared his experience of briefing his company's board four times a year, which has been crucial in securing the necessary investments for cybersecurity.

Engaging with Washington, D.C.

Brian urged the water sector to stay engaged with developments in Washington, D.C., to ensure their expertise is heard and considered in policy-making processes. He warned against missing out on important regulatory changes and emphasized the need for the sector to have a prominent seat at the table.

Addressing Third-Party Risks

Third-party risk is a significant concern, as adversaries often target vendors and consultants to gain access to critical infrastructure. Brian advised conducting thorough third-party assessments early and often in the procurement process to mitigate these risks. He mentioned the NERC CIP-13 standard as a starting point for assessing third-party risks.

The Need for Convergence

Convergence of cybersecurity, physical security, business continuity, and other risk management functions is essential to address today's blended threat landscape. Brian shared his approach of hosting daily update briefings with all relevant teams to ensure transparency and coordinated risk reduction efforts.

Leveraging Sensors for Force Multiplication

Brian recommended utilizing sensors and third-party resources, such as Drago's Community Defense Program, to enhance cybersecurity efforts. These tools can provide valuable insights and help manage the increasing complexity of securing critical infrastructure.

Preparing for the Inevitable with Advanced Solutions from BlastWave

Brian emphasized that cyberattacks are not a question of if, but when. He stressed the importance of having robust response and recovery plans and regularly exercising these plans to ensure preparedness. To bolster these efforts, BlastWave's BlastShield, introduced later in the conference, offers an advanced suite of cybersecurity solutions specifically designed to protect critical infrastructure.

BlastShield provides secure remote access for operational technology (OT) networks, ensuring that only authenticated users can access critical systems. This reduces the risk of unauthorized access and potential breaches. Additionally, BlastShield employs microsegmentation to create isolated network segments, preventing lateral movement by attackers and containing any potential threats. This minimizes the impact of an attack by restricting it to a smaller portion of the network.

Furthermore, BlastShield's network cloaking technology protects unpatchable legacy systems by making them invisible to external threats. By hiding these vulnerable systems from attackers, BlastShield reduces the risk of AI-powered attacks and other sophisticated cyber threats, as highlighted in the discussions from H2OSecCon 2024. This comprehensive approach ensures that critical infrastructure remains secure, even as the threat landscape continues to evolve.

In conclusion, Brian Harrell's keynote at H2OSecCon 2024 provided valuable insights and actionable advice for protecting critical infrastructure from evolving cyber threats. His experience and dedication to the field are evident, and his message resonated with all attendees. For more details on the session and to access other insightful presentations from the conference, visit the H2OSecCon 2024 platform.