This episode highlights cybersecurity and supply chain risk management. Currently, supply chain is being driven by the regulatory standard NERC CIP-013 and the new executive order. This episode provides guidance and considerations when developing a program to address supply chain security.
Dr. Nathan Wallace, Director & Co-Founder of GridIntel and Cybirical, has BS degrees in Electrical Engineering, and Physics, a MS in Engineering, and a Ph.D. in Engineering from Louisiana Tech University with a focus in Cyberspace Engineering. Dr. Wallace has worked for multiple utilities and joined Ampirical as a Staff Engineer and Director of Cyber Operations for its sister companies GridIntel and Cybirical. He is responsible for assessing various power system cybersecurity risks. He is a member of a cybersecurity industry advisory group to FERC and is the working group chair of two new IEEE Power system cybersecurity standards.
Chris Humphreys is an internationally recognized thought leader and evangelist in the industry verticals of Cybersecurity, Critical Infrastructure Protection (CIP), Intelligence Operations, and Regulatory Compliance. With over 18 years of experience, Chris has written National-Level policy on cybersecurity and Critical Infrastructure Protection as well as been solely responsible for the enforcement and implementation of cybersecurity regulation for Electric Utilities within the Texas Region and across North America.
Chris currently serves as the CEO and founder of The Anfield Group, which is an Austin TX-based Cybersecurity and Regulatory Compliance Consulting firm. Under Chris’ guidance, The Anfield Group has built a solid reputation since 2009 of designing and delivering cybersecurity programs that are both secure and sustainable. The Anfield Group’s message continues to be focused on a holistic approach to security across multiple regulatory frameworks (NERC, NIST, Sox, HIPPA, PCI, FISMA) that produce compliance outputs as natural byproducts through sound policy and controls design, governance, and integrating the appropriate automation technologies to influence a more proactive approach to risk mitigation and compliance versus a reactive posture to the ever-changing regulatory climate.
Prior to founding The Anfield Group, Chris served as the Director of Audits and Investigations at the Electric Reliability Council of Texas (ERCOT) for the NERC Cybersecurity Framework for the entire state of Texas. He also was the founding chair of the NERC Critical Infrastructure Protection Compliance Working Group (CCWG) who was tasked with authoring the Audit process in place today for all of North America. Chris is also a fellow with the SANS Institute (www.sans.org) where he authored their “Securing the Utility” curriculum and serves on the SANS Industrial Control System Working Group. Before going into the Private Sector, Chris was able to foray his time as a Signals Intelligence Officer in the US Army into a stellar career inside the beltway in Washington DC. He served as one of the founding managers for the Department of Homeland Security’s National Infrastructure Coordinating Center (NICC) and the United States Computer Emergency Response Team (US CERT).
Before leaving DC to return to Texas, Chris was the Senior Program Manager and Director of Counterintelligence Operations for the Department of Defense’s Counterintelligence Field Activity (CIFA) in the areas of Cyber, Critical Infrastructure Protection, and Research and Technology Protection. It was during his time at CIFA that Chris authored Dept. of Defense Instruction (DODI) 5240.10 “Counterintelligence Support to Critical Infrastructure Protection” which is a National Level policy document still in place today.
In 2017, Humphreys was appointed by the Texas Dept of Information Resources (DIR) through Texas Governor Greg Abbott as one of three voting members to the State’s Cybersecurity Council. This council will be tasked with leading a bipartisan effort to implement House Bill 8 “The Texas Cybersecurity Act” which will establish the cybersecurity framework and tools to protect all Texas Critical Infrastructure and Industrial Control Systems.