Darren Highfill, PwC Director, PwC USA

For over twelve years, Darren has provided cybersecurity and resiliency consulting services to electric utilities and other critical infrastructures.

Darren is the lead Director for PwC’s Operations Technology Security Consulting practice, and is an established industry leader with broad name recognition in connection with electric power industry cybersecurity standards and a deep understanding of operations and communications technology, applications, and business cases. He developed PwC’s risk analysis-driven approach to aligning Target States with business drivers for the National Institute of Standards and Technology (NIST) Cybersecurity Framework assessments, led a cross-organizational team of subject matter specialists in defining an industry-adopted library of cybersecurity requirements for the smart grid (ASAP-SG), is intimately familiar with the NIST Risk Management Framework (SP 800-39, 800-30, and 800-37), and has strong relationships with several core members of the NERC CIP Standards Drafting Team dating back to when they were designated as UA-1200 / Standard 1300.

Darren has a long history of working closely with NIST, the U.S. Department of Energy (DOE), the U.S. Department of Homeland Security (DHS), and several national laboratories and research centers on industry standards and cross-organizational collaborative efforts. He has a wealth of experience mapping industry standards to business needs to drive project implementation, and a proven track record of successfully organizing and orchestrating large, high-profile industry cybersecurity standards projects across multiple organizations.

Darren was the founder and managing partner of UtiliSec LLC, which provides cybersecurity consulting for utilities and specifically focuses on field-deployed electric power systems. Darren has a Bachelor of Science in Engineering Technology and a Master of Science in Engineering Technology from East Tennessee State University.  He is also a Certified Information Systems Security Professional (CISSP).

Representative projects:

  • Organized and created the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), a public-private partnership between the US Department of Energy and a group of North American investor-owned utilities that ran for more than four years starting in 2008. Throughout the project, Darren orchestrated the efforts of a multidisciplinary and cross-organizational team of recognized domain specialists; he served as technical lead and editor for all five ASAP-SG Security Profiles covering advanced metering infrastructure, third-party data access, distribution management, synchrophasors, and substation automation.
  • Served as Security Architect for two of the largest utilities in the United States on ground-breaking field communications architecture implementations. Both projects pioneered fundamentally new applications of technology for the electric power industry, and they continue to serve as models for other utilities.
  • Developed the foundational framework for cybersecurity of advanced metering infrastructure over the course of two large, investor-owned utility implementations. This framework, the AMI Security Profile, underpins all current reference material on the technology and is still directly referenced today.
  • Provided trainings and workshops at conferences and to investor-owned utilities on "Cybersecurity Requirements Derivation & Architecture" and “Implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)” – targeting the alignment of cybersecurity resources and efforts with business requirements and prioritie