"If one industry is vulnerable, they all could be,"Weiss says.In direct, honest and riveting testimony before the House Committee on Homeland Security, Control's "other blogger" Joe Weiss yesterday hammered NERC, FERC and called NERC's attitude toward cybersecurity "alarming at best and negligent at worst," while he recommended that ISA be given responsibility for developing cybersecurity standards by the Federal Government.
"I am a nuclear engineer," Weiss said, "who has been involved in control systems for over 35 years and control system cyber security for over 7 years. I have been a part of the NERC cyber security standards process since its inception. I have been working with government organizations, end-users, equipment suppliers, domestic and international standards organizations, and others to develop standards and solutions."
He went on to personalize his testimony, saying, "I am also a utility shareholder and ratepayer, both of which can be affected by this subject."
"The issue at hand, Weiss went on, "is the protection of the interdependent critical infrastructures of electric power, water, oil/gas, etc. Control systems form the backbone of these infrastructures and the threat of a cyber attack is the central issue."
He put the matter bluntly. "There are only a handful of control system suppliers and they supply industrial applications worldwide," said Weiss. "The control systems, architectures and default passwords are common to each vendor. Consequently, if one industry is vulnerable, they all could be."
Weiss went on, "I am aware of more than 90 cases where control systems have been impacted by intentional and unintentional cyber incidents. These incidents have occurred in electric power transmission and distribution systems, power generation including fossil, hydro, gas turbine, and nuclear, water, oil/gas, chemicals, paper, and agri-business. Damage from cyber incidents have ranged from trivial to significant environmental releases, to significant equipment damage to even deaths."
Weiss' official testimony is posted on ControlGlobal.com.
Leaders relevant to this article: