1661894466793 071018 Weiss Button

Control’s Joe Weiss Testifies before Congress

Nov. 6, 2007
Calls NERC’s attitude “alarming at best, negligent at worst.”

“If one industry is vulnerable, they all could be,”  said Joseph, M. Weiss, PE, CISM, managing partner at Applied Control Solutions and a Controlglobal.com blogger, in his testimoney before the House Committee on Homeland Security, October 17th. 

Weiss, author of the “Unfettered” blog on ControlGlobal.com, hammered the North American Electric Reliability Corporation (NERC) and the Federal Energy Regulatory Commission (FERC), calling NERC’s attitude toward cybersecurity “alarming at best and negligent at worst.” He also recommended that ISA be given responsibility for developing cybersecurity standards by the Federal Government.

“The issue at hand,” Weiss went on, “is the protection of the interdependent critical infrastructures of electric power, water, oil/gas, etc. Control systems form the backbone of these infrastructures and the threat of a cyber attack is the central issue.”

Cyber security expert Joe Weiss of Applied Control Solutions.
Weiss put the matter bluntly. “There are only a handful of control system suppliers and they supply industrial applications worldwide. The control systems, architectures and default passwords are common to each vendor. Consequently, if one industry is vulnerable, they all could be.”

He continued, “I am a nuclear engineer who has been involved in control systems for over 35 years and control system cyber security for over seven years. I have been a part of the NERC cyber security standards process since its inception. I have been working with government organizations, end users, equipment suppliers, domestic and international standards organizations, and others to develop standards and solutions. I am also a utility shareholder and ratepayer, both of which can be affected by this subject.”

Weiss pointed to the basic difficulty of cyber security related to control systems: “Most people now becoming involved with control system cyber security typically come from a mainstream IT background and not that of control systems. This has, in some cases, inadvertently resulted in making control systems less reliable without providing increased security.”

Control systems vulnerability is clear, he said. “I am aware of more than 90 cases where control systems have been impacted by intentional and unintentional cyber incidents. These incidents have occurred in electric power transmission and distribution systems, power generation including fossil, hydro, gas turbine, and nuclear, water, oil/gas, chemicals, paper and agri-business. Damage from cyber incidents has ranged from trivial to significant environmental releases, to significant equipment damage to even deaths.”

At least some members of the committee appear to be listening to Weiss and others.

“I’ll be blunt—if this administration doesn’t recognize and prioritize these problems soon, the future isn’t going to be pretty,” said Rep. Jim Langevin (D-R.I.), chairman of the House of Representatives cybersecurity panel.
For the complete text of Weiss’ testimony, go to  www.controlglobal.com/industrynews/2007/168.html.

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.