Control's Joe Weiss testifies before Congress

Oct. 18, 2007
"If one industry is vulnerable, they all could be," Weiss says. In direct, honest and riveting testimony before the House Committee on Homeland Security, Control's "other blogger" Joe Weiss yesterday hammered NERC, FERC and called NERC's attitude toward cybersecurity "alarming at best and negligent at worst," while he recommended that ISA be given responsi...
"If one industry is vulnerable, they all could be,"Weiss says.In direct, honest and riveting testimony before the House Committee on Homeland Security, Control's "other blogger" Joe Weiss yesterday hammered NERC, FERC and called NERC's attitude toward cybersecurity "alarming at best and negligent at worst," while he recommended that ISA be given responsibility for developing cybersecurity standards by the Federal Government. "I am a nuclear engineer," Weiss said, "who has been involved in control systems for over 35 years and control system cyber security for over 7 years. I have been a part of the NERC cyber security standards process since its inception. I have been working with government organizations, end-users, equipment suppliers, domestic and international standards organizations, and others to develop standards and solutions." He went on to personalize his testimony, saying,  "I am also a utility shareholder and ratepayer, both of which can be affected by this subject." "The issue at hand, Weiss went on, "is the protection of the interdependent critical infrastructures of electric power, water, oil/gas, etc. Control systems form the backbone of these infrastructures and the threat of a cyber attack is the central issue." He put the matter bluntly.  "There are only a handful of control system suppliers and they supply industrial applications worldwide," said Weiss. "The control systems, architectures and default passwords are common to each vendor. Consequently, if one industry is vulnerable, they all could be." Weiss went on, "I am aware of more than 90 cases where control systems have been impacted by intentional and unintentional cyber incidents. These incidents have occurred in electric power transmission and distribution systems, power generation including fossil, hydro, gas turbine, and nuclear, water, oil/gas, chemicals, paper, and agri-business. Damage from cyber incidents have ranged from trivial to significant environmental releases, to significant equipment damage to even deaths." Weiss' official testimony is posted on ControlGlobal.com.

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.