Joseph Weiss is an industry expert on control systems and electronic security of control systems, with more than 40 years of experience in the energy industry. Mr. Weiss spent more than 14 years at the Electric Power Research Institute (EPRI) where he led a variety of programs including the Nuclear Plant Instrumentation and Diagnostics Program, the Fossil Plant Instrumentation & Controls Program, the Y2K Embedded Systems Program and, the cyber security for digital control systems.
As Technical Manager of the Enterprise Infrastructure Security (EIS) Program, he provided technical and outreach leadership for the energy industry’s critical infrastructure protection (CIP) program. He was responsible for developing many utility industry security primers and implementation guidelines. He was also the EPRI Exploratory Research lead on instrumentation, controls, and communications.
Mr. Weiss serves as a member of numerous organizations related to control system security. These include the North American Electric Reliability Corporation (NERC) Control Systems Security Working Group (CSSWG), the International Electrotechnical Commission (IEC) Technical Committee (TC) 57 Working Group 15 – Data and Communication Security, the Process Controls Security Requirements Forum, CIGRÉ WG D2.22 – Treatment of Information Security for Electric Power Utilities (EPUs), and other industry working groups.
He served as the Task Force Lead for review of information security impacts on IEEE standards. He is also a Director on ISA’s Standards and Practices Board. He has provided oral and written testimony to three House subcommittees, one Senate Committee, and a formal statement for the record to another House Committee. He has also responded to numerous Government Accountability Office (GAO) information requests on cyber security and Smart Grid issues.
He is also an invited speaker at many industry and vendor user group security conferences, has chaired numerous panel sessions on control system security, and is often quoted throughout the industry.
He has published over 80 papers on instrumentation, controls, and diagnostics including chapters on cyber security for Electric Power Substations Engineering and Securing Water and Wastewater Systems. He coauthored Cyber Security Policy Guidebook and authored Protecting Industrial Control Systems from Electronic Threats. He supported MITRE and NIST in extending NIST SP800-53 to include control systems and the development of NIST SP800-82.
He was tasked to write the White Paper on Industrial Control Systems Security for the Center for Strategic and International Studies Blue Ribbon Panel preparing cyber security recommendations for the Obama administration.
In February 2016, Mr. Weiss gave the keynote to the National Academy of Science, Engineering, and Medicine on control system cyber security. Mr. Weiss has conducted SCADA, substation, plant control system, and water systems vulnerability and risk assessments and conducted short courses on control system security. He has amassed a database of more than 950 actual control system cyber incidents.
He is a member of Transportation Safety Board Committee on Cyber Security for Mass Transit. He was a subject matter expert to the International Atomic Energy Agency on nuclear plant control system cyber security. He also established the annual Industrial Control System (ICS) Cyber Security Conference. Mr. Weiss has received numerous industry awards, including the EPRI Presidents Award (2002) and is an ISA Fellow, Managing Director of ISA Fossil Plant Standards, ISA Nuclear Plant Standards, ISA Industrial Automation and Control System Security (ISA99), a Ponemon Institute Fellow, and an IEEE Senior Member. He has been identified as a Smart Grid Pioneer by Smart Grid Today.
He is a Voting Member of the TC65 TAG and a US Expert to TC65 WG10, Security for industrial process measurement and control – network and system security and IEC TC45A Nuclear Plant Cyber Security. Mr. Weiss was featured in Richard Clarke and RP Eddy’s book- Warning – Finding Cassandras to Stop Catastrophes. He has two patents on instrumentation and control systems, is a registered professional engineer in the State of California, a Certified Information Security Manager (CISM) and is certified in Risk and Information Systems Control (CRISC).
As they have taken on more capabilities over the years—both as a product of an increasingly connected world and to meet new demands—it is important to revisit what kind of vulnerabilities have been discovered in SCADA systems and learn how to secure them.