Joe Weiss - Applied Control Systems, LLC
"Cyber Security of Control Systems: The Second Coming of the Maginot Line"
Jul 15, 2020PDF
Download: MP4 Video Size: 238.4MB
Watch on YouTube
Q & A: https://www.cerias.purdue.edu/site/blog/post/summary_of_july_15th_2020_purdue_seminar_on_control_system_cyber_security/
Critical infrastructures such as electric power, oil/gas, water/wastewater,pipelines, transportation, and manufacturing utilize process control and safetysystems to monitor, control, and assure safe operating conditions. Controlsystems consist of Internet protocol (IP) networks and HMIs to provide operatorinput and big data analytics. These systems have been designed with cybersecurity and authentication. However, what makes control systems unique are thecontrol system devices such process sensors, actuators, drives, power supplies,etc. that have no cyber security or authentication and are a direct threat topersonnel and equipment safety. Control system cyber security impacts are real.There have been more than 1,250 actual control system cyber incidents with morethan 1,500 deaths and more than $70Billion in direct damage. There is a need toget the computer scientists/network engineers that understand networks and thedomain engineers that understand the physical processes to work together orthere is no hope in securing the critical infrastructures.
About the Speaker
Joseph Weiss is an industry expert on controlsystems and electronic security of control systems, with more than 40 years ofexperience in the energy industry. Mr. Weiss spent more than 14 years at theElectric Power Research Institute (EPRI), the first 5 years managing theNuclear Instrumentation and Diagnostics Program. He was responsible fordeveloping many utility industry security primers and implementationguidelines. He was also the EPRI Exploratory Research lead on instrumentation,controls, and communications. Mr. Weiss serves as a member of numerousorganizations related to control system security. He served as the Task ForceLead for review of information security impacts on IEEE standards. He is also aDirector on ISA’s Standards and Practices Board. He has provided oral andwritten testimony to three House subcommittees, one Senate Committee, and aformal statement for the record to another House Committee. He has alsoresponded to numerous Government Accountability Office (GAO) information requestson cyber security and Smart Grid issues. He is also an invited speaker at manyindustry and vendor user group security conferences, has chaired numerous panelsessions on control system security, and is often quoted throughout theindustry. He has published over 80 papers on instrumentation, controls, anddiagnostics including chapters on cyber security for Electric PowerSubstations Engineering and Securing Water and Wastewater Systems.He coauthored Cyber Security Policy Guidebook and authored ProtectingIndustrial Control Systems from Electronic Threats. In February 2016, Mr.Weiss gave the keynote to the National Academy of Science, Engineering, andMedicine on control system cyber security. Mr. Weiss has conducted SCADA,substation, nuclear and fossil plant control system, and water systemsvulnerability and risk assessments and conducted short courses on controlsystem security. He has amassed a database of more than 1,100 actual controlsystem cyber incidents. He was a member of Transportation Safety Board Committeeon Cyber Security for Mass Transit. He was a subject matter expert to theInternational Atomic Energy Agency on nuclear plant control system cybersecurity. He started the annual Industrial Control System (ICS) Cyber Security Conferencein 2002. Mr. Weiss has received numerous industry awards, including the EPRIPresidents Award (2002) and is an ISA Fellow, Managing Director of ISA FossilPlant Standards, ISA Nuclear Plant Standards, ISA Industrial Automation andControl System Security (ISA99), a Ponemon Institute Fellow, and an IEEE SeniorMember. He has been identified as a Smart Grid Pioneer by Smart Grid Today. Heis a Voting Member of the TC65 TAG and a US Expert to TC65 WG10,Security for industrial process measurement and control – network and systemsecurity and IEC TC45A Nuclear Plant Cyber Security. Mr. Weiss was featured inRichard Clarke and RP Eddy’s book- Warning – Finding Cassandras to StopCatastrophes. He has patents on instrumentation, control systems,and OT networks. He is a registered professional engineer in the State ofCalifornia, a Certified Information Security Manager (CISM) and Certified inRisk and Information Systems Control (CRISC).
Book: Protecting Industrial Control Systemsfrom Electronic Threats