Joseph Weiss is an industry expert on control systems and electronic security of control systems, with more than 40 years of experience in the energy industry. Mr. Weiss spent more than 14 years at the Electric Power Research Institute (EPRI) where he led a variety of programs including the Nuclear Plant Instrumentation and Diagnostics Program, the Fossil Plant Instrumentation & Controls Program, the Y2K Embedded Systems Program and, the cyber security for digital control systems. As Technical Manager, Enterprise Infrastructure Security (EIS) Program, he provided technical and outreach leadership for the energy industry’s critical infrastructure protection (CIP) program. He was responsible for developing many utility industry security primers and implementation guidelines. He was also the EPRI Exploratory Research lead on instrumentation, controls, and communications. Mr. Weiss serves as a member of numerous organizations related to control system security. These include the North American Electric Reliability Corporation (NERC) Control Systems Security Working Group (CSSWG), the International Electrotechnical Commission (IEC) Technical Committee (TC) 57 Working Group 15 - Data and Communication Security, the Process Controls Security Requirements Forum, CIGRÉ WG D2.22 - Treatment of Information Security for Electric Power Utilities (EPUs), and other industry working groups.
He served as the Task Force Lead for review of information security impacts on IEEE standards. He is also a Director on ISA’s Standards and Practices Board. He has provided oral and written testimony to three House subcommittees, one Senate Committee, and a formal statement for the record to another House Committee. He has also responded to numerous Government Accountability Office (GAO) information requests on cyber security and Smart Grid issues. He is an invited speaker at many industry and vendor user group security conferences, has chaired numerous panel sessions on control system security, and is often quoted throughout the industry.
Weiss published over 80 papers on instrumentation, controls, and diagnostics including a chapter on cyber security for Electric Power Substations Engineering, the book, Protecting Industrial Control Systems from Electronic Threats, Cyber Security Policy Guidebook, and a chapter in Securing Water and Wastewater Systems. He supported MITRE and NIST in extending NIST SP800-53 to include control systems and the development of NIST SP800-82. He was tasked to write the White Paper on Industrial Control Systems Security for the Center for Strategic and International Studies Blue Ribbon Panel preparing cyber security recommendations for the Obama administration. Mr. Weiss has conducted SCADA, substation, plant control system, and water systems vulnerability and risk assessments and conducted short courses on control system security. He has amassed a database of almost 400 actual control system cyber incidents.
He is a member of Transportation Safety Board Committee on Cyber Security for Mass Transit. He also established and chairs the annual Industrial Control System (ICS) Cyber Security Conference. Mr. Weiss has received numerous industry awards, including EPRI Presidents Award (2002) and is an ISA Fellow, Managing Director of ISA Fossil Plant Standards, ISA Nuclear Plant Standards, ISA Industrial Automation and Control System Security (ISA99), a Ponemon Institute Fellow, and an IEEE Senior Member. He is a Voting Member of the TC65 TAG and a US Expert to TC65 WG10, Security for industrial process measurement and control – network and system security and IEC TC45A Nuclear Plant Cyber Security. He has two patents on instrumentation and control systems, is a registered professional engineer in the State of California, a Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC).