Episode Transcript
[00:00:00] Speaker A: Cyberattacks aren't just stealing data anymore. They're shutting down pipelines, factories and critical infrastructure. Which means the stakes have never been higher.
In this episode of Control Alt Manufacturing, we're joined by Ian Bramson, Vice president of Global Industrial Cybersecurity at Black and Veatch, to break down why manufacturing's attack surface is growing, how supply chains are becoming cyber battlegrounds, and what leaders can do now to, to stay resilient in an AI and cloud driven world.
Hello, hello, hello everybody. Welcome back to the Control Alt Manufacturing podcast, Resetting and Rethinking Manufacturing. The podcast where we're going to be talking to the people technology strategies that are driving the digital transformation of manufacturing.
I am one of your. But, but one of your humble hosts, Gary Cohen. The better half of this duo is Stephanie Neal. Hi Stephanie, how are you?
[00:01:02] Speaker B: Hey Gary, how are you?
[00:01:04] Speaker A: I am good. We haven't recorded one of these in a little while, so we gotta.
[00:01:08] Speaker B: I feel rusty. I feel very.
[00:01:09] Speaker A: I know we gotta work on our chemistry here up at the beginning.
This should be a fun one. Today we got a great speaker with us, Ian Bramson, Vice president of Global Industrial Cybersecurity at Black and Veatch. So we'll be talking all sorts of cybersecurity stuff, which is, you know, Stephanie, you and I travel to a lot of different shows. I was at one just a few weeks ago where they were unveiling a new software.
Of course they were talking all about the software, but one of the things that they were talking about is the need to really build cybersecurity into it. And they were really touting that because I think, I mean, for a billion reasons, but I think manufacturers are starting to learn. And honestly, if you've been paying attention to the news over the last few years, you know that cyber attacks aren't just about stolen emails or credit cards anymore. You know, they've, they've, they've moved into the physical world which is, I think makes them much scarier and really, really impacts the manufacturing sector.
[00:02:04] Speaker B: Well, yeah, definitely the manufacturing sector. But even just like the critical infrastructure or I mean, if we think, if you're just going to rip from the headlines the airports in Europe where they're attacking the check in systems and then it just creates all this chaos. But it just makes you wonder what else is happening behind the scenes.
And honestly, Gary, you know, I just saw a, a research report recently that talks about the industrial control systems and exposure to the public Internet is on the rise. So that means that the attack Surface is growing. Right, because there's more things, there's more gadgets, there's more components, there's more things connected to the Internet, whether it's for somebody trying to remotely manage or control something in an industrial setting or whatever it might be. But it's definitely scary times. So we need some experts to help us navigate this.
[00:02:59] Speaker A: Yeah, I mean, you were talking about critical infrastructure. I mean it's, it's been a few years now, but it kind of was the big wake up call for a lot of people not in cybersecurity, which was a colonial pipeline attack, which was, you know, a ransomware attack on one of the bigger oil pipelines that delivers oil along the East Coast.
And you know, it created gas shortages. There was panic buying runs on gas station, you know, billions in economic losses.
And we've seen since then attacks on food and beverage companies, hospitals, as you said, airports, municipal water systems, electrical grids. So that critical infrastructure aspect is really a big deal because obviously if those systems are vulnerable, then so is our economy and our security and our safety, human safety, which obviously makes it fairly important for the world to be paying attention to.
[00:03:54] Speaker B: A little scary.
[00:03:55] Speaker A: A little scary. And as you said, there's, there's really kind. I think I'm going to go with two points. I'll say two points. I may add a third.
As you said, the attack surface is so much bigger. So every supplier, every vendor, every piece of software that is connected to your system is a potential gateway or doorway for attackers. And those attacks, you know, one weak link, it can ripple through a supply chain and compromise a lot of things downstream.
And then the other part, which we're going to talk about a little bit today, is technology is just evolving faster and faster and maybe faster than a lot of organizations can keep up with. Whether that's cloud adoption or obviously AI is impacting almost everything anybody does these days.
And many industrial systems were not designed with cybersecurity in mind. And now they are, as you said before, connected to global networks.
[00:04:48] Speaker B: Yep. Yeah, and that's kind of, that came up in that report too. Like the weakest links are maybe these like old protocols, you know, communication protocols or things that were just not designed with security in mind.
[00:05:00] Speaker A: Ah, legacy systems.
So we're gonna talk about all this stuff today. The good news is it's not all bad news. There's some good news. There's people who are thinking about this stuff, like our guest. And so we're gonna talk about clean build, supply chain resilience, AI driven defense and how to adapt to some of these new realities of AI and cloud security.
Said. Our guest today is Ian Bramson. He's a global leader in industrial cybersecurity and someone who's been at the forefront of helping critical industries rethink how they defend themselves.
So, as I said, in this episode, we'll talk about four different cybersecurity issues. Clean build, supply chain, how AI is reshaping things, and then cybersecurity in the cloud.
Ian, this seems like as good a time as any. We're really happy to have you on. Welcome to the podcast.
[00:05:47] Speaker C: Well, thank you very much for having me.
[00:05:49] Speaker A: Absolutely. We like to start by getting to know our guests a little bit. So before we really dive in, can you just tell us a little bit about your background and how you got into cybersecurity and industrial cybersecurity?
[00:06:02] Speaker C: Sure. Actually, my story is a bit of a strange one. It took a very circuitous, different route to get in here. I actually started my career with Coca Cola in Santiago, Chile, just on a. On a whole different path at that point. But as I was going along, I started doing a lot more with digital over the horizon looking. I worked with Toffler Associates. So there's a gentleman by name of Alvin Toffler who wrote a book called Future Shock that talked about the advent of the information age. And then he had a company that did that. I went in there and started getting on the more digital side and. And then I was doing a lot of that strategy and over the horizon looking and on digital set, looking at, you know, how. How organizations and economies adapt to that.
And I was asked, I was at Booz Allen Hamilton. They asked me, hey, can you come over and help us with our cyber? And I was like, I don't know if I can spell cyber.
I'm not deep technical. And I said, no, we've got lots and lots of super technical people. What we need is someone who can put this in a context that our management assisto or CEO or chief operating officer can understand so they can take action. I was like, I can do that. And that opened the sort of the floodgates of just learning. That was about probably about 15 years ago. And so I just went in there and started learning as much as I can on it. And then I went from there and helped with other, much more specifically into the OT environment, which is the operation technology. So went from protecting our networks, you know, our business networks and all the stuff that we know about cyber to much more on that factory floor. Right. The cyber, physical that you mentioned before, before, where you can really have an impact on a site, the environment, the economy, because you're opening a valve that shouldn't, you know, you're protecting all that equipment and devices that make operations go. And that's what I've been doing for about the last eight or 10 years, is focus on that OT side, on that cyber.
For me, it's been hugely rewarding because I find that as that is the pointing of the spear, right. If somebody really wants to have an impact and where that risk and consequence really play in, that's the spot when you can open a valve at the wrong time and instantly have. I said site security, public safety, you have, you know, economies and supply chains, all on that, as you mentioned, on the colonial pipeline, what you can do.
And it's all new, it's all changing. It's been an exciting environment. And we, we appreciate. I always appreciate when I can come onto podcasts and other venues like this that are actually spreading the word on this, and so we can get this into the normal conversation. So thank you for having me on.
[00:08:56] Speaker A: Absolutely. You also gave me a wonderful segue there.
Before I jump in, I do want to say I think that idea of having a translator for the C suite or even for the shop floor is really important because cybersecurity can seem overly complicated or unnecessary. And so someone who can actually say here is the business impact of what we're doing is super, super valuable.
Obviously, cybersecurity has been evolving rapidly over the last decade. From your perspective, what is the biggest change that's been shaping the field in recent years?
[00:09:30] Speaker C: Well, cybersecurity, as I said, it's constantly evolving, but it's going at the speed of business. And what I mean by that is business itself is getting way more digital, way more dependent on connectivity. So there's.
[00:09:44] Speaker D: Whether you're trying to operate, do remote operations, right. Whether you're trying to consolidate talent that's limited out there. So you're getting much more dispersed workforce. You're trying to automate everything. You're trying to get a lot more information in there. You're trying to stay ahead of all the competitors that are also getting very, very digital. Well, when you do that, particularly in the operating environment and all those, all those pieces of equipment, all. Everything in there that makes operations go, gets more connected. You had mentioned before, the attack surface growing. That's it. That's where it happens. And the rush to go do that is just pushing that risk much higher. Right. As things get more connected and people rush to keep up with their competitors and get that market advantage, they're leaving that, that very real cyber, physical risk open.
[00:10:41] Speaker B: You know, I wanted to ask because. Because we just keep talking about cybersecurity. It's constantly evolving, the technology changing so fast. How do you keep up with it, Ian? How does, how do you and your team keep up with everything that's going on? Because there's just so much.
[00:10:55] Speaker C: And yeah, there's a couple of really good points in that. How do you keep up? Well, one of the things we always want to make sure that we talk to our clients about is don't just look at the last thing.
[00:11:08] Speaker A: Right.
[00:11:08] Speaker C: Ransomware, for example, is very important right now. It's going from the IT side to the operational side. Much more. It's on everyone's mind. You can roll into any board of directors and you say the word ransomware, they're going to probably give you some.
[00:11:22] Speaker D: Sort of reaction to that.
[00:11:24] Speaker C: But I'm saying, yep, super important. You got to pay attention to that. But don't forget about the next thing. If you only look at that last thing that happened, that thing that hit the, hit the headlines, you're going to get hit by that next. That could be something to do with your sustainability program or something with your overall digitalization or your move to the cloud or.
And so you have to build a program that is resilient enough to adapt to that. And so as things get more complex, I often say, let's just get simpler, let's simplify what we're talking about. You have to have that foundation, that very strong foundation in, because that's what's going to make you resilient. So be being able to answer some of the basic questions like do you know what you need to protect? And in the operational technology environment, often they do not. We call it asset management and cybersecurity. But it's basically saying, do you know what bad guys can affect? If you don't better know. Do you know what holes you have? That's vulnerability management, vulnerability assessment. And if you don't have. You can't answer the first question, which most people cannot.
Operations cannot. You can't answer the second one. Then it goes into the do you know? If someone's in there, can you get them out? How prepared are your people? Meatware is what I call us people.
We're often the weakest link. So how do you manage it? So breaking it down to those basics is going to help you adapt for what's not, because you're never going to know where it's all going to go, you just can't. So what you have to do is go back to that core and that foundation and make sure that you're building that and constantly reinforcing that foundation.
[00:13:06] Speaker A: Kudos on the word meatware, by the way.
[00:13:08] Speaker B: Yeah, that is good.
All I could think about was Lady Gaga with her meat soup.
Well, when you were just talking about all that, does that have anything to do with this concept of a clean build that I think I've heard? I know Gary mentioned it.
[00:13:30] Speaker C: Yeah, it absolutely does. Because what's happening now is when cybersecurity, particularly in the OT environment, first came out, understandably, most companies said, I have all these existing operations or brownfield existing operations that I have to protect. I have all this stuff already in operations.
And like. Yep, you sure do. But you also have all these new builds that you're doing or greenfield or major modifications. It doesn't have to be a completely new build. It could be, hey, we are just doing a major upgrade, same thing. And what we're saying is you gotta, in order to build that foundation, you gotta move the starting point not just off the stuff that's already going, but to help build it in from the beginning with these new construction, with these areas where you're doing the major upgrades. And if you get it in there, you're able to do build it in not only much less expensively, but much more securely by designing it in, like building in better than bolting it on kind of theory.
As part of that, you have this concept called clean build.
So when you're doing the construction, there's two aspects. One is what cyber capability am I putting into that manufacturing plant or whatever? I happen to be building the site, I'm building what I'm doing. And that means, you know, do basically, do I have the visibility and control? Am I segmenting my network? Am I putting vulnerability management in? Am I putting security monitoring so I can see what's happening in my network? All that stuff to make it cyber ready, the actual thing that you're building. But there's this other part that most people skip, which is called clean build. And clean build means that you're not actually introducing exploits while you're building it. So things like supply chain risk management or cyber acceptance testing are in there. So for example, with acceptance testing, companies do that all the time when they're building stuff, they'll have a piece of equipment and they turn it on, they make sure it does what it's supposed to do and they're like, okay, awesome. They've rarely check for the cyber aspect. So what's happening is they're accepting the, the cyber risk of the entire supply chain, not really checking for anything, accepting it and then putting it into their build and going on. That's not a great idea. So the idea is to have that as part of the clean build. And then also when you're about to deploy it, you can monitor it right during its deployment phase, make sure it's acting the way it's supposed to, not calling out to nefarious places, that kind of thing. So all that making sure that the build itself is clean is that other dimension that you really need to pay attention to. Not just the capabilities, but also the clean build. Right now, neither of those are being represented enough into that green field or those new build areas. They have to make that leap on both those fronts.
[00:16:23] Speaker B: And right now, is it more. Is it like a patch and fix type of cybersecurity approach?
[00:16:30] Speaker C: It comes in after something's built, often right, because. And again, it's not. Because the root cause behind that is often you don't have necessarily the right people in the room not asking the right questions. It's not in the requirements documents. There's things that you can affect that make that much more feasible. But the reality today is often it's not, it's. It gets delivered without it. So now you got all this operations going and like you're saying, you're trying to figure out, okay, while my, while my operations are going, how do I input all the cybersecurity? It's, it's kind of like seat belts. I often use that as an analogy. When you build a car, you know, you need seat belts or a safety factor. Do you want the seatbelt to come with the car from the factory or you want to do it aftermarket? And by the way, if you do it aftermarket, you can't stop the car.
Operations don't stop for this stuff. So you're trying to do it while you're driving the car and put all these safety features. It's. That makes it really, really hard. Not impossible, but much, much more difficult. So the idea is to bring it in earlier to build that foundation I was talking about so that you can be more resilient to all these changes that are happening.
[00:17:37] Speaker A: You talked a little bit about supply chain risk earlier.
Where are most of the vulnerabilities actually coming from? Hardware software? I would be remiss if I didn't use your word meatware. A little bit of an all of the above.
[00:17:51] Speaker C: It's a little bit of the above. Right.
Look, attacker is going to figure out how to get in in all different ways. So if they can go affect down the, you know, previous down the line of some critical path, you can attack, you can attack a supply chain on.
[00:18:05] Speaker D: It or through it.
[00:18:06] Speaker C: Right. And on it means I'm going to try to shut down your operations to build it. And through it I'm trying to get stuff in and so it's carried on to the final customer.
[00:18:15] Speaker D: Client.
[00:18:15] Speaker C: And then so I'm trying to embed it in either way. That could be on a software level for sure. It can be on the firmware hardware, like the pieces of equipment that are.
And one of the problems in supply chain is provenance. It's saying, I know where this motherboard came from. Great. How about the components on that motherboard that's down the line a little bit farther. I don't actually know where that came from. So it comes through in different ways where you're trying to figure out all those vectors. And like I said, if you're not paying attention to your people who are maybe on site clicking stuff or you have a lot of suppliers coming in at the same time and plugging in their laptops and doing their stuff on site. So how do you do the management of change? How do you make sure that clean build process is happening, but also like I said, cyber acceptance testing, make sure that the equipment that's coming in is being tested out, all those types of things, because it can come from a variety of areas.
And as bad guys learn more, they always figure out other new and novel ways to get in. So you have to take an even approach on where those vulnerabilities come from. You can't just say, you know what if I solve that one, I'm golden. That's not, that's not a really good way to approach that.
[00:19:27] Speaker A: Yeah, you make such a good point there too about, you know, like on my plant floor it's all Rockwell machines or it's all Siemens machines.
[00:19:33] Speaker C: Great.
[00:19:34] Speaker A: Where did Rockwell and Siemens get the parts to make those machines? And all of those things are vulnerable. So obviously that sort of moving through the supply chain using a small vendor as a stepping stone to a bigger target is pretty effective right now.
What strategies technologies are out there emerging to help better detect and prevent these through the chain attacks?
[00:19:58] Speaker B: Sure.
[00:19:59] Speaker C: So again, as you dealing with the supply chain itself, that comes into that clean build aspect. So it starts way from the beginning, honestly, in the capital committees who need to Think about cyber and start putting cyber requirements in the requirements documents. So when they go to go, when they go to build these, they start putting those in. There are a variety of standards out there that you can follow. So it's not this mystery of say, just do cyber. Because a lot of times they'll talk about cyber in the capital committees, but they won't actually. It doesn't translate into anything tangible. And so there's, there are a number of standards out there, like IEC 62443 is a good standard. It's an international one, often used in manufacturing and amongst the supply chain.
And you can start enforcing that during the procurement process, you can start enforcing that during the construction process, checking it and validating it, and you can start taking those steps.
It's not good to do it after you've started everything yet. You need to think about it from the beginning and the design architecture itself.
[00:21:05] Speaker D: Needs to complement it. So you're not all of a sudden at the, you know, ready to deliver it. And someone from a cyber perspective looks and goes, oh, no, well, it's not a good network. You really shouldn't have your OT environment directly to the Internet. It's probably a bad idea. That kind of stuff you have to start getting in early. And then it comes with, in that procurement, working with your major providers so that they turn to their providers and then they turn to their providers. And then so you almost going the reverse supply chain up for the requirements.
[00:21:36] Speaker C: And saying, guys, this is part of.
[00:21:38] Speaker D: Who we select, this is who we want to have. If, if you need to prove your cyber, that's one of our criteria and that should go all along the supply chain. That would be more powerful than anything else. I was working at a company that for a while that was not all that interested in cyber. They're like, you know, trying to slog the way through.
And then they were dealing with their end customer who said, I'm sorry, you can't bid on this, because I don't, we don't think you're cyber strong enough.
[00:22:07] Speaker C: And who came running into my office.
[00:22:09] Speaker D: It was the head of sales and.
[00:22:11] Speaker C: The head operations saying, my goodness, we have to have the best. Because when you put it in a competitive environment and when it affects top line man, you see it, start seeing people working on it. And so if you can get into that flow, that's where you start getting it to be a real changes. Because people realize that if I can't show you that I have clean security, then I might lose that bid. Well, I'm gonna, I'm gonna really, really show you, right, what I can do so that start getting into the same market forces that are pushing for all this digitalization. It can be similar market forces, competition, other things. They can also force people to say, I gotta have better cybersecurity. It's that change in mentality that you really need to start making.
[00:23:01] Speaker B: So when we talk about a change in mentality, Ian, you know, one of the things that everybody's adopting these days, artificial intelligence. But I wonder, how are the bad guys using AI to their advantage?
[00:23:12] Speaker D: Right?
[00:23:13] Speaker C: That's always out there, right? It's always the question. And it's. We call it AI versus AI, right? And I'll go into, particularly in the oto, the operations environment, they're usually like, we're slow adopters.
We're going to see how this AI thing, I don't really want to mess with AI. And I said, okay, understand it, but let me explain it maybe in a different way. One, the bad guys are using it and they're using it in ways to either do things like deep fakes, right, that can get in and fool you on some areas they're doing it on to assess your network. Have AI assess your network for vulnerabilities that humans may not be able to see and create novel attacks that aren't easily detected. So they all sudden you have new kinds of attacks that may be coming in because they're using AI powered tools. And so they can also use AI to amplify their attacks.
And so there's all these different ways they can start using AI in a very pragmatic way against you. If you don't use it to protect yourself, the same things. You can also look at your own network to see how they might detect, you know, attack you, or to detect those not easily seen attacks. These novel attacks are coming in, but if you're not using it and they are, you're going to get dusted, right? That's going to be a problem. Now that's issue number one. Issue number two I say to them is your company's already using AI in operations.
Who do you think is going to protect that? Who are they looking at to protect that AI usage in the actual operations that they're doing? It's going to be you, Cyber group. So you're already there.
And then the last piece is we call cyber in the wild. You don't know who of your suppliers or people out there who are using AI today.
What kind of super dependencies do you have? What kind of places if they make something down there that really affects you, like the CrowdStrike, which was not a cyber attack, but it showed us all how dependent we are. Super dependency is what I call it, on certain things that we may not have seen before. I know I was stuck in Baton Rouge trying to get home on a flight and they were using paper and trying to get you through. And I realized how much these super dependencies are. And if they're using AI out there on that, you don't know who's doing it. So I'm saying that guys, you're. You're in it now, right? You better start believing in ghost stories because you're in one. It's that kind of thought process that comes into it. I mean, it's there.
Better start figuring how to use it.
[00:25:42] Speaker B: So figuring out how to use it means leaders should be rethinking their cybersecurity strategies.
[00:25:51] Speaker C: Is that what tools are you going to use for these? Straight AI versus AI.
[00:25:57] Speaker D: Map how your company's using AI and understand very closely what that means to protect it. Right. What does that mean when you say protecting AI? Are you looking at the, you know, of, of the data sets? Can they poison those data sets? Can they do it? Can they get after other things? How do you protect the way they're already using it, but also other areas when you start vetting out further. In my contracts, we talked about supply chains.
Make sure that they're disclosing to you, your partners and suppliers, how they're using AI. So at least you have a vision of how it's being used and what can happen with it. So you have at least that. I mean, cyber comes down to visibility and control. Can you see what's happening and can you do something about it? This is about that visibility. At least get to understand what's going on out there.
[00:26:41] Speaker A: So I want to talk about the cloud for one second.
Maybe not one second.
So many companies are moving their operations to the cloud as much as they can, which creates new opportunities, but also some risks.
What do you see as the top cloud security blind spots out there right now?
What can people do?
[00:27:00] Speaker C: Yeah, so cloud is a tough game when it comes to operations. In ot, it's not like it where you can. I can't say it's easy as lifting and shifting, but you can really migrate a lot of those IT operations to the cloud. In ot, you have an umbilical, always down to physical operations. So if you're talking about the cloud, you're either saying, I'm just going to get data in the cloud and analyze it and then have no other. So they call that more of a hybrid situation where I'll get data up there, but I'm not going to actually have my operations, my PLCs or anything else. I'm a SCADA system to actually operate from. If I do at some point, it doesn't operate in a cloud. Those commands come right back down to a real facility somewhere.
And you have to also understand that in these environments, these are really, we'll call it a lot of legacy filled environments, meaning there's a lot of old technology in there. As I mentioned before, they don't even know everything they have in the operating environment. So if you don't even know what you have, how are you going to migrate it to the cloud? And you have things like contractual engagements, you have equipment that has never been and systems never been really adapted for that cloud use. And so if you just put it up there, you're going to be opening up a whole bunch of vulnerabilities you might not have. I'm not saying you don't do it.
I will say to our clients, cloud is a force of nature, it's common. Okay, so just like AI, you can't just hide from it, but you do need to have a very measured approach about how you're doing it. Understanding what kind of systems you have, understanding what kind of contracts you have on those systems, understanding the cyber physical nature, that you're always going to have something there. And what happens if, if cloud connectivity gets compromised, can you operate it locally? Is that possible at the end? Because this is operations, this is safety and this is uptime. These are the two principal things that you have to understand in an OT cyber environment which you don't have to necessarily deal with on the it. And that makes that cloud game way different again happening. I'm not saying sorry. The answer is just not to go do that. That's not even possible.
The business case is way too strong for that. Okay, for go to cloud, but how you do it now, that's a different game. You got to figure out how to do it correctly.
[00:29:19] Speaker A: Let's wrap this up. You remember when NBC used to do those, one to grow on and that's one to grow on and then the little rainbow.
We like to give people something to take away from this. Some positives to end on. If you had to give one piece of advice to an industrial leader who's worried about cyber risk, some of the things we've been talking about today, what would you tell them?
This is one to grow on.
[00:29:41] Speaker C: I like the one I love. I want to have that. Like, I know.
[00:29:45] Speaker A: I want the rainbow with the little star coming across.
[00:29:47] Speaker C: And I'll say at the end. I'll say the end. That's one to grow on.
[00:29:49] Speaker A: Exactly. If you would do that, I'd really appreciate it.
[00:29:52] Speaker C: Now, look, at the end of the day, I get this. This is complex areas. It's always changing. It seems scary, but.
But stick to the basics, okay? Keep it simple. Ask those questions. I said at the beginning, do you know what you need to protect?
Do you know where your holes are? Can you see someone in your system? And can you get it out and start earlier? I'm not saying you ignore the brownfield, existing stuff, but also, you got to get the right people in there so you can begin this from the beginning, because it's going to be a necessity to build that kind of strong foundation to be. To deal with all that ambiguity that's coming up and all that, all that risk. So keep it simple and start early. That would be the. Those would be the two things to grow on.
[00:30:41] Speaker B: Perfect.
[00:30:42] Speaker A: Ian Bramson, vice president of global Industrial Cybersecurity at Black and Veatch. Amazing stuff. Thank you so much for being with us.
Absolute pleasure to talk to you.
[00:30:51] Speaker C: Well, thank you guys very much. I appreciate you having me on.
[00:30:55] Speaker B: Thanks, Ian.
[00:30:56] Speaker A: And there we go. I'm going to talk to our graphics team and see if they can put a little one to grow on graphics in there, because, I don't know, I miss the 1980s.
[00:31:05] Speaker B: I was just gonna say, like, you're. You're. You're totally dating yourself.
[00:31:09] Speaker A: I know. I'm really young. I'm in my 20s. I swear. I just watch a lot of stuff on the Internet.
So I want to ask you, Stephanie.
So I did a cybersecurity podcast before this. I covered cybersecurity when you do these. Because cybersecurity hasn't been your bread and butter. Do you walk out of every one of these conversations a little bit more scared than you were before?
[00:31:30] Speaker B: Oh, yeah. Everything scares me. You know that. No, I just. I think it goes back to that first question, one of the first questions that I asked Ian, like, how do you keep up with this? Because, you know, I did a quick Google, like, what are the. What were the cybersecurity breaches this week? And there was a list, right. And, you know, it's. It's really concerning.
And I think, especially when we're talking about the supply chain and all the different parties that are involved and just knowing what they're doing and the ripple effect.
I think that Ian gave some great practical advice in this podcast, and I really appreciate that. And I love the fact that he's like the interpreter for everybody from the technology to the layman's terms, like, what does this mean to you and your business? Because that's really important moving forward is for manufacturers, especially entrenched in technology, to really understand what does this mean to their business.
[00:32:27] Speaker D: Right.
[00:32:27] Speaker A: That's a big. That's why I said that idea of a translator is so important.
It's funny, all the phrases you hear from people and it's like marriage counseling, trying to get between it and ot. And you need.
But it really is. You need to understand, as you say, what it means to the business. Because we need to spend all this money on a cybersecurity solution because we might get attacked is not as effective as if we shut down this production line. That is how many millions of dollars an hour, right? Yeah. That really is.
[00:32:57] Speaker B: And it's not even. You might get attacked. You will get attacked.
[00:33:00] Speaker D: You will.
[00:33:00] Speaker C: Right?
[00:33:01] Speaker A: You might already have been attacked.
[00:33:05] Speaker B: It's not funny.
[00:33:07] Speaker A: It's a little funny.
Just because you had a second computer and it was sort of blowing up on the side. I know you're getting attacked right now.
[00:33:15] Speaker B: I'm waiting for it to just blow up right now, but hopefully that won't happen.
[00:33:20] Speaker A: Yeah, no really, really great stuff. Happy to have Ian on with us.
Happy to have you guys listening to us out there, especially for a new podc.
So thanks for joining us again on CTRL Alt Manufacturing, Resetting and rethinking Manufacturing. If you want more great information on digital transformation cybersecurity, definitely check us out at ctrl engineering. That's controlenge.com.
stephanie. That's one to grow on.
[00:33:46] Speaker B: It sure is.
Thank you, everybody.
[00:33:49] Speaker A: We'll talk to you next time.
[00:33:55] Speaker D: Sam.
