Industrial Automation – It Doesn’t Have To…
Join us as we explore all things Industrial Automation. Brandon Ellis, owner & president of elliTek, has seen the good, the bad, and the great when it comes to automation. We'll delve into the challenges that manufacturers face, find out what it doesn't have to..., and have some fun!
Industrial Automation – It Doesn’t Have To…
Industrial Automation - It Doesn't Have To... Disagree
Bridging the Gap: Cybersecurity and Networking in Industrial Automation
In this episode of "Industrial Automation - It Doesn't Have To...", we delve into the critical intersection of cybersecurity and networking, essential components in today's industrial landscape.🛡️
Who better to navigate this complex terrain than Siemens' Industrial Network Consultant for the Southeast Region, Kyle Frederick? With seven years of experience under his belt, Kyle is a seasoned expert in cybersecurity and networking, making him the perfect guide for this discussion.
Operational Technology (OT) and Information Technology (IT) are networks that operate under conflicting philosophies, posing unique challenges. What gets a production or controls engineer fired is not the same thing that gets an IT admin fired. They have different sets of priorities - but they don't need to disagree.🤝
As cyberattacks and ransomware threats continue to proliferate, malicious actors have begun targeting OT systems with alarming frequency. But fear not, as this episode unveils the arsenal of tools at OT's disposal to complement IT strategies and fortify defenses against evolving threats.🔒
🎧Tune in to discover the strategies and technologies empowering OT and IT collaboration in the ongoing battle against cyber adversaries.
🔗Explore the world of Industrial Cybersecurity: https://www.siemens.com/global/en/products/automation/topic-areas/industrial-cybersecurity.html
🔗Take a tour of SIBERprotect, a cyber-physical protection solution: https://resources.dc.siemens.com/c/siberprotect?x=lq_ybh
🔗Delve deeper into SIBERprotect, a PLC-based realtime solution for cyberphysical monitoring and defense: https://support.industry.siemens.com/cs/document/109810533/siberprotect%C2%AE-a-plc-based-realtime-solution-for-cyberphysical-monitoring-and-defense?dti=0&lc=en-US
Reach out with any questions or comments. Let us know if you'd like a webinar with Kyle. We'd love to hear from you!🤝
Website: www.ellitek.com/contact-us
LinkedIn: www.linkedin.com/company/ellitek-inc
Instagram: www.instagram.com/ellitek
Twitter: www.twitter.com/elliTek_Inc/media
YouTube: https://youtu.be/pZ98KfSXzCo
Brandon 00:00
Hey guys, and welcome to Industrial Automation - It Doesn't Have To. I'm Brandon Ellis, your host, and with me, of course, is my co-host, Ms. Beth Elliott.
Beth 00:10
Well, hey there, Brandon.
Brandon 00:12
And we've got a special guest. We'll get to you in just a second. But first, I want to say happy...
Beth 00:17
New Year! Woo! 2024!
Brandon 00:20
That's right. So, 2024, I hope everybody had a wonderful and safe New Year, and we're back in 2024.
Beth 00:28
I know.
Brandon 00:28
We kind of tripped through 2023.
Beth 00:31
A little bit.
Brandon 00:32
Yeah, so only two podcasts last year, but we're going to do more than that today. So, we've got a pretty interesting episode today. I think one that is going to be pretty awesome. So, go ahead and give us the title, Beth.
Beth 00:47
Alright, so today's title is Industrial Automation - It Doesn't Have To... Disagree.
Brandon 00:53
That's right. Disagree. So, what are we talking about? Well, honestly, we're talking about more cybersecurity and networking. So, man, we've heard us talk about that quite a bit, but it's a big, big topic. And we're going to be getting into why that's a big, big topic. OT, Operational Technology. IT, Information Technology. Those two networks, we've heard OT-IT convergence. We've heard OT-IT isolation. We've heard competing philosophies. OT, the way they do things versus how IT wants them done and needs them done. And our inability to recognize each other's philosophical differences and the importance of those things. As I'm commonly saying, what's going to get a production engineer or a controls engineer fired is not the same thing that's going to get the IT person fired and vice versa. And unfortunately, fortunately or unfortunately, we want them to work to not get fired.
Beth 01:51
Yeah.
Brandon 01:52
And so, they have a second set of priorities. We're going to be talking a bit about that today. But we're also going to be... kind of breaking cyber security down as far as plant security on both the IT, this is applicable both IT and OT, two primary goals, avoid an attack, but then the second part is to recover from the attack. So what are we gonna do? What can we put in place? What tools do we have on both IT? They've already got those tools for the most part, but at OT, we need the same tools shaped a little differently to avoid an attack on our side and do our part to complement IT, but also if an attack occurs on our side, the OT side, we need to be ready to recover and that's what we're gonna be talking about today. So it doesn't have to disagree, the complimenting of IT by OT, having similar tools with different shapes. So introduce our guest, everybody's waiting.
Beth 02:50
All right, so our special guest today is Kyle Frederick. And he is Siemens Industrial Network Consultant for the Southeast region. Kyle has been with Siemens for more than six years. He's driven with a customer-oriented focus and has a passion for helping others. Kyle has a special knack for transferring his technical knowledge and so we're thankful that he's here today to share some of his knowledge about cybersecurity and networking. Welcome to the show.
Kyle 03:20
Thank you.
Brandon 03:21
All right. Welcome, Kyle. So Kyle, you and I have talked a bit, but walk us straight into there. So I've been bantering on here about avoiding an attack, recovering from an attack. What is an attack?
Kyle 03:33
An attack is where, well, as we've seen in the IT world or emails, simple as you clicking on the wrong thing, it downloading some type of malware or ransomware virus, you know, they break them up into different categories now because it's become such an issue that either stays dormant or starts hitting your network, your devices, your servers, so that it can disrupt, stop, or halt your production and not say IT is not necessarily a production as in what we think in the OT or factory space. Production as in sending out emails or being able to do video calls and different things like that. So it's there to just like a virus to attack and to halt what is supposedly supposed to happen in your environment naturally.
Brandon 04:35
Well, and I've been in lots of conversations and of course, for many of our listeners, a lot of them are plant managers, engineering managers, plant presidents, whatnot, and they're not really, they may or may not be down on the technical level of things, but one of the things that I hear the most is when it comes to the manufacturing floor, well, that's not on the internet.
Kyle 04:55
Right.
Brandon 04:55
But more and more today it is connected to the office network and so that's what we call that IT-OT convergence because we have to get data, about moving data, from the enterprise level which is where the data servers and repositories are. That's what creates all the things that cause a plant to really run the pie charts, the graphs,
Kyle 05:16
SAP, you know.
Brandon 05:18
All the ERP systems and all that kind of stuff so all the planning, all the production planning, a lot of that now is not just come down to the machine and type it all in at the machine side. We have to pull that from upstairs to downstairs and then give reports back to the upstairs side. So there there has to be a connection. The day of my plant floor is not, we call that air gapping, it's not on the internet is not a do -all -wear -all preventative step. Especially when you have folks working remotely, when you have contractors coming in, connecting in their PCs that have not been through your IT group's critical virus protections and malware protections, things of the nature. And also, if you have an employee who's working hybrid and a hybrid role goes home, plugs a USB drive into their PC at home or takes their work laptop home, and now it's outside of the protection of your IT group, and you bring that back in, plug it into a system even on the OT side, and now all of a sudden you've broken the air gap. And then, of course, there are cellular -based vectors into the plant where sometimes plants are paying companies to OEMs and machine builders and whatnot to put a cellular -based system to bypass the IT and allow a vector into the plant. All of these are potential ways to get some type of malware or ransomware into the OT side. Now, we've heard of viruses, malware, phishing from emails, but is that happening? How, honestly, how much of a threat is that? If I'm the plant manager, how much am I really... I hear all this stuff. How much am I worried, Kyle, about that coming down on the plant floor?
Kyle 07:11
You're really worried, because before phishing was more targeted. It was targeted against government, municipalities, specific things that could cause a major splash, per se. Now it's become an industry where they're getting paid.
Brandon 07:34
They're getting paid big.
Kyle 07:36
They're getting paid big. Where before in the IT realm, if you did a ransomware and they held your email server for ransom, your IT had a backup, and you could probably run the company still without having an email for many hours to possibly many days. Well if you hit the floor and then you stop production, you know, through either, you know, your IPC, SCADA systems, whatnot just think of what that floor manufacturing stopped that process being stopped causing that plant per hour compared to the ransomware. The percentage becomes a lot higher to pay out that ransomware if you do not have what, you know, the steps for recovery and recover quickly. You know, you being in the system integrated role, you know, somebody comes to you and says okay I need this this PLC died and, you know, what are the steps to recreate that. Or, this IPC died that has still Windows NT on it because of the because of the OT environment where, you know, it's running so we're not going to touch it and rebuilding servers from scratch.
Brandon 08:53
So let's talk a bit about that. The competing philosophies, you just mentioned one of those, Windows NT. Now for those that might not know, that's a very old Windows Operating System. Very old.
Kyle 09:04
It's one of the first Windows servers ever to come out.
Brandon 09:07
Yeah, yeah. Late 90s, I guess. So Windows NT, but you would probably never see an NT server running on the IT side, on the office networks, and things like that. They just...
Kyle 09:21
They won't allow it.
Brandon 09:22
Yeah. They won't allow it. It's not secure and all these kind of things. But how, comparatively, the philosophies, I mentioned the philosophies of IT doesn't match the philosophies of OT. So the philosophy of IT versus OT. What are some of the differences in those philosophies?
Kyle 09:39
Well, just to mention the Windows NT, why would you have a Windows NT server still running? Well, maybe you have a specific software that is running a specific process in your factory and either that company went out of business or doesn't develop that software anymore or hasn't updated that software anymore. What do you do?
Brandon 10:00
Or you have a plant manager, plant president that says, that thing's working great.
Kyle 10:06
Hasn't given me any...
Brandon 10:08
No issues. Don't touch it.
Kyle 10:10
Mm -hmm. Because if you do touch it and you interrupt the factory process, how long is it going to be till you get it up and running in a stable format again?
Brandon 10:20
Yeah.
Beth 10:22
You don't want to risk it.
Kyle 10:23
You don't want... Again, it's all about risk.
Brandon 10:25
And, of course, being back from my systems integration, machine building days, and Alan being a production engineer and whatnot, when you get that machine on the floor, you go through your site acceptance testing, which includes quality checks. Especially if you're in the pharmaceutical world, you're doing validation, software validation steps, things of that nature, which are FDA required steps. Once you get all those checked off, you don't touch it. And if you do touch it, you've got to do them all again. And so it's very expensive to make changes. So we, on the controls engineer side, we're used to, once it's in place, unless there is a good reason, we do not make changes. How does that compare to the OT world? I mean, the IT world.
Kyle 11:11
Well, IT, you know, we've all seen it on the IT side where we're getting pushed down updates, even in our Windows operating system, weekly. So, you know, and again, if it does interrupt something, it isn't stopping production. It's a nuisance, it's a headache, even in, you know, in IT systems, they rate it, okay, is this a, just in a nuisance, a headache, is this, you know, stopping me from doing specific parts of my job or is this stopping me from doing my job altogether? On the OT side, it's only one answer typically. It's stopping.
Brandon 11:53
It's stopping. It's preventing us to move forward and preventing production. But let me make this point. That's not taking away from the importance of the updates that IT needs to do. So we're all fighting a battle. Everybody in the plant on the IT side and the OT side are fighting a battle. IT's job is to keep the email servers up and all the communications and the data streams flowing, the databases online and all that kind of stuff. And oh, by the way, no one from taking control of them and forcing us to pay a penalty. OT's job is defending against any kind of downtime event and anything that's going to keep from making production to keep from making the truck, to fulfilling the orders. They're fighting another battle as well. They need, we need each other.
Kyle 12:41
Absolutely.
Brandon 12:42
But IT's constant updating is not just because IT hates OT. It's because it's what their job requires. Because they are getting, they are at the heat of, they are at the edge. Not the edge. I shouldn't say that, there is an edge, but they're
Kyle 13:00
At the front wall.
Brandon 13:01
They're at the front lines because they are facing the outside world. A hundred percent. They're the wall of the castle that everybody's shooting, the arrows and the spears are hitting. And they have to deal with that every day. So let's not, I don't want us to take away from the importance of what they are. And that's the beauty of what we're talking about with the Siemens products today. Siemens has taken the stance to not just say we're focused on OT because we like OT and we don't like IT. They're saying because OT needs the tools that are so important and the products that are so important to IT. If OT can have those same tools and complement the stuff that IT's doing to defeat those spears and arrows that are hitting the outside wall to make sure if one happens to get over the wall and land in the OT world, IT's okay. We've got the same stuff, the same technologies in place, although our technologies look a little different because the need's different. So walk us a bit through some of that with, you know, Siemens with their preventative steps, let's start with that, the preventative side.
Kyle 14:18
So one of our main cybersecurity guys keeps on saying it's not about product necessarily, it's about process. So some of the easy steps is process-based, so backup and recovery. And not only backups, but testing, which is a big change. I mean, how many times have we done backups, but tested those backups to make sure that they recover properly, so that when we're in that recovery phase and we restore that backup, will it work?
Beth 14:56
It's a seamless transition.
Kyle 14:58
Yeah, because if we restore a backup, but the backup is corrupted or it doesn't work properly or what not, what's the point about backing up? And, IT does that regularly.
Brandon 15:08
Regularly. It's part of their backup routine.
Kyle 15:10
Exactly. You know, I was a system integrator. I always heard backup your PLC program, but I never heard to restore it and test it.
Brandon 15:21
Make sure it'll go back down.
Beth 15:22
That's smart.
Kyle 15:23
So that's one of the most simple steps and it doesn't cost anything.
Beth 15:28
But it's overlooked.
Brandon 15:29
It is overlooked. It's almost a maintenance process and so, all right, so we've been talking about the avoiding of attack or preventative steps. And now you're moving us into not just preventative, but preventative as far as preparing for recovery.
Kyle 15:46
Correct.
Brandon 15:47
And you have to do both sides. We were talking, Kyle and I were talking earlier and he used the analogy of defense versus offense. I think that's a great, great analogy. He and I are big college football fans. So your defense keeps it out. But if we have somebody penetrate and score, then we need to put an effective offense in place to get the ball back on the other side of the field and get it in the end zone again. And so that's where the recovery comes into play. And that, I agree, is not something that we necessarily have the tools for in place just out of the box. Here you go. Or these are available kind of tools. So how do you, how does Siemens focus, tell us a little bit about Siemens OT focus with some of their products and what products we're seeing to make those things a reality.
Kyle 16:44
Well, so you have basic a lot of the tools again in the IT. So one of your aspects of ease of creating a cybersecurity plan, one is backup. Two is asset inventory. We all know about asset inventory with our PLCs, our IO, our drives, but what about our asset inventory on our network switches? What kind of network switches do we have? Are they managed? Are they unmanaged? What firmware version are they? Do they have risks inside them? Can we just upgrade the firmware to avoid those risks? So asset management within the networking arena. So we do have something that can help us, which is SINEC NMS, which is Network Management Software. So that does both monitoring, so you can monitor and diagnose the networking. Not necessarily just the switches and not just necessarily SCALANCE switches, the Siemens switches. But you can do third party and you can do PROFINET. So anything with pretty much a PROFINET port, you can monitor. And so that gives you an overall of the network.
Brandon 18:02
You're monitoring what, exactly?
Kyle 18:05
Port loading.
Brandon 18:06
Okay.
Kyle 18:07
So you can actually trend a port to see how much loading it is and if it's been increasing because sometimes, let's say you plug a new device into a network switch, well, it adds loading to that network switch. And if there's a lot of broadcast traffic and stuff like that, it could cause that switch's memory to be more and more utilized until that switch just doesn't send any data across. Or a server that is hitting a single port and that switch is getting overloaded. So maybe you got to move that server and without that diagnostics of that port increasing, you wouldn't know how to remedy this traffic issue or this network.
Brandon 18:54
Or where the source was.
Beth 18:55
That's what I was going to ask.
Brandon 18:58
So you can analyze the network a bit better. And it's a graphical tool for analyzation.
Kyle 19:02
Correct.
Brandon 19:03
And so bandwidth... so let's, again, let's not get too deep into the weeds, but bandwidth equals how fast things talk and how reliably. And so, again, on the IT side, they're very bandwidth savvy. But on the OT side, I used to have a joke, how does a controls engineer upset an IT admin? Just say, can't we get just a faster computer?
Kyle 19:30
Right.
Brandon 19:32
No, you can't, you know, we need to be cognizant of the things because honestly, they've got, they've got it down.
Kyle 19:40
Well, the big thing is, is IT has learned to architect a network, where OT...
Beth 19:47
It's just pieced together.
Kyle 19:49
It's just, oh, there's an extra plug right there. Plug it in. I can plug it in.
Brandon 19:52
Yeah. Where can I find another port?
Kyle 19:54
Exactly.
Brandon 19:55
I remember...
Beth 19:56
Well, you gotta get it done. Get that job done.
Brandon 19:58
You gotta get it done. You gotta make deadline, for sure. I remember having a conversation with someone who was in the networking world, a manufacturer years ago when I was, again, machine building. And I said, you gotta understand, from our perspective, a switch is just like a fuse or a circuit breaker. We just need to, first of all, it needs to snap onto DIN rail and not in a 19 -inch rack. It needs to take 24 volts DC as supply power and not 110 volts AC. And then it just needs to work when I plug it in. I shouldn't have to set anything up and all this kind... of course, all those switches were unmanaged switches. We just needed them to work. We didn't know. I remember myself years ago, I didn't know, I just knew it would work, that I would have multiple subnets running through the same unmanaged switch. It'll work, but it's not efficient. And so, you know, as I've gotten to know IT folks and IT admins and understand more, you know, what their craft is, I start realizing that was really dumb.
Kyle 21:03
It's a different type of engineering.
Brandon 21:05
Well, but again, if you go back just a few decades, you know, that's back when we thought, man, a gigabit hard drive, who's ever going to need more memory? And even before that, I remember my first computer had 14K, and I was like, wow, that's a lot. That's 14,000, you know, bits, and just or bytes, and I'm just like, wow, who needs more than that?
Kyle 21:34
Well, remember going from, you know, dial -up to like DSL, and how am I ever going to slow this network down?
Brandon 21:46
It's just, in our lifetime, for sure, I mean, we've seen the onset of the internet. So in the plant world, so what does that mean, bandwidth and that kind of stuff, what makes that important? How does that equate to dollar bills coming into my pocket versus going out from the company's standpoint? If you're not talking effectively, if your data streams are overloaded, your switches are overloaded, then now all of a sudden you have delays in data, it could affect production, it could cause faults with controllers and things of that nature, and that's another philosophical difference between IT and OT, is how much of a fault, if you will, or a delay of data can, do we feel like it's catastrophic versus the IT folks feel like it's catastrophic?
Kyle 22:29
Yeah, typically on an OT, anything above 50 milliseconds is a lifetime. And you're going to...
Brandon 22:40
You're going to have faults at that point.
Kyle 22:40
You're going to have faults. Your IO is not going to be, your distributed IO is not going to be communicating to your centralized PLC. Your motion control definitely will not work properly. Where in the IT world, you know, half a second is unbelievable response time. And they're okay. They're great for half a second response time.
Brandon 23:07
Right. Because what are they tasked with? And guys, let me say this. I want everybody to go out and get an IT degree that likes IT, but it's the toughest position, I think. It is a position that needs to be respected because honestly, we don't think about you guys unless we're upset because our email's not working or our streaming's not working or our hard drive's crashed or something. And we probably should have... I'm sure there's an IT network admin's day.
Beth 23:40
Oh, there is. There's a day for everything.
Brandon 23:43
But if you see that, you should buy a Reese's cup or something for your IT admin because think of how many days your email does work and the network is up. But if you're right, if you're in a video streaming, a video conference, and if you don't have email for a couple of days, that's probably pretty catastrophic. But if you're in the middle of a streaming call or something and all of a sudden the video freezes for half a second and then comes back, we just kind of overlook it. It's a nuisance, but it's not going to kill us.
Kyle 24:17
Where in OT. A plant will shut down.
Brandon 24:19
You'll shut down the whole plant, yeah, because what's happening there? So the difference is in the OT world when machines are running, it's not just communications to say you have data, I have data. It's keeping, especially when you get on what's called a fieldbus network, which you talked about IO. So there's the CPU, which to use the human body as an analogy is the brain, and then you have remote IO. Well, that's all your...
Kyle 24:47
Your sensors.
Brandon 24:47
Your sensors. Well, the inputs are sensors. That's all your nerves. So your nervous system. The outputs are your muscular system. If the brain loses connection to either of those in the human body for even a little bit, because there's another muscle, it's called the heart. That's an output device, right? And if the brain loses access to the heart, none of us want to go down that road, not even for a millisecond. And so the machines are working the same way. And if that does happen, if you do have a hiccup where the brain loses connection to the heart, then that's when the body does some fault event. You're down, and now all of a sudden we're having to...
Kyle 25:38
We're in recovery mode,
Brandon 25:39
We're in maintenance at that point. And so a blip across the network that ties directly to things like network loading, switch loading, the things of that nature. It's not this, I mean, of course there's always the forklift ran over the, the fiber network or the, you know, cut the cable or something like that. Those are also interruptions, but, but those are kind of catastrophic events. Now, so that's, that's keeping up with what's going on with your network. What if, God forbid, there is a cybersecurity event. And by that I'm talking about maybe a virus, maybe malware, but let's go all the way, let's go all the way to the, to the end we're ransomed. So now all of a sudden on the OT side, we're ransomed. First of all, getting ransomed, you mentioned earlier on the IT side. If you get ransomed on the IT side versus getting ransomed on the OT side, isn't it becoming a bit of a, of a...
Beth 26:38
A badge of honor
Brandon 26:39
Badge of honor to if you were ever able to interrupt OT versus just IT from...
Kyle 26:39
Well, it's not only a badge of honor, it's millions of dollars.
Brandon 26:39
Well, potentially.
Kyle 26:39
Potentially and again, what we talked about is the high percentage that that will get paid out. Because a plant manager is gonna look out, okay, What is the ransom? Versus...
Brandon 27:04
What's my downtime?
Kyle 27:05
What's my downtime and how long is it gonna take me to recover from this ransom manually?
Brandon 27:10
And everybody I've talked to has said don't pay it, don't pay it. Because you pay it and the fix may not come but you're also saying okay now we found somebody and all that goes out and for money and you become a target. But it's a tough thing to be. So how do you get past that? So IT, if IT gets ransomed, what's their normal next step?
Kyle 27:36
Normally once they get ransomed they well, they try to isolate it, so that it doesn't spread. So that's when you start seeing the emails come out, you start seeing, you know, networks actually start shutting down. So that it doesn't spread it from server to server
Brandon 27:52
In an automated way.
Kyle 27:53
In an automated way, so that if it hits one server, two servers, they got the backup. It'll take them maybe you know a day to rebuild those servers and be back up and running.
Brandon 28:04
Back up as if it never happened.
Kyle 28:05
Yeah, so and that's the thing that, you know, trying to do an OT...
Brandon 28:12
Which is why you're saying that OT is not just a badge of honor. It's it's expensive and because OT is not necessarily operating under the same mindset and processes as IT. Is that fair to say?
Kyle 28:28
Absolutely
Brandon 28:29
So they're built for the recovery step in IT. Why aren't we in OT?
Kyle 28:38
Again, up and running. So we got to keep things up and running, so our priorities are different. Our priorities aren't set for that, but that's where Siemens, we've actually started. It's not necessarily a product, even though it has a product name, but it is a solution called SIBERprotect, I believe. What it does is it interacts with those, either IT or OT -based IT tools, with your sys logs or intrusion detection systems, to communicate to a PLC that there is a local threat within the factory, because one is being notified. If you don't know that there's a threat, then you can't act on it. So then the PLC, depending on the customer's requirements and, you know, workflows and stuff like that. The PLC will start isolating...
Brandon 29:39
Automatically
Kyle 29:42
Automatically and not necessarily shutting things down because you don't want to shut things down in a production floor, but you do want to isolate and you want to basically tighten restrictions on communication. So with our security devices, we have digital inputs and you can control those digital inputs to have, let's say, a low threat security profile and then higher threat security profile. So when it does see that the PLC, the brain, will communicate to these security devices to basically start locking down communications and this will either isolate or just prevent that virus from spreading.
Brandon 30:33
And so it sounds a lot like what you just described that the IT folks are doing. And so this is where Siemens comes into play. And when you said PLC, Siemens is,.. We talked about the last podcast a bit with Matt Wagner. When we were talking about drives and some of the new drives and their capability and we got into cybersecurity. And so that's one of the things that Siemens, honestly, I told this story before, when we were trying to decide if we were going to become a Siemens distributor, I really was investigating them a lot. And one of the things that really caught my eye and impressed me was their commitment to OT-based cybersecurity to give us the tools, not just a really cool managed switch that can do VLANs and handle tunnels and VPNs and that kind of stuff, routing. I mean, honestly, IT will tell you. They've got that. The difference is how they integrate those products in with their other products. their PLCs, their drives, their HMIs, even down to remote IO, so that they can take a stance basically and not give a nod to the IT guys and say, we're going to do the same thing as far as intrusion detection and whatnot. So what's this really mean? Intrusion detection warns the other devices, and this is not a plug. This is just what is available right now. If they're Siemens devices, the newer devices that are coming out now, those devices are intelligent enough to know what that means and to take evasive, make evasive moves to begin to isolate the threat and secure it.
Kyle 32:23
Yeah, Siemens is, I believe, the first manufacturer to develop not just network switches or whatnot, but they're full product line off of the IEC 62443 Standard which is a standard to have defense in depth or security in mind when developing each product individually.
Brandon 32:48
And that's the other thing talking about the recovery. Recovery on the OT side. Okay, so we were talking a bit about that step one, number one - do your backups, timely backups. That's almost a preventative maintenance step. I mean it should be handled in a similar fashion. Number two - test your backups. That's a new step. I don't know that we've done that before. It's like having fire drills.
Kyle 33:18
Right.
Brandon 33:18
You know even in plants you have fire drills and tornado drills and meet at, you know, spot blue, blue square or whatever, you know. We go through that; we practice those things; we need to practice recovery. Because the goal is for you all not to spend money paying ransom people. The goal is for you to just like IT honestly is gonna do they're gonna shrug it off. They're gonna say we're not gonna pay that, give us, you know 12 to 24 hours and we're back up as if it never happened.
Kyle 33:18
Right.
Brandon 33:59
And they just move on. We need to be able to do the same thing in OT and Siemens is giving us a way to do that. Intrusion detection is really one that I think is really cool.
Kyle 34:10
It is.
Brandon 34:11
To be able to have that communication and essentially act on it or be able to act on it because... at a not I got an email that there's something going on. I mean, certainly you can get an email. But the PLC was pre-configured to act in this way. The drive was pre-configured to act in this way. All these things were pre-configured to do this in one ecosystem because they are now architected just like IT architects their systems.
Kyle 34:43
I want to just think about this also. 20 years ago, safety. You thought about safety. Everybody did because they didn't want to lose a limb or whatnot, but was it a plant-wide thought? Not really till something happened. Until recently safety is mandated. Either through the company's motto or insurance or monetary lawsuits and stuff like that. That's right where we are with OT and cybersecurity. We're talking about it. Companies are contemplating it. Insurance companies are looking at mandating it. And so we're in that stage where safety was, you know, back 15, 20 years ago.
Brandon 35:38
Yeah, I mean, unless you came from a government organization. Yeah, you're right. I mean, that's a great analogy. I remember 15, 20 years ago, we didn't have safety monitoring relays. I don't remember any kind of a safety PLC. We just, we might have done a hardwire circuit for an e-stop, but that was it. And, or, or we would just run it through a PLC and do it in code. You can't do any of that now.
Kyle 36:06
No.
Brandon 36:07
Is it safer than no safety? Sure. Is air gapping safer than, than no protection whatsoever? Sure, but it's not, it's not going to be allowed. Especially, you mentioned the insurance companies. And so insurance companies now are either sending you a letter to say, we're not covering, you know, these things, acts of God, duh, duh, duh, duh, acts of war and ransom, you know, ransom attack. So the plants need to, need to be insured for this. They're looking to be insured for this because it can be a costly measure if you have to recover. Because now that's the other big difference. If you're without emails for 24 hours, what is the overall cost to the plant versus if your production's down for 24 hours? Well, it's according to the, according to your industry? In automotive, they count that anywhere from 10 to 10 to $30,000 a minute.
Beth 37:05
Goodness gracious.
Kyle 37:08
Numbers get up real high, real quick.
Brandon 37:09
Yeah, they do. They do. And so a lot of insurance companies are saying if you want cybersecurity coverage, ransom style coverage for the plant, including the plant floor, you have to have this, these, these things, these really, this hardware, this software, in place. Siemens gives you that avenue. And honestly, I haven't seen it from anybody else.
Kyle 37:33
Well, not only just that avenue, but designed from an OT perspective.
Brandon 37:40
Yeah, exactly. Because again, the OT philosophy is not just a, hey, that's what we like. It's what we have to have, because we can't handle some of the same bumps in the road that IT can handle with grace.
Kyle 37:53
Or even just boil it down even simpler to, will your plant floor engineer learn Cisco language?
Brandon 38:05
CLI, yeah, Command Line Interface.
Kyle 38:08
Yeah, will they? I mean, we know the aspects of control engineers going from ladder logic to structured text and how painful that is.
Brandon 38:18
Yeah, and it's no different, yeah.
Kyle 38:20
Right.
Brandon 38:21
I'm an old DOS guy, so I handle it a little better, but yeah, Command Line Interface is the first language of most network admins. But for some reason, controls engineers want, we want, we want visual stuff.
Kyle 38:37
I mean, look at TIA Portal, it's all drag and drop, a lot of drag and drop. And then we want, we want to see that visual aspects, you know, drag that drive into my network and it automatically be connected and communicating.
Brandon 38:49
Exactly. And that's... Americans are lazy and I'm one of them and we, especially when it's something we're not experts on.
Kyle 39:00
Well, yeah, we're not necessarily, we just have a lot of different priorities. and adding, adding an extra....
Brandon 39:05
I'm lazy.
Kyle 39:05
It's adding that extra, Do I really need to, or do I really want to, how, just like with the plant floor, you know, will this have its return on investment, you know, me learning Cisco, CLI, how much return on investment does that have on my production floor versus me learning PLC language or drives or basics on electricity or, motor troubleshooting.
Brandon 39:40
Yeah, that's right. That's right. That's right. Yeah, the whole deal pneumatics, hydraulics, the whole deal, right? This is something that we have to do and, I don't care who you are. If there's, if there's an easy button, we like to push it, but we have to be confident that the easy button when we push it is going to do what we think it's going to do and it's going to work. And again, there's probably products out there that present themselves as easy buttons. But, and we, on the control side, we'll push them cellular modems and things of that nature. We'll push them, but that doesn't necessarily make IT's job easier. In fact, it makes their job more difficult and they are justified. It's justifiably so that they have to arrest those because they get fired if any malware or virus comes into the plant. They don't get fired if you don't make the truck, but they do get fired if something comes into the plant the way it shouldn't have.
Kyle 40:45
And just a little side bar, just what I thought of for a light bulb moment. Wireless in an IT environment. Pretty simple. We've all done it. We've done it at our houses. We've done it in office buildings.
Beth 41:02
Cars.
Kyle 41:03
Cars. I mean, you know, Wi-Fi. Now, because we don't have the noises and all the other electrical interferences, steel, Wi-Fi in an industrial environment is an engineered solution. Not only because of that, but also because what we talked about before, data. You know, I go from one Wi-Fi access point to another. You know, I get a little bit of a blip, it might hang up my phone call, something like that. I call them right back. Again, on, you know, you have your AGV, automated guided vehicle, going from one wireless access point to another. Can it recall? You know, can it...
Brandon 41:50
It can't forget where it is.
Kyle 41:52
Exactly.
Brandon 41:53
It's got a,.. Yeah, you're right.
Kyle 41:54
So, I mean, it's just, again, another aspect where, or a light bulb moment where the difference between IT and OT in a real-world environment. And where we've created those easy buttons in IT because it's an easier environment to deal with.
Beth 42:09
Yeah. It's very complex on the OT side.
Kyle 42:11
Industrial environments are different.
Brandon 42:14
OT is less forgiving. And IT is largely human, so we can, we probably need to be more forgiving at times, but we are, we can be more forgiving than on the OT side as far as the AGVs you bring up, the robots, the machines, the PLCs and all this kind of, they have to only run one way. And if anything, anything's out of kilter, they can't say, well, I'm in a pretty good mood today. I'm just going to ignore that. They have to shut down because now we're getting into a safety standpoint. And so, so it's a different, it's a different philosophy. It's a different operating thing. Well, Kyle, listen, this has been fantastic.
Kyle 42:57
Great conversation.
Brandon 42:59
Beth's going to have all kinds of stuff to...
Beth 43:01
Yeah. We'll have links in the show notes to all of the good stuff that, yes.
Kyle 43:06
Good nuggets.
Beth 43:07
Yes. So people can learn more and then if anybody wants to have Kyle come out to their facility and talk to them, then you call us and we'll hook you up with Kyle.
Brandon 43:19
Maybe we'll do a big webinar.
Kyle 43:22
Exactly.
Brandon 43:22
A lot of people want you. So certainly this is something that is important to everyone that's in the manufacturing. And of course, industrial automation that's what we talk around here. Hey lads, I want to thank you for sticking with us through 2023 and now into 2024. Remember if you want to work with us give us a call 865-409-1555 or our website www.elliTek.com. That's E -L -L -I -T -E -K.com. All right we ready to wrap it up?
Beth 43:54
Yeah sure thing. We're gonna have more than two episodes in 2024. I can promise you that.
Brandon 44:01
Well you've got the, you've got a voice for podcast.
Beth 44:04
You've got a great voice.
Brandon 44:06
Kyle I do appreciate you taking some time with us.
Kyle 44:09
Thank you very much.
Brandon 44:10
Thanks for joining us. We'll see you next time.
Brandon 44:14
Hey guys, thanks for checking out today's episode of "Industrial Automation - It Doesn't Have To..." I hope you enjoyed it. If so, make sure you give us a rating that's pretty doggone high and do that everywhere you listen, including Spotify and Apple Podcasts. We'd really appreciate it. Also, don't forget about our website. That's www.elliTek.com. That's e -l -l -i -t -e -k .com. If you want to reach out to us there, you can fill out our contact form. We'd appreciate it. Also, you can email us at info@elliTek.com. And certainly, for those of you that still like to dial the phone, give us a call, 865-409-1555. We'd love to hear from you.