Keao Caindec with Farallon Technology Group

Industrial Talk is onsite at the OMG Quarterly Standards Meeting and speaking with Keao Caindec, CEO and Principal Analyst with Farallon Technology Group about cybersecurity and how it's crucial for industrial companies to protect themselves. With the increasing reliance on internet-based technologies, it's more important than ever to have conversations about cybersecurity and collaborate with others in the industry to stay secure. Tune in to hear more about the importance of cybersecurity in the industrial world.

Finally, get your exclusive free access to the Industrial Academy and a series on “Why You Need To Podcast” for Greater Success in 2023. All links designed for keeping you current in this rapidly changing Industrial Market. Learn! Grow! Enjoy!

KEAO CAINDEC'S CONTACT INFORMATION:

Personal LinkedIn: https://www.linkedin.com/in/kcaindec/

Company LinkedIn: https://www.linkedin.com/company/farallon-technology-group/

Company Website: https://www.farallontech.com/

PODCAST VIDEO:

THE STRATEGIC REASON “WHY YOU NEED TO PODCAST”:

OTHER GREAT INDUSTRIAL RESOURCES:

NEOMhttps://www.neom.com/en-us

AI Dash: https://www.aidash.com/

Hitachi Vantara: https://www.hitachivantara.com/en-us/home.html

Industrial Marketing Solutions:  https://industrialtalk.com/industrial-marketing/

Industrial Academy: https://industrialtalk.com/industrial-academy/

Industrial Dojo: https://industrialtalk.com/industrial_dojo/

We the 15: https://www.wethe15.org/

YOUR INDUSTRIAL DIGITAL TOOLBOX:

LifterLMS: Get One Month Free for $1 – https://lifterlms.com/

Active Campaign: Active Campaign Link

Social Jukebox: https://www.socialjukebox.com/

Industrial Academy (One Month Free Access And One Free License For Future Industrial Leader):

Business Beatitude the Book

Do you desire a more joy-filled, deeply-enduring sense of accomplishment and success? Live your business the way you want to live with the BUSINESS BEATITUDES…The Bridge connecting sacrifice to success. YOU NEED THE BUSINESS BEATITUDES!

TAP INTO YOUR INDUSTRIAL SOUL, RESERVE YOUR COPY NOW! BE BOLD. BE BRAVE. DARE GREATLY AND CHANGE THE WORLD. GET THE BUSINESS BEATITUDES!

Reserve My Copy and My 25% Discount

PODCAST TRANSCRIPT:

SUMMARY KEYWORDS

security, industrial, industry, cybersecurity, document, conversation, device, technology, environments, companies, omg, brisket, collaborate, meeting, people, focused, absolutely, isf, best practices, embedded

00:04

Welcome to the industrial talk podcast with Scott Mackenzie. Scott is a passionate industry professional dedicated to transferring cutting edge industry focused innovations and trends while highlighting the men and women who keep the world moving. So put on your hard hat, grab your work boots, and let's go.

00:21

Alright, once again, thank you very much for joining industrial talk the number one industrial related podcast in the universe. Amazing. And it's called backed up by data.

00:30

Yes, it is. I read that report.

00:34

That was a good one. Well done, man. You just rolled right into it. You can tell he's great. All right. It is a platform dedicated to all industrial professionals around the world because you are bold, brave, you dare greatly you collaborate, you solve problems. You're making my life better. You're making the world a better place. That's what you're all about. Alright. Hey, hey, deck in the hot seat. Bear line? Is the company talking? Can I just say cyber cybersecurity? Absolutely. And then some around let's get cracking. It's a topic that needs more talking about. Absolutely, Scott, without a doubt, you having a good meeting? Just FYI, listeners, I said, I didn't know what to call it. But he said call it meeting. So I'm going to call it a meeting.

01:18

It's a great meeting. It's the Industry Internet Consortium is great group of people committed for a long time in helping industrial companies make sense of the internet internet-based technologies. And, and certainly cybersecurity is one of the most important things that we need to figure out and do well,

01:38

it needs to be it needs to be all of it. I mean, you got to have this conversation. I know everybody's interested in that, hey, how can I digitize my business? It's the right thing to think about. It's the right thing. But I find that there is a necessity to have more conversations around cybersecurity, you're gonna go down that road, got to have that conversation. And I think another area of real importance is where you're going to collaborate, because you don't have all the answers. And the OMG team, the body, the the organization and all of the participants. I'd say collaborate with them.

02:11

Absolutely. Absolutely. It's a great group, which is, you know, because they cover so many different areas, whether it's the digital twin group, part of OMG, the industry, internet. They they're covering a lot of great areas that are important that are overlapping.

02:29

Yeah, without a doubt, and I don't know, but you are here. I have to ask this. The name Farrell on technology group. Yes. What's the meaning behind that? Oh,

02:42

it's great Scot and so the Fairlawn islands are off the coast of San Francisco. Yeah, right. And the Fairlawn islands for for for years has been the breeding ground and for great white sharks. So over the years, it's been this place where seals birds have gone to roost and as a result, sharks come around. So when I formed Fairlawn years ago, more than 10 years ago, we decided to use the Fairlawn name because we felt that it was a great representation of the market, what's important security, and how, you know, you got to make a decision. Are you going to be a shark? Are you going to be a seal?

03:29

That's great, man. I knew it had a meeting. It was it's the ones that I say, hey, what does that mean? The URL URL is valuable. It's a mashing of words. And yeah, it's all good. All right, before we get into the conversation, give us the listeners a little 411 on who Keao is.

03:51

So I'm a longtime participant in the tech industry spent most of my career in telecommunications and networking cybersecurity. Fairlawn provides consulting to industrial companies and cybersecurity vendors. And our sweet spot is really helping companies to figure out what they should be doing to leverage embedded security, Industrial Security and and DevOps security which is really taking the technology down into the the more modern way of deploying and running applications

04:30

definition when we start talking about industrial security, embedded security define those please.

04:37

So unlike traditional security models, like things like firewalls or general enterprise monitoring, the industrial sector has a different environment. They have control systems and these control systems are running on equipment that control things like conveyor belts or pipelines and flow. They operate on oil rigs or in a food processing plant. But but they're typically a combination of old legacy equipment that's no longer supported, and also some modern robotics. So it takes a different way about thinking about security. And a different way of thinking about how you secure these things, all the way down into the core of the machine, which typically involves collaborating with silicon vendors, like Qualcomm and Intel, to secure everything down to the core.

05:47

And my challenge is always that in the world of cyber, in the world of what we're doing here, and the innovation that's taking place within industry, it's constantly changing. It's constantly evolving, you know, if you're one of many that come up with new use cases that you can apply, and then you got to create some, you know, whatever words around that and figure out how to protect that. And that's just a it's an amazing, what you guys do is, is amazing, it's just nothing short of amazing,

06:17

it is evolving at the same time. The majority of devices in industrial environments are more than 15 years old. So you have this big problem of, of, you know, the big headline of digital transformation and industry for Dotto are all great. But the reality is that companies need to advance but they also have this problem of they got a ton of old stuff that they need to protect.

06:49

So I had a conversation with FANUC. And they do the same thing. But from from a CNC perspective. So you have these embedded assets, these old assets, these old great machines, and then they can retrofit them to be more modern, but they still use it. And it's the same thing with you got these legacy embedded assets, that all you need to do is there's only Okay, let's let's tweak it, let's do it. Let's protect it. Let's you know, bring it up to today's standards. But anyway, so you're here at this meeting, the OMG meeting, I am queued for, did you go to q1?

07:24

I did. I went to 2123 and four curcumin,

07:28

I now hit the cycle.

07:31

It's and what a change from the first one where there were just a handful of us still trying to get used to the fact that you know, being close to humans again, to just being together. And last night. We had a great dinner with the team. It's just nice to be back

07:46

by the way. That was good. Yeah. That was it was quite the place. Yeah, it was great. It was a did you like the brisket.

07:54

I'm surprised I could stay awake walking home. I think I had so much brisket. Ribs is bad.

08:01

The competition here is stiff in the brisket. Because I somebody asked me You said, Hey, Scott, what brisket is better? I thought, well, how can you? It's all up here. I can't do it. I don't have that type of distinguishing palate of St. Right. Oh, okay. So smokers. Alright, so you're here at this meeting? And so what are you doing? What's

08:23

what's so I'm the, I'm the chairman of the security Working Group at the, at the IIC. So I work with a lot of great people, a lot of smart individuals with way more expertise than than me in a lot of interesting areas around security. So we work together to come up with guidance and help our membership to understand use cases that they care about around security. And, and we several times a year get together and face to face and make progress in a number of areas.

09:04

How does how does your organization how do you? How does your group handle the constantly changing environment out there? From a threat perspective from what's taking place? A we found something new over here, oh, here's some news that this wasn't good, whatever. And how do you when you bring it in? And you're saying okay, I hear you. This is how we're going to address it as an organization.

09:28

Right. You know, it's it's a constant battle, for example. We've just updated a big the, what we call the ISF, the industry, Internet of Things security framework, 150 Plus page document that goes through security and how to think about security within industrial environments. And it was originally published in 2016. And we're finally refreshing it, right so it's is taking a long time because it's been this constant challenge of trying to keep up and update it. But oh, we've got to add this other thing. Oh, we've got to add this other thing. Right. So that's updated now much more modern, which is terrific. And we hope we hope folks will take advantage of that. At the same time, we're shifting our our efforts to focus more on best practices, documents that are easier to consume that are focused on specific use cases that folks care about in in specific industries and technology use cases.

10:37

The document that you're I think you were talking about, is this the document will be finalized, I guess, for publication in the first part of January. That's right. And I can go to OMG. Say, Hey, I want to download it. That's right. There's my email address.

10:55

Well, you would go to AI Consortium. RG.

10:59

See, this is confusing, just FYI. Because it so I can I just have to know that I've got to go to ai consortium.org. Boom, find it. Download it.

11:12

Exactly. Yep.

11:14

So we have these, this document. It's up to date. I don't know how you guys. Because right when it gets published, right? There's new stuff that has to be included. There is

11:25

Yeah. But you know, this was some of the major updates to it had to do with just modernizing the way we think about computing. So originally, when this was written, we didn't include things like enough about cloud and cloud and environments or containers. IoT devices, were obviously in there. But we didn't get down to the level of depth of how all of those things work together. And so we modernized a lot of that language, we also spent a lot more time thinking about how we how we help companies to understand and how they could embed security into those devices and environments, how to onboard devices, how to manage device security, the data flows between different devices. So there's quite a bit that went into it. It's, it's, it took a long time, but I have to say it's a it's a great document and really valuable.

12:26

I see I truly can appreciate what you do, and others within IIC to truly ferret it out and create something of real value and benefit to the industrial community. I mean, cuz you guys, it's like, here's a point, but you guys debate it. And you bring in all of that knowledge that you guys all have from your work your business, and be able to hone that I just think it's a fabulous document. Now when we start talking about best practice, what does that mean? You said, Beck's best practice document or whatever? Like, Hi, I'm in manufacturing, I could just sort of pull that off of I consortium.org.

13:09

Yeah, exactly. We can you know that you can think of it as several documents that all work together. On the one hand, you have the industry, internet, reference architecture, kind of looking holistically at an overall architecture for for industrial technologies. And then you have the ISF that treat security and how you should think about security, the best practices, documents for security, focus on specific things like how should I think about endpoint IoT endpoint security? How do I think about device onboarding? And huge right, and, and, you know, how do I embed security onto a device that's, that's brand new that I'm creating, right? And organizations can figure that out on their own. But what this does is it provides them with a way to more quickly get started to, to do what they need to do. And to know that this is based on best practices.

14:10

See, it's always from what I hear is that it's always a people equation, because this is what happens out in the field. I want to digitize that asset. I got a device right there, right. I just bought this device. And they're making it so easy to sort of connect now. Right? Here's a magnet I just stick it on that motor, I'm good to go. But nobody, it despite a go. And this starts spitting data, right? Hey, check it out. Realize that that's could be compromised. Right. Exactly. And I love the fact that you do that. And that's just a change in the theory because,

14:48

well, you know, we're trying to make it easier for device manufacturers to do the right thing. Right. And oftentimes, they're so focused on delivering a product that does In a certain thing, they're focused more on the features, and the security gets bolted on later. Well, what the IIC is doing is creating, creating documents and guidance that just make it much easier for these developers, device developers, OEMs industrial operators, to just implement security the way it needs to be implemented to keep their operation, you bring

15:23

up a good point. And that point is one. It's not just me operations guy that recognizes the necessity. By the way, that guy was really kind and he's walking by real quietly. Anyway, that recognizes the necessity to secure the environment. And I want to do it right. That's one that's me, operations guy. But then you're also allowing for the developers of these devices that add value, but also be able to have that conversation. Hey, you got to bake it. And you got to do this. Yeah, there's some there's some best practices around that too.

16:00

Right. Right. It's a real ecosystem. It is play, right? Because you have the device manufacturers, you have the operators. And then you have all of the other participants within the ecosystem could be service providers. So for example, if you think about Evie, charging, right, everyone's got an electric car, let's say driving all over the place, right? Well, now you need to charge them. So how does that work, you have an Eevee charging station. Those Evie charging stations have purpose built. Filling, basically, you know, device to connect to your car, it's got all the technology inside, you have a service provider, that's going to be billing you for for for that, that power, for the recharge, and then you have the automobile manufacturers, and all of the technology within the automobile. So all of that has to work together from a security perspective. So that you know that the owner, the car, the the owner of the of that station, charging station, and the service provider, that is billing, you all can trust each other. Right? So that's, that's where documents like what we put together, help the industry to get there faster so that they can monetize whatever business they're trying to monetize, you

17:28

find possibly that the world is not getting the world is getting far more complex. Oh, yeah, it's just do you find people just saying I just there's no, I know that this is happening in manufacturing, where it's like, Hey, I gotta go down this road, if I want to make this manufacturing facility better, but I just don't I just not into it. It's just too complex. And it's, it's next level stuff. And then it's like the learning curve is upside down. And it's not even a curve, it's upside down. So there's like a high,

18:00

you know, I think people could, and it's kind of like, you know, some some sort of great story that's been written, right? Which is, okay, I'm just bouncing along, going along. And then something happens, oh, I've got to do this thing, right. But it becomes so complex. So the story ends up being about, okay, what do they do from that point? Do they say it's too complex and shy away? Or do they keep going? Or do they fix the problem? I think what what we see happening far too often is they don't shy away from the complexity, but they avoid it. Oh, that's interesting, right? They focus on, hey, let's just get it done. And let's make it work.

18:44

That's probably the conversation I would have. It's like, LP. Let me I'm at 30,000 feet and it looks like and needed to get it done.

18:51

Right. Exactly. So that's and when it comes to security. That is what we're trying to help avoid. We want to simplify it and make it easy so that more companies can adopt best practice.

19:04

I think you've just touched on something that if you if you can make it approachable, simple, you know, and I'm not I'm not expelling so much of my gray matter calories to try to figure it out. And I think that that's that's key, right? It's not a it's not a slap or slide on people but you guys are smart. And it's hard sometimes to bring it to my level where I can understand it and scratch my head and understand the noodle and

19:32

yeah, I mean, you know, when you get down into the weeds, it all becomes more more you have acronyms C of acronyms. But if you live in the sea, we're trying to make it just a little bit more bearable.

19:47

You never disappoint. So, how do people get a hold of you there? Yeah,

19:54

they can reach me at K cane det KCA i n d c At Fairlawn tech.com or just visit us at Farrell on tech.com.

20:05

I got his car here. So all of his contact information will be out on industrial talk because I like to backlink everything now. That's what I do.

20:13

So great. So great to see you again.

20:16

It was right I was so excited. There he is the legend just walked on by man so giddy with my life is so small because I have a lot of trading cards with your face and others. It's like y'all Yeah, kale. You know, that's my pathetic alright listeners. That's Keao reach out to him. Industrial talk is where his contact information of course, you're out there on LinkedIn.

20:42

Absolutely. Yeah. Up on LinkedIn. Yeah. Always a pleasure, Scott.

20:46

Always without a doubt. All right, listeners, we're gonna wrap it up on their side. Stay tuned, we will be right back.

20:52

You're listening to the industrial talk Podcast Network.

20:57

Always a pleasure to hang out with Keao out he brings the insights, he brings the skills mad skills around cybersecurity and insights and what in this digital transformation, you need to reach out to trusted individuals k out, definitely put that one up at the top of the list. Farallon is the company, his stat card out on industry or LinkedIn is absolutely spectacular, you will not be disappointed. I'm pointing at it right now. Now also, he mentioned up now a report a a standard that has been submitted particularly this, this month, go out to OMG find it, get more information. And the reality is, is that if you're in industry, industry, period, I don't care where you're at in industry, you need to be mindful of cybersecurity, that has to be up front and you need once again, connect with people ik out. I mean, it's so important because we want you to succeed, we don't want you to get frustrated, and what is being offered through paralon as well as OMG exceptional standards, a great place to start on your cyber security journey. All right, we're gonna have a lot more conversation coming from this, this meeting this OMG meeting, and I'm telling you, it's gonna blow your mind it again, I'm always dazzled by the conversations at these events. So thank you for joining. Thank you for your support. It's going to be a great year. We're going to be back. Hang tight. Another great conversation shortly.

Transcript

00:04

Welcome to the industrial talk podcast with Scott Mackenzie. Scott is a passionate industry professional dedicated to transferring cutting edge industry focused innovations and trends while highlighting the men and women who keep the world moving. So put on your hard hat, grab your work boots, and let's go.

00:21

Alright, once again, thank you very much for joining industrial talk the number one industrial related podcast in the universe. Amazing. And it's called backed up by data.

00:30

Yes, it is. I read that report.

00:34

That was a good one. Well done, man. You just rolled right into it. You can tell he's great. All right. It is a platform dedicated to all industrial professionals around the world because you are bold, brave, you dare greatly you collaborate, you solve problems. You're making my life better. You're making the world a better place. That's what you're all about. Alright. Hey, hey, deck in the hot seat. Bear line? Is the company talking? Can I just say cyber cybersecurity? Absolutely. And then some around let's get cracking. It's a topic that needs more talking about. Absolutely, Scott, without a doubt, you having a good meeting? Just FYI, listeners, I said, I didn't know what to call it. But he said call it meeting. So I'm going to call it a meeting.

01:18

It's a great meeting. It's the Industry Internet Consortium is great group of people committed for a long time in helping industrial companies make sense of the internet internet-based technologies. And, and certainly cybersecurity is one of the most important things that we need to figure out and do well,

01:38

it needs to be it needs to be all of it. I mean, you got to have this conversation. I know everybody's interested in that, hey, how can I digitize my business? It's the right thing to think about. It's the right thing. But I find that there is a necessity to have more conversations around cybersecurity, you're gonna go down that road, got to have that conversation. And I think another area of real importance is where you're going to collaborate, because you don't have all the answers. And the OMG team, the body, the the organization and all of the participants. I'd say collaborate with them.

02:11

Absolutely. Absolutely. It's a great group, which is, you know, because they cover so many different areas, whether it's the digital twin group, part of OMG, the industry, internet. They they're covering a lot of great areas that are important that are overlapping.

02:29

Yeah, without a doubt, and I don't know, but you are here. I have to ask this. The name Farrell on technology group. Yes. What's the meaning behind that? Oh,

02:42

it's great Scot and so the Fairlawn islands are off the coast of San Francisco. Yeah, right. And the Fairlawn islands for for for years has been the breeding ground and for great white sharks. So over the years, it's been this place where seals birds have gone to roost and as a result, sharks come around. So when I formed Fairlawn years ago, more than 10 years ago, we decided to use the Fairlawn name because we felt that it was a great representation of the market, what's important security, and how, you know, you got to make a decision. Are you going to be a shark? Are you going to be a seal?

03:29

That's great, man. I knew it had a meeting. It was it's the ones that I say, hey, what does that mean? The URL URL is valuable. It's a mashing of words. And yeah, it's all good. All right, before we get into the conversation, give us the listeners a little 411 on who Keao is.

03:51

So I'm a longtime participant in the tech industry spent most of my career in telecommunications and networking cybersecurity. Fairlawn provides consulting to industrial companies and cybersecurity vendors. And our sweet spot is really helping companies to figure out what they should be doing to leverage embedded security, Industrial Security and and DevOps security which is really taking the technology down into the the more modern way of deploying and running applications

04:30

definition when we start talking about industrial security, embedded security define those please.

04:37

So unlike traditional security models, like things like firewalls or general enterprise monitoring, the industrial sector has a different environment. They have control systems and these control systems are running on equipment that control things like conveyor belts or pipelines and flow. They operate on oil rigs or in a food processing plant. But but they're typically a combination of old legacy equipment that's no longer supported, and also some modern robotics. So it takes a different way about thinking about security. And a different way of thinking about how you secure these things, all the way down into the core of the machine, which typically involves collaborating with silicon vendors, like Qualcomm and Intel, to secure everything down to the core.

05:47

And my challenge is always that in the world of cyber, in the world of what we're doing here, and the innovation that's taking place within industry, it's constantly changing. It's constantly evolving, you know, if you're one of many that come up with new use cases that you can apply, and then you got to create some, you know, whatever words around that and figure out how to protect that. And that's just a it's an amazing, what you guys do is, is amazing, it's just nothing short of amazing,

06:17

it is evolving at the same time. The majority of devices in industrial environments are more than 15 years old. So you have this big problem of, of, you know, the big headline of digital transformation and industry for Dotto are all great. But the reality is that companies need to advance but they also have this problem of they got a ton of old stuff that they need to protect.

06:49

So I had a conversation with FANUC. And they do the same thing. But from from a CNC perspective. So you have these embedded assets, these old assets, these old great machines, and then they can retrofit them to be more modern, but they still use it. And it's the same thing with you got these legacy embedded assets, that all you need to do is there's only Okay, let's let's tweak it, let's do it. Let's protect it. Let's you know, bring it up to today's standards. But anyway, so you're here at this meeting, the OMG meeting, I am queued for, did you go to q1?

07:24

I did. I went to 2123 and four curcumin,

07:28

I now hit the cycle.

07:31

It's and what a change from the first one where there were just a handful of us still trying to get used to the fact that you know, being close to humans again, to just being together. And last night. We had a great dinner with the team. It's just nice to be back

07:46

by the way. That was good. Yeah. That was it was quite the place. Yeah, it was great. It was a did you like the brisket.

07:54

I'm surprised I could stay awake walking home. I think I had so much brisket. Ribs is bad.

08:01

The competition here is stiff in the brisket. Because I somebody asked me You said, Hey, Scott, what brisket is better? I thought, well, how can you? It's all up here. I can't do it. I don't have that type of distinguishing palate of St. Right. Oh, okay. So smokers. Alright, so you're here at this meeting? And so what are you doing? What's

08:23

what's so I'm the, I'm the chairman of the security Working Group at the, at the IIC. So I work with a lot of great people, a lot of smart individuals with way more expertise than than me in a lot of interesting areas around security. So we work together to come up with guidance and help our membership to understand use cases that they care about around security. And, and we several times a year get together and face to face and make progress in a number of areas.

09:04

How does how does your organization how do you? How does your group handle the constantly changing environment out there? From a threat perspective from what's taking place? A we found something new over here, oh, here's some news that this wasn't good, whatever. And how do you when you bring it in? And you're saying okay, I hear you. This is how we're going to address it as an organization.

09:28

Right. You know, it's it's a constant battle, for example. We've just updated a big the, what we call the ISF, the industry, Internet of Things security framework, 150 Plus page document that goes through security and how to think about security within industrial environments. And it was originally published in 2016. And we're finally refreshing it, right so it's is taking a long time because it's been this constant challenge of trying to keep up and update it. But oh, we've got to add this other thing. Oh, we've got to add this other thing. Right. So that's updated now much more modern, which is terrific. And we hope we hope folks will take advantage of that. At the same time, we're shifting our our efforts to focus more on best practices, documents that are easier to consume that are focused on specific use cases that folks care about in in specific industries and technology use cases.

10:37

The document that you're I think you were talking about, is this the document will be finalized, I guess, for publication in the first part of January. That's right. And I can go to OMG. Say, Hey, I want to download it. That's right. There's my email address.

10:55

Well, you would go to AI Consortium. RG.

10:59

See, this is confusing, just FYI. Because it so I can I just have to know that I've got to go to ai consortium.org. Boom, find it. Download it.

11:12

Exactly. Yep.

11:14

So we have these, this document. It's up to date. I don't know how you guys. Because right when it gets published, right? There's new stuff that has to be included. There is

11:25

Yeah. But you know, this was some of the major updates to it had to do with just modernizing the way we think about computing. So originally, when this was written, we didn't include things like enough about cloud and cloud and environments or containers. IoT devices, were obviously in there. But we didn't get down to the level of depth of how all of those things work together. And so we modernized a lot of that language, we also spent a lot more time thinking about how we how we help companies to understand and how they could embed security into those devices and environments, how to onboard devices, how to manage device security, the data flows between different devices. So there's quite a bit that went into it. It's, it's, it took a long time, but I have to say it's a it's a great document and really valuable.

12:26

I see I truly can appreciate what you do, and others within IIC to truly ferret it out and create something of real value and benefit to the industrial community. I mean, cuz you guys, it's like, here's a point, but you guys debate it. And you bring in all of that knowledge that you guys all have from your work your business, and be able to hone that I just think it's a fabulous document. Now when we start talking about best practice, what does that mean? You said, Beck's best practice document or whatever? Like, Hi, I'm in manufacturing, I could just sort of pull that off of I consortium.org.

13:09

Yeah, exactly. We can you know that you can think of it as several documents that all work together. On the one hand, you have the industry, internet, reference architecture, kind of looking holistically at an overall architecture for for industrial technologies. And then you have the ISF that treat security and how you should think about security, the best practices, documents for security, focus on specific things like how should I think about endpoint IoT endpoint security? How do I think about device onboarding? And huge right, and, and, you know, how do I embed security onto a device that's, that's brand new that I'm creating, right? And organizations can figure that out on their own. But what this does is it provides them with a way to more quickly get started to, to do what they need to do. And to know that this is based on best practices.

14:10

See, it's always from what I hear is that it's always a people equation, because this is what happens out in the field. I want to digitize that asset. I got a device right there, right. I just bought this device. And they're making it so easy to sort of connect now. Right? Here's a magnet I just stick it on that motor, I'm good to go. But nobody, it despite a go. And this starts spitting data, right? Hey, check it out. Realize that that's could be compromised. Right. Exactly. And I love the fact that you do that. And that's just a change in the theory because,

14:48

well, you know, we're trying to make it easier for device manufacturers to do the right thing. Right. And oftentimes, they're so focused on delivering a product that does In a certain thing, they're focused more on the features, and the security gets bolted on later. Well, what the IIC is doing is creating, creating documents and guidance that just make it much easier for these developers, device developers, OEMs industrial operators, to just implement security the way it needs to be implemented to keep their operation, you bring

15:23

up a good point. And that point is one. It's not just me operations guy that recognizes the necessity. By the way, that guy was really kind and he's walking by real quietly. Anyway, that recognizes the necessity to secure the environment. And I want to do it right. That's one that's me, operations guy. But then you're also allowing for the developers of these devices that add value, but also be able to have that conversation. Hey, you got to bake it. And you got to do this. Yeah, there's some there's some best practices around that too.

16:00

Right. Right. It's a real ecosystem. It is play, right? Because you have the device manufacturers, you have the operators. And then you have all of the other participants within the ecosystem could be service providers. So for example, if you think about Evie, charging, right, everyone's got an electric car, let's say driving all over the place, right? Well, now you need to charge them. So how does that work, you have an Eevee charging station. Those Evie charging stations have purpose built. Filling, basically, you know, device to connect to your car, it's got all the technology inside, you have a service provider, that's going to be billing you for for for that, that power, for the recharge, and then you have the automobile manufacturers, and all of the technology within the automobile. So all of that has to work together from a security perspective. So that you know that the owner, the car, the the owner of the of that station, charging station, and the service provider, that is billing, you all can trust each other. Right? So that's, that's where documents like what we put together, help the industry to get there faster so that they can monetize whatever business they're trying to monetize, you

17:28

find possibly that the world is not getting the world is getting far more complex. Oh, yeah, it's just do you find people just saying I just there's no, I know that this is happening in manufacturing, where it's like, Hey, I gotta go down this road, if I want to make this manufacturing facility better, but I just don't I just not into it. It's just too complex. And it's, it's next level stuff. And then it's like the learning curve is upside down. And it's not even a curve, it's upside down. So there's like a high,

18:00

you know, I think people could, and it's kind of like, you know, some some sort of great story that's been written, right? Which is, okay, I'm just bouncing along, going along. And then something happens, oh, I've got to do this thing, right. But it becomes so complex. So the story ends up being about, okay, what do they do from that point? Do they say it's too complex and shy away? Or do they keep going? Or do they fix the problem? I think what what we see happening far too often is they don't shy away from the complexity, but they avoid it. Oh, that's interesting, right? They focus on, hey, let's just get it done. And let's make it work.

18:44

That's probably the conversation I would have. It's like, LP. Let me I'm at 30,000 feet and it looks like and needed to get it done.

18:51

Right. Exactly. So that's and when it comes to security. That is what we're trying to help avoid. We want to simplify it and make it easy so that more companies can adopt best practice.

19:04

I think you've just touched on something that if you if you can make it approachable, simple, you know, and I'm not I'm not expelling so much of my gray matter calories to try to figure it out. And I think that that's that's key, right? It's not a it's not a slap or slide on people but you guys are smart. And it's hard sometimes to bring it to my level where I can understand it and scratch my head and understand the noodle and

19:32

yeah, I mean, you know, when you get down into the weeds, it all becomes more more you have acronyms C of acronyms. But if you live in the sea, we're trying to make it just a little bit more bearable.

19:47

You never disappoint. So, how do people get a hold of you there? Yeah,

19:54

they can reach me at K cane det KCA i n d c At Fairlawn tech.com or just visit us at Farrell on tech.com.

20:05

I got his car here. So all of his contact information will be out on industrial talk because I like to backlink everything now. That's what I do.

20:13

So great. So great to see you again.

20:16

It was right I was so excited. There he is the legend just walked on by man so giddy with my life is so small because I have a lot of trading cards with your face and others. It's like y'all Yeah, kale. You know, that's my pathetic alright listeners. That's Keao reach out to him. Industrial talk is where his contact information of course, you're out there on LinkedIn.

20:42

Absolutely. Yeah. Up on LinkedIn. Yeah. Always a pleasure, Scott.

20:46

Always without a doubt. All right, listeners, we're gonna wrap it up on their side. Stay tuned, we will be right back.

20:52

You're listening to the industrial talk Podcast Network.

20:57

Always a pleasure to hang out with Keao out he brings the insights, he brings the skills mad skills around cybersecurity and insights and what in this digital transformation, you need to reach out to trusted individuals k out, definitely put that one up at the top of the list. Farallon is the company, his stat card out on industry or LinkedIn is absolutely spectacular, you will not be disappointed. I'm pointing at it right now. Now also, he mentioned up now a report a a standard that has been submitted particularly this, this month, go out to OMG find it, get more information. And the reality is, is that if you're in industry, industry, period, I don't care where you're at in industry, you need to be mindful of cybersecurity, that has to be up front and you need once again, connect with people ik out. I mean, it's so important because we want you to succeed, we don't want you to get frustrated, and what is being offered through paralon as well as OMG exceptional standards, a great place to start on your cyber security journey. All right, we're gonna have a lot more conversation coming from this, this meeting this OMG meeting, and I'm telling you, it's gonna blow your mind it again, I'm always dazzled by the conversations at these events. So thank you for joining. Thank you for your support. It's going to be a great year. We're going to be back. Hang tight. Another great conversation shortly.

About the author, Scott

I am Scott MacKenzie, husband, father, and passionate industry educator. From humble beginnings as a lathing contractor and certified journeyman/lineman to an Undergraduate and Master’s Degree in Business Administration, I have applied every aspect of my education and training to lead and influence. I believe in serving and adding value wherever I am called.

Leave a Comment





This site uses Akismet to reduce spam. Learn how your comment data is processed.