1 00:00:05,759 --> 00:00:09,880 Could somebody like Russia hack into John Deere and turn off the tractors here in 2 00:00:09,839 --> 00:00:13,679 the United States, And unfortunately the answer is probably not the answer you want 3 00:00:13,679 --> 00:00:28,920 to hear. Welcome everyone to the Industrial Security Podcast. My name is Nate 4 00:00:29,000 --> 00:00:34,159 Nelson. I'm here with Andrew Ginter, the vice president of Industrial Security at 5 00:00:34,200 --> 00:00:38,640 Waterfall Security Solutions, who's going to introduce the subject and guest of our shows 6 00:00:38,640 --> 00:00:42,359 today. Andrew, has it gone. I'm very well, Thank you, 7 00:00:42,439 --> 00:00:47,159 Nate. Our guest today is Marcus Sucks. He is the deputy director for 8 00:00:47,320 --> 00:00:53,840 Research at the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University, 9 00:00:54,159 --> 00:00:57,119 and he's going to be talking about sort of his latest interest. He's been 10 00:00:57,119 --> 00:00:59,920 in the field a long time. He's going to be talking about food. 11 00:01:00,079 --> 00:01:04,519 Do everything from agriculture to food and beverage manufacturing all the way to restaurants. 12 00:01:06,120 --> 00:01:10,319 All right, sounds interesting enough. Let's listen into your conversation with Marcus. 13 00:01:12,120 --> 00:01:17,319 Hello, Mark, and welcome to the podcast. Before we get started, 14 00:01:17,400 --> 00:01:21,359 can I ask you to tell our listeners a little bit about yourself and about 15 00:01:21,359 --> 00:01:25,000 the good work that you're doing at Auburn University. Well, hello, Andrew, 16 00:01:25,200 --> 00:01:27,760 and great to be with you today. I really appreciate taking the time 17 00:01:27,799 --> 00:01:33,200 and to be able to talk to your audience. So I'm at Auburn University, 18 00:01:33,400 --> 00:01:37,599 been here about three years, and we have two locations. There's the 19 00:01:37,640 --> 00:01:42,120 main Auburn campus that's in east central Alabama, and then up here in Huntsville, 20 00:01:42,120 --> 00:01:46,319 which is North Alabama, which is where I sit, and we're in 21 00:01:46,319 --> 00:01:51,439 the shadow of the big rocket that we have here that sits alongside the highway, 22 00:01:51,439 --> 00:01:55,159 part of the Redstone Arsenal and the space programs and things that go on 23 00:01:55,280 --> 00:02:00,400 here. So Auburn's very interested in critical infrastructure protection from several angles. And 24 00:02:00,439 --> 00:02:07,439 I'm a member of what's called the mccrarrie Institute for Cyber and Critical Infrastructure Security. 25 00:02:07,159 --> 00:02:10,240 There are three of us up here in Huntsville, and of course we're 26 00:02:10,240 --> 00:02:15,879 working with the people here mostly on applied research. So the things that we're 27 00:02:15,919 --> 00:02:20,800 studying on campus, working with students and professors, we're on the theoretical side, 28 00:02:21,280 --> 00:02:24,639 we can apply them here to the audience that's here in the Huntsville Redstone 29 00:02:24,680 --> 00:02:29,800 area. There's also a team in Washington that works the policy side, so 30 00:02:29,840 --> 00:02:32,360 they're very well integrated with the White House. And Defense Department, Congress and 31 00:02:32,400 --> 00:02:38,919 others. So literally between those three like a three legged stool. Two organizations 32 00:02:38,919 --> 00:02:44,080 in Alabama, one up in Washington. We cover the playing field pretty well 33 00:02:44,680 --> 00:02:51,759 from policy theory and practical application. So what got me here. We were 34 00:02:51,840 --> 00:02:53,439 living in the DC area. I was there for about twenty two years. 35 00:02:53,840 --> 00:02:58,120 Decided to move to Alabama about four or five years ago, and I've had 36 00:02:58,120 --> 00:03:00,319 an old relationship with Auburn. When they heard I moved here, they said, 37 00:03:00,319 --> 00:03:02,879 hey, you need to come join us because what I was doing in 38 00:03:02,960 --> 00:03:08,039 Washington for over two decades was critical infrastructure protection. So we had moved there 39 00:03:08,080 --> 00:03:10,400 back in nineteen ninety eight. I was a military move. I was in 40 00:03:10,400 --> 00:03:15,800 the Army at the time, and it was to create an organization to defend 41 00:03:15,240 --> 00:03:22,319 the Defense Department's networks from ongoing intrusions coming from foreign countries, so as well 42 00:03:22,319 --> 00:03:27,159 before there was a cyber command, and we began to develop the first concepts 43 00:03:27,159 --> 00:03:30,400 of how you actually do this, how you would defend this big global network. 44 00:03:30,759 --> 00:03:35,080 Along the way, Y two K happened, and of course September eleventh 45 00:03:35,120 --> 00:03:38,680 happened, which was a physical attack versus a cyber attack, but lots of 46 00:03:38,759 --> 00:03:45,280 lessons learned about the integration of the critical infrastructure. So after retiring from the 47 00:03:45,360 --> 00:03:46,599 Army, I spent a couple of years at the White House working in the 48 00:03:46,680 --> 00:03:52,800 National Security Council, and then went on to work for Stanford Research for a 49 00:03:52,800 --> 00:03:55,400 while. Then did quite a long time, almost a decade at Verizon doing 50 00:03:55,479 --> 00:04:00,719 national security work in the communications sector. Was the chief security officer for about 51 00:04:00,759 --> 00:04:04,439 three years at NURK in the power world, so that's the North American power 52 00:04:04,439 --> 00:04:10,840 grid including Canada, US and Mexico. And then did a little time with 53 00:04:10,919 --> 00:04:14,719 some startups, just kind of playing in that world. And after moving here 54 00:04:14,719 --> 00:04:17,959 to Alabama, and I've owned a farm for a number of years, and 55 00:04:18,000 --> 00:04:23,839 when we got here to Alabama, the food and agricultural sector is one of 56 00:04:23,879 --> 00:04:28,519 the sixteen critical infrastructure sectors. I began asking simple questions of what are we 57 00:04:28,560 --> 00:04:30,639 doing to protect this sector. I knew all about comms, knew all about 58 00:04:30,800 --> 00:04:36,560 power and it and things like that, and I really very few answers, 59 00:04:36,800 --> 00:04:41,240 and so that got me inspired. And we've been doing a lot of work 60 00:04:41,279 --> 00:04:43,680 now to try and figure out, Okay, what can we do, what 61 00:04:43,759 --> 00:04:47,920 can the Meccrari Institute do to help push the needle a little bit to get 62 00:04:47,959 --> 00:04:54,519 more security into the food and agricultural sector. And the more we began working 63 00:04:54,600 --> 00:05:00,879 with dairy and beef and forestry, poultry and fisheries, all the things where 64 00:05:00,879 --> 00:05:05,639 the food comes from, and then going up through the production of food in 65 00:05:06,399 --> 00:05:13,360 say like the chicken poultry plants, or beef producers, or grainaries, canneries, 66 00:05:13,639 --> 00:05:17,519 and then all the way to restaurants, grocery stores, commissaries and so 67 00:05:17,600 --> 00:05:26,240 forth. It's a highly integrated world, very computerized, very industrialized, but 68 00:05:26,399 --> 00:05:30,560 not a lot of understanding about the security threats from a computer or cyber world. 69 00:05:30,800 --> 00:05:35,800 And of course lots of industrial systems, lots of control systems, lots 70 00:05:35,800 --> 00:05:41,079 of the same words we see in regular production in other sectors are also there 71 00:05:41,199 --> 00:05:45,480 in the food industry. So that's become a bit of a focus of mind, 72 00:05:45,519 --> 00:05:48,279 along with continuing to work with power and comms in other areas. So 73 00:05:48,360 --> 00:05:53,240 there there's a nice short answer as to what we're doing here at Auburn. 74 00:05:54,120 --> 00:05:58,879 Wow. So that's a lot of responsibility over the years. Well, bluntly, 75 00:05:58,879 --> 00:06:03,439 i'm impressed, good job, thank you for your leadership. But we're 76 00:06:03,480 --> 00:06:10,360 here talking about your most recent interest the agricultural sector. You know the critical 77 00:06:10,360 --> 00:06:15,680 infrastructure of producing food. And you know, thirty forty long time ago, 78 00:06:16,120 --> 00:06:19,800 I was a young man. I was raised on a farm, and back 79 00:06:19,839 --> 00:06:27,040 then, we had trucks that had analog controls. There were no computers in 80 00:06:27,079 --> 00:06:31,160 the trucks back then. There you know, we had tractors where you know, 81 00:06:31,199 --> 00:06:34,519 they steered because you moved the steering roll and there was a mechanical linkage. 82 00:06:35,639 --> 00:06:41,480 You know, we we we did things in a sense. What what 83 00:06:41,600 --> 00:06:47,920 I now understand is the old way. What does sort of the the big 84 00:06:48,000 --> 00:06:55,920 end, the majority of food production look like today. Well, the good 85 00:06:56,000 --> 00:07:01,000 news is those tractors are still there, so we haven't completely gone to a 86 00:07:01,240 --> 00:07:04,759 robotic system where there's no farmer. So you can still ride around in your 87 00:07:04,879 --> 00:07:10,319 Cabota or your whatever, your favorite tractor John Deere, et cetera. But 88 00:07:10,800 --> 00:07:15,920 like with any technology, those mechanical devices, they've been evolving and as the 89 00:07:15,959 --> 00:07:20,360 engines have gotten better, you know, we added electronics to them decades ago. 90 00:07:20,480 --> 00:07:25,560 We've we've added computer systems to them. The big change, probably in 91 00:07:25,600 --> 00:07:29,879 the last decade or so, is the connectivity of the tractor. We'll just 92 00:07:29,879 --> 00:07:33,519 focus on a tractor for now. When the farmers up in his tractor. 93 00:07:33,879 --> 00:07:38,600 Let's assume it's a nice and closed one that's heated into when it's cold or 94 00:07:38,639 --> 00:07:42,439 air conditioned when it's hot. In front of you. Sits a whole control 95 00:07:42,480 --> 00:07:47,040 system that, on the high end very well connected. It's it's got satellite 96 00:07:47,079 --> 00:07:51,199 connectivity, or it could have groundcover four G, five G, you know, 97 00:07:51,319 --> 00:07:57,120 LTE type stuff through your carriers. There could also be sensors across the 98 00:07:57,199 --> 00:08:01,680 farm. The even bigger farms, the ones that are thousands of acres in 99 00:08:01,720 --> 00:08:05,279 size, might have their own private grid of communications that the machines can talk 100 00:08:05,319 --> 00:08:09,600 to. In addition to the commercial satellites and so forth. What comes through 101 00:08:09,639 --> 00:08:16,279 there the machine itself might be getting information could be real time agricultural information from 102 00:08:16,319 --> 00:08:22,519 overhead satellites, things about soil conditions, things about wind direction, if you're 103 00:08:22,519 --> 00:08:26,600 spraying. Just about anything environmental can now be done real time versus estimating or 104 00:08:26,639 --> 00:08:31,160 guessing. And in fact, the higher end machines. If you think about 105 00:08:31,160 --> 00:08:35,960 a tractor that's pulling a sprayer or pulling some sort of applicator behind it, 106 00:08:35,559 --> 00:08:39,360 we could be throwing out seeds, We could be throwing out fertilizer. We 107 00:08:39,360 --> 00:08:43,039 could be throwing out a weedkiller. Each of those nozzles or each of those 108 00:08:43,759 --> 00:08:48,240 little rows where the seeds are going into. They can now be finely controlled 109 00:08:48,279 --> 00:08:52,399 so that we only apply the fertilizer where the fertilizer is needed, or we 110 00:08:52,440 --> 00:08:58,039 only apply the weed killer where it's needed. Rather than just broadcasting uniformly, 111 00:08:58,799 --> 00:09:05,200 it's being sprayed very precisely. And that's developed this term known as precision agriculture 112 00:09:05,320 --> 00:09:09,879 or precision farming. And you'll hear that term precision used in lots of places 113 00:09:09,919 --> 00:09:15,279 because that accurately determines or describes rather what's going on. And you can think 114 00:09:15,279 --> 00:09:18,799 about the economic impact here. The cost of running a farm, the cost 115 00:09:18,799 --> 00:09:22,960 of food production is brought down if you can be more precise with where you 116 00:09:24,000 --> 00:09:26,720 put your seeds, where you put your fertilizer, where you put your weed 117 00:09:26,799 --> 00:09:31,080 killers, and other things you might be applying. It also allows for better 118 00:09:31,159 --> 00:09:35,879 input of data into the system. As you're collecting data about what's going on 119 00:09:35,679 --> 00:09:39,320 at harvest time, the yield that's coming out of the field is much better, 120 00:09:41,720 --> 00:09:46,000 not just estimated, but direct data collected. We can now track grains, 121 00:09:46,080 --> 00:09:50,720 We can track things coming out of that farm far better as they go 122 00:09:50,279 --> 00:09:54,600 into the food system. So you can see where the use of computer systems 123 00:09:54,600 --> 00:09:58,759 and particularly connected computer systems, and I realized it'd be a whole other topic 124 00:10:00,039 --> 00:10:03,159 talk about AI. But AI is also entering into this world to help the 125 00:10:03,200 --> 00:10:11,000 farmer be better at farming. And mostly again we're talking economics here, lowering 126 00:10:11,080 --> 00:10:15,480 the cost of farming, increasing the yields, and increasing the production and the 127 00:10:15,519 --> 00:10:20,360 output through the use of all these connected systems you've mentioned the farming end of 128 00:10:20,360 --> 00:10:28,039 it. They primary production. I've never worked in or with a you know, 129 00:10:28,720 --> 00:10:35,360 sort of call it a food factory, a slaughterhouse, a place where 130 00:10:35,559 --> 00:10:41,840 canned soups are produced. What what does that piece of it look like today? 131 00:10:43,000 --> 00:10:48,759 So similar to any other manufacturing, whether it's automotive or steel production, 132 00:10:48,000 --> 00:10:50,440 it's an assembly line, if you want to think of it. There's raw 133 00:10:50,960 --> 00:10:54,000 ingredients to go in one end, there's a finished product that comes out the 134 00:10:54,000 --> 00:10:58,440 other end, and there's some usually a mechanical system some sort, that's moving 135 00:10:58,440 --> 00:11:03,360 along the the chickens, the beef, the cans, the fish, the 136 00:11:03,440 --> 00:11:07,759 whatever it is. Let me just take poultry probably is an easy example. 137 00:11:07,840 --> 00:11:11,960 Most people are familiar with the poultry industry. You get your chicken sandwich, 138 00:11:11,039 --> 00:11:16,240 or your nuggets or your hot wings for football games that you know you're buying 139 00:11:16,240 --> 00:11:18,799 those in a grocery store. But of course they start off as a chicken, 140 00:11:18,919 --> 00:11:22,320 you know, a live bird grown in a chicken house, along with 141 00:11:22,320 --> 00:11:28,679 thousands of other ones. They begin obviously as eggs produced by laying hens, 142 00:11:28,279 --> 00:11:33,399 chicks are born, and all along the way here we've now got computer controls 143 00:11:33,399 --> 00:11:39,399 that are monitoring temperature, humidity, air quality, food quality, beginning with 144 00:11:39,480 --> 00:11:43,720 the laying hen through the egg to the chick, and then the chicks are 145 00:11:43,720 --> 00:11:48,519 delivered to these growing houses, where of course they mature into adult chickens and 146 00:11:48,600 --> 00:11:54,279 ultimately off to the processing plant. In an earlier era, the air conditioning 147 00:11:54,320 --> 00:11:58,279 system, for example, in a chicken house all manually controlled. You'd have 148 00:11:58,559 --> 00:12:01,559 thermostats that you could figure out what's going on, But today all computer controlled, 149 00:12:01,600 --> 00:12:05,759 and in fact, in today's poultry world, most of these chicken houses 150 00:12:05,799 --> 00:12:11,720 they're owned by a farmer, but the chickens inside are owned by the large 151 00:12:11,759 --> 00:12:16,279 poultry company. The farmer's role is just to make sure that they're protected from 152 00:12:16,320 --> 00:12:18,639 the elements that they get their food, that they're protected while they're growing, 153 00:12:20,279 --> 00:12:24,639 but they don't actually belong to the chicken farmer the gathering of those birds. 154 00:12:24,679 --> 00:12:30,039 When they're ready to be brought in and processed, a team will come in 155 00:12:30,080 --> 00:12:33,360 and gather them up and they clean the house out income a whole bunch of 156 00:12:33,440 --> 00:12:37,840 new chicks, and back again they go. So at the processing end you've 157 00:12:37,879 --> 00:12:41,919 got big, large machines that live animals. You've got to consider this are 158 00:12:43,039 --> 00:12:46,759 humanely killed. This is done in different ways, whether it's a bird, 159 00:12:46,799 --> 00:12:50,919 whether it's a fish, whether it's a pig or a beef or whatever. 160 00:12:52,720 --> 00:12:56,440 But then the animal has to be skinned and then separated into the different parts. 161 00:12:56,720 --> 00:12:58,840 Historically this was all done by hand, and of course it would take 162 00:12:58,840 --> 00:13:05,000 a while to slaughter a complete animal and produce the output. Now more and 163 00:13:05,039 --> 00:13:09,759 more this is done by machines, and there still are humans there, of 164 00:13:09,799 --> 00:13:13,000 course that are monitoring what's going on. But if you can imagine the amount 165 00:13:13,039 --> 00:13:18,679 of work it takes to debone something to actually produce the meat that's coming off 166 00:13:18,840 --> 00:13:22,759 of alpha an animal, there's a lot of human effort. If you can 167 00:13:22,840 --> 00:13:24,919 let a machine do it, you cut back on the human effort. But 168 00:13:26,039 --> 00:13:28,960 one of the issues they've had is you do create a lot of waste because 169 00:13:28,960 --> 00:13:31,879 the human hands are still far better at this than a machine can be, 170 00:13:31,960 --> 00:13:37,639 but we're getting better and again. Control systems, computers, learning AI is 171 00:13:37,759 --> 00:13:43,240 all part of that. Inside one of these facilities, temperature has to be 172 00:13:43,279 --> 00:13:46,399 regulated, they have to be sanitary, they have to be cleaned. There 173 00:13:46,399 --> 00:13:52,320 of course, are inspected daily. The output coming out, the waste has 174 00:13:52,360 --> 00:13:56,639 to be dealt with. In some cases the waste is actually reused, becomes 175 00:13:56,720 --> 00:14:01,200 fertilizer, becomes other types of things. So there's very little actual product that 176 00:14:01,279 --> 00:14:07,240 goes to a landfill because of the ways that we've been able to reuse virtually 177 00:14:07,320 --> 00:14:09,919 all the parts of very animal that becomes food. So that's just on the 178 00:14:09,960 --> 00:14:13,159 animal side. Of course, it's similar on the grain side if you're dealing 179 00:14:13,159 --> 00:14:16,679 with corn or beans or things that you grow out of the ground. That 180 00:14:16,840 --> 00:14:22,600 processing same thing, bringing in the raw materials, the grain, the peanuts, 181 00:14:22,679 --> 00:14:26,320 the wheat, It goes through various stages and then what comes out on 182 00:14:26,320 --> 00:14:28,480 the other end, depending on what it is that you're making, whether it's 183 00:14:28,519 --> 00:14:33,399 flour, whether it's canned products, and so forth. Again, all assembly 184 00:14:33,440 --> 00:14:35,519 line, if you want to think of it, large machines that are moving 185 00:14:35,600 --> 00:14:41,480 very rapidly in an earlier era, it would have been more or less a 186 00:14:41,519 --> 00:14:46,759 belt running along with humans working alongside that belt putting things together. Today it's 187 00:14:46,360 --> 00:14:54,200 more of a rack type mechanism that's moving items, but it's largely electric controlled 188 00:14:54,279 --> 00:15:01,320 solenoids, little DC motors that are turning little hands and paddles that might move 189 00:15:01,360 --> 00:15:07,480 something on or off that assembly line depending on how they were determined in terms 190 00:15:07,480 --> 00:15:11,519 of size or weight. We've got computers that can scan items, can determine 191 00:15:11,679 --> 00:15:16,159 if the quality is proper, looking for metal pieces that might be inside X 192 00:15:16,240 --> 00:15:20,360 ray machines, looking for that. So if you haven't been inside one of 193 00:15:20,360 --> 00:15:24,000 these facilities in a while, it is absolutely amazing. What has this big 194 00:15:24,000 --> 00:15:28,840 transformation that's occurred over the past several decades. And of course there's a lot 195 00:15:28,879 --> 00:15:33,240 more coming as we get more and more computer control, more networked, more 196 00:15:33,919 --> 00:15:37,279 of the analysis that can be done on the food as it's being produced. 197 00:15:37,279 --> 00:15:43,120 So oftentimes for consumers, you go to the grocery store and you buy that 198 00:15:43,159 --> 00:15:46,200 frozen dinner or the can of soup or a loaf of bread, and you 199 00:15:46,240 --> 00:15:52,240 don't often think about everything it took to actually get there. And it is 200 00:15:52,320 --> 00:15:56,840 amazing. And if you like this There are certainly plenty of videos that you 201 00:15:56,840 --> 00:16:00,279 can go watch and get a better feel for what's going on, or go 202 00:16:00,360 --> 00:16:03,000 take a tour. Sometimes they'll let the general public in to take a look 203 00:16:03,000 --> 00:16:07,879 at how this process works. But it is absolutely fascinating. And again, 204 00:16:07,919 --> 00:16:11,720 as I mentioned earlier, this is one of our sixteen critical infrastructures, and 205 00:16:12,000 --> 00:16:18,320 it's probably the one that's been leased overlooked from in terms of what we're doing 206 00:16:18,360 --> 00:16:22,440 with it and security and all the pieces that are behind it to protect that 207 00:16:22,480 --> 00:16:27,200 food system. You know, there was a lot of stuff there that that 208 00:16:27,360 --> 00:16:32,600 Marcus said. Let me chime in. Just I read a statistic the other 209 00:16:32,639 --> 00:16:36,759 day. This is very big business, This is huge industry. I mean, 210 00:16:36,759 --> 00:16:38,519 there's there's eight billion people on the planet. We've got to feed them 211 00:16:38,519 --> 00:16:44,159 all. I saw statistic the other day. You know, pop quiz for 212 00:16:44,200 --> 00:16:49,240 you Nate the you know, then look at the number of species on the 213 00:16:49,279 --> 00:16:55,720 planet. You know, add up all of the humans on the planet, 214 00:16:55,840 --> 00:16:57,840 all of the cows on the planet, all of the pigs on the planet, 215 00:16:59,080 --> 00:17:03,799 all of the vertical rates which vertebrates species weighs the most? How many 216 00:17:03,880 --> 00:17:07,599 mega tons? You know, what has the most mega tons of you know, 217 00:17:07,720 --> 00:17:11,720 living population on the planet today. You want to guess it's good that 218 00:17:11,759 --> 00:17:18,119 you specified vertebrates because I was going to choose ants. Alj probably wins, 219 00:17:18,599 --> 00:17:22,720 Oh, yeah, that's a good point. It's a good point. I 220 00:17:22,039 --> 00:17:25,960 can only sense that this is a trick question, so I'm not going to 221 00:17:26,000 --> 00:17:30,039 say humans. No, it's got to be a farm animal. It turns 222 00:17:30,039 --> 00:17:33,440 out to be chickens. Of all the vertebrates on the planet, the largest 223 00:17:33,519 --> 00:17:40,559 number of megatons of living mass on the planet today is chickens, almost all 224 00:17:40,599 --> 00:17:44,559 of which we're eating. You know, this is very big business, all 225 00:17:44,640 --> 00:17:47,519 right, and that begs the question, how did we get to the point 226 00:17:47,559 --> 00:17:52,119 where chickens so vastly outnumber everything else. I'm not an expert in the field, 227 00:17:52,160 --> 00:17:55,400 but I read a book a couple of years ago. I recommend it. 228 00:17:55,400 --> 00:17:57,480 It's called Enlightenment. Now. I think that was the book. I'm 229 00:17:57,480 --> 00:18:04,400 pretty sure it was. It talked about sort of the grand scale of statistics, 230 00:18:06,039 --> 00:18:08,799 and one of the points it made in the food industry in particular, 231 00:18:08,839 --> 00:18:12,279 was that look in the late eighteen hundreds, coming up on the nineteen hundreds, 232 00:18:14,240 --> 00:18:18,920 experts were making predictions that within a handful of decades, you know, 233 00:18:18,960 --> 00:18:22,720 before the mid nineteen hundreds, you know, we were going to have a 234 00:18:22,759 --> 00:18:23,799 billion and a half people on the planet. You know, at the time, 235 00:18:25,359 --> 00:18:26,640 late eighteen hundreds, we had a little less than a billion people on 236 00:18:26,680 --> 00:18:30,440 the planet. They're predicting a billion and a half by the middle of the 237 00:18:30,480 --> 00:18:33,759 century, most of whom would be starving because you know, in the late 238 00:18:33,759 --> 00:18:41,519 eighteen hundreds, they were turning enormous amounts of land from wilderness into agricultural land 239 00:18:41,599 --> 00:18:45,880 and still were barely keeping up with population growth in terms of food production. 240 00:18:48,039 --> 00:18:52,920 But today we have eight billion people on the planet and we have last I 241 00:18:52,960 --> 00:18:57,839 heard, about twenty five percent more agricultural land in production than we had in 242 00:18:57,880 --> 00:19:02,039 the late eighteen hundreds. So we increased the land used by twenty five percent 243 00:19:02,279 --> 00:19:06,920 and the population by eight times. And today, you know, enlightenment now 244 00:19:07,000 --> 00:19:10,920 argues we have more than enough food for everyone on the planet. The only 245 00:19:11,000 --> 00:19:15,960 reason that people are hungry on the planet today is politics, war, you 246 00:19:15,000 --> 00:19:19,319 know, nasty stuff like ethnic cleansing and so on, where where you know, 247 00:19:19,599 --> 00:19:23,960 food isn't getting to people. But there's you know, there's more than 248 00:19:25,039 --> 00:19:27,720 enough food in the planet. Something like thirty percent, one third of the 249 00:19:27,759 --> 00:19:33,920 farmland in the United States that's used for corn is producing ethanol, so we 250 00:19:33,000 --> 00:19:37,680 can burn it rather than corn to feed to animals or feed to humans. 251 00:19:38,920 --> 00:19:42,839 There's more than enough land. And you know, to me, my sort 252 00:19:42,880 --> 00:19:48,359 of my takeaway from enlightenment now was the biggest innovation in the twentieth century, 253 00:19:48,720 --> 00:19:53,000 The biggest, single, most important invention was not the computer. It was 254 00:19:53,799 --> 00:20:00,680 a cheap way to produce nitrogen fertilizer had to do with increasing the efficiency of 255 00:20:00,720 --> 00:20:06,039 farms. And I assume that there are other factors involved, such as genetically 256 00:20:06,039 --> 00:20:11,319 modified crops. And to the point of this podcast, you know, city 257 00:20:11,359 --> 00:20:15,720 folk like me don't necessarily always understand, but the act, the practice of 258 00:20:15,759 --> 00:20:22,039 farming is so computerized right now. Absolutely. I mean, you know, 259 00:20:22,200 --> 00:20:25,599 back in the late eighteen hundreds, most of the world's population, in my 260 00:20:25,799 --> 00:20:30,640 dim understanding, were farmers. They produced their own food that because you know, 261 00:20:30,880 --> 00:20:34,480 that's what you did, that's how you produced food. Today, you 262 00:20:34,519 --> 00:20:40,920 know, a handful of people in sort of a family or two getting together 263 00:20:41,000 --> 00:20:47,400 can manage you know, five ten, twelve square miles. You know, 264 00:20:47,519 --> 00:20:51,839 thousands, tens of thousands of acres of land in North America can can produce 265 00:20:51,960 --> 00:20:56,799 food on that land, the number of the people involved in producing food has 266 00:20:56,200 --> 00:21:00,160 dropped through the floor. And this is not by accident. It has to 267 00:21:00,200 --> 00:21:07,000 do with with automation. You know, my sister and her husband ran a 268 00:21:07,039 --> 00:21:10,559 dairy farm for twenty five years. You know, he went to school, 269 00:21:10,559 --> 00:21:12,720 he did a four year degree on managing dairy farms. It was a very 270 00:21:12,759 --> 00:21:18,319 modern operation. One of the the insights that I remember, you know, 271 00:21:18,480 --> 00:21:23,440 hearing about sort of one of his policies was look andrew policy for us and 272 00:21:23,599 --> 00:21:29,880 for all of our hired hands, never do anything by hand that a machine 273 00:21:29,920 --> 00:21:34,359 can do for you. Automation is the way this is moving forward. And 274 00:21:34,839 --> 00:21:40,880 you know, in the modern world, all modern automation involves computers, and 275 00:21:40,960 --> 00:21:44,920 of course, putting more computers in everything puts more targets in everything. Hence, 276 00:21:45,440 --> 00:21:48,440 you know the cybersecurity problems that now plague us in almost every industry that's 277 00:21:48,640 --> 00:21:55,559 heavily automated, which is everything I do. Recall it. I took a 278 00:21:55,599 --> 00:22:00,799 tour recently of a brewery and you know what, something you haven't really emphasized 279 00:22:00,839 --> 00:22:08,200 that impressed me was the scale, the scale of you know, the factory, 280 00:22:08,240 --> 00:22:12,640 the brewery. Well, since you mentioned beverages, that That's also another 281 00:22:12,720 --> 00:22:18,799 piece is the heating and the cooling. So in food production, if you're 282 00:22:18,880 --> 00:22:22,400 you know, you have a microbiological side of this where you know, you 283 00:22:22,400 --> 00:22:27,160 can't let it get contaminated, you can't let bacteria grow. So oftentimes the 284 00:22:27,200 --> 00:22:30,519 finished product it's not ready to be put directly in a grocery store. You 285 00:22:30,559 --> 00:22:34,960 got to do something with it. You'll have these very large warehouses with temperatures 286 00:22:34,960 --> 00:22:41,720 that are around freezing and so now that requires an enormous air conditioning system, 287 00:22:41,359 --> 00:22:47,920 which requires large amounts of liquid whatever, ammonia, nitrogen, and so forth. 288 00:22:47,960 --> 00:22:52,519 So there's a whole nother back into this that the size you're talking about, 289 00:22:52,519 --> 00:22:56,039 the scale these big facilities, how do you cool something like that, 290 00:22:56,319 --> 00:23:00,640 and how do you keep those temperatures regulated? That that's another industrial real control 291 00:23:00,799 --> 00:23:04,839 type of area that is often overlooked but is absolutely necessary in food production. 292 00:23:06,480 --> 00:23:10,400 That makes sense. So let me ask you, given the physical process, 293 00:23:10,440 --> 00:23:15,599 given the degree of automation. You know, I'm going to ask in a 294 00:23:15,680 --> 00:23:19,000 moment about what are we worried about? What kind of consequences? But you 295 00:23:19,039 --> 00:23:22,680 know, let me add to start with, I'm guessing the obvious is there 296 00:23:22,880 --> 00:23:26,960 if you shut down one of these large facilities. That's a lot of money 297 00:23:26,960 --> 00:23:30,640 at stake, you know, beyond sort of shutdowns, what are we worried 298 00:23:30,640 --> 00:23:34,480 about? What's the worst that can happen in this system? If the automation 299 00:23:34,880 --> 00:23:40,160 goes awry in sort of the worst case, well, you can think of 300 00:23:40,200 --> 00:23:45,200 it at a couple of levels. So in the growing world, let's say 301 00:23:45,240 --> 00:23:51,000 somebody makes a mistake, there's a computer malfunctions, and we plant things wrong. 302 00:23:52,000 --> 00:23:55,079 You could have a lower yield, so we don't get as much corn 303 00:23:55,160 --> 00:23:59,160 out of that field as we should have, or not as many chickens come 304 00:23:59,160 --> 00:24:03,359 out of the chicken house, et cetera. In the production world, you 305 00:24:03,400 --> 00:24:06,359 could wind up with things that are not that big of a deal, like 306 00:24:06,480 --> 00:24:11,119 the wrong measure. You're expecting sixteen ounces, you get sixteen and a half 307 00:24:11,240 --> 00:24:12,880 or fifteen and a half, you know, that type of thing. But 308 00:24:12,960 --> 00:24:17,519 as I mentioned earlier, there's a biology side to this, and that's probably 309 00:24:17,759 --> 00:24:22,759 the worst side. Is that you get an undetected agent, some pathogen that 310 00:24:22,839 --> 00:24:26,160 leaks into the system and you get contaminated food. And this is what consumers 311 00:24:26,240 --> 00:24:30,079 mostly see as you get the food recalls. I'm sure you're very familiar with 312 00:24:30,119 --> 00:24:36,039 this where it's determined that you know, a truckload of lettuce or whatever got 313 00:24:36,039 --> 00:24:40,880 contaminated along the way, and now the grocery stores have to do product recalls 314 00:24:41,759 --> 00:24:45,759 and consumers have to go check. But I guess the good side of this 315 00:24:45,119 --> 00:24:49,200 is because the way they process and the way they can track, all the 316 00:24:49,279 --> 00:24:55,240 batches are labeled and numbered, and so if you do wind up having some 317 00:24:55,440 --> 00:25:00,200 bacteria, pathogen, some contamination of some sort because a machine failed you or 318 00:25:00,519 --> 00:25:03,799 a trusted computer system failed you, we can at least track down where did 319 00:25:03,799 --> 00:25:07,920 it come from, when was it produced, where did it go to. 320 00:25:07,440 --> 00:25:11,880 Because of all the good tracking that we're doing now we can isolate where that 321 00:25:11,920 --> 00:25:15,599 contaminated food is in the food supply system and go pull it back out. 322 00:25:15,759 --> 00:25:18,880 Previously, we really were not good at doing that. We just kind of 323 00:25:18,920 --> 00:25:22,839 had to guess said, yeah, we think it might have happened on this 324 00:25:23,000 --> 00:25:27,640 day, and yeah, that output probably went to this grocery store chain. 325 00:25:29,880 --> 00:25:32,720 It's not a lot of faith there, and we have a lot more precision 326 00:25:32,799 --> 00:25:37,880 today and trying to determine if something goes wrong, who directly is impacted by 327 00:25:37,920 --> 00:25:44,319 it, and then try to prevent consumption of that contaminated food, so nate 328 00:25:44,640 --> 00:25:48,039 from my limited knowledge of the field, and you know, I've at one 329 00:25:48,079 --> 00:25:57,799 point provided automation software to food manufacturers pharmaceutical manufacturers. One of the critical pieces 330 00:25:57,839 --> 00:26:04,519 of automation in order and food factories, food and beverage is the batch record. 331 00:26:04,759 --> 00:26:11,240 And this is usually a historian that is keeping track of everything that happens 332 00:26:11,279 --> 00:26:15,480 to every batch. When you produce food, canned goods, you know, 333 00:26:15,680 --> 00:26:19,000 peanut butter, whatever. When you produce food, it has been in my 334 00:26:19,079 --> 00:26:23,440 understanding, by law it comes out in batches and the batch number has to 335 00:26:23,440 --> 00:26:30,799 be identified on each each package that you produce, so that if there's a 336 00:26:30,839 --> 00:26:34,160 problem that's found with a batch, you can recall the batch reliably. How 337 00:26:34,200 --> 00:26:37,200 would you find a problem, Well, you know, you discover, I 338 00:26:37,200 --> 00:26:41,079 don't know, the batch is contaminated. You go back to your batch records, 339 00:26:41,279 --> 00:26:44,839 you say, what happened to this batch? You know it used this 340 00:26:45,000 --> 00:26:47,799 input. Well, four other batches us that input. We think that's the 341 00:26:47,799 --> 00:26:49,640 one that was contaminated. These are the four batches that have to be recalled 342 00:26:52,000 --> 00:26:56,599 if you lose track of that information. Because a cyber attack comes in and 343 00:26:56,640 --> 00:27:00,839 I don't know, encrypts your historian, you cannot get that information back. 344 00:27:00,880 --> 00:27:07,039 You cannot sell the batch in modern you know, in the in the developed 345 00:27:07,039 --> 00:27:11,960 world, it's only legal to sell a manufactured batch of goods in these large 346 00:27:11,960 --> 00:27:15,359 plants. I mean, there's exceptions for smaller plants, but in the in 347 00:27:15,400 --> 00:27:18,640 the big in the big iron, you can only sell the goods if you 348 00:27:18,799 --> 00:27:23,039 have complete control of the batch record. If you've lost track of the batch, 349 00:27:23,559 --> 00:27:26,960 you don't know. You know, if you discover a contaminant, if 350 00:27:27,079 --> 00:27:30,559 dispatch was, you're not allowed to sell it. You have to throw it 351 00:27:30,559 --> 00:27:33,319 out. So you know, this is this is sort of a peek into 352 00:27:33,359 --> 00:27:40,200 the world of cyber to come here. Okay, So you know it's great 353 00:27:40,200 --> 00:27:45,079 that those systems are in place. Can we talk about the threat? Who's 354 00:27:45,480 --> 00:27:51,559 who's coming after us in this world of primary production or you know, food 355 00:27:51,559 --> 00:27:55,599 and beverage or I don't know, even pharmaceutical I imagine manufacturing that's a human 356 00:27:55,640 --> 00:28:00,880 consumable as well. Who's coming after us? And and you know what kind 357 00:28:00,920 --> 00:28:04,240 of consequences are we seeing? How credible is the threat? Well, there's 358 00:28:04,240 --> 00:28:07,880 two of them that we are concerned about here. As we've been working with 359 00:28:08,000 --> 00:28:12,960 growers and doing research and even observations over the years. The first one that's 360 00:28:14,000 --> 00:28:17,680 not quite well, yeah, not quite as obvious to most people. Let's 361 00:28:17,720 --> 00:28:21,400 just talk about that unless you're in our world, and that's the threat of 362 00:28:21,400 --> 00:28:26,839 intellectual property theft, either criminal theft or espionage style theft, and we've seen 363 00:28:27,039 --> 00:28:33,119 a massive rise in that. The FBI has been doing some very good investigations 364 00:28:33,160 --> 00:28:38,960 into Chinese theft, where they literally will come in to a field, they'll 365 00:28:40,000 --> 00:28:44,559 dig up seeds, they'll steal plants, and they'll try and reverse engineer the 366 00:28:44,640 --> 00:28:49,640 genetics of things that we're growing. You're probably very familiar with genetically modified products, 367 00:28:51,000 --> 00:28:53,359 so we can get a better yield, a larger ear of corn, 368 00:28:53,960 --> 00:29:00,400 greener leafy things by genetically modifying it. But of course those products are all 369 00:29:00,400 --> 00:29:06,240 patented and protected by the companies that make them. Adversaries in other countries who 370 00:29:06,319 --> 00:29:10,759 don't have the time, the money, the skill to genetically develop these food 371 00:29:10,799 --> 00:29:14,160 sources, and they have large populations that they have to feed and care for, 372 00:29:14,880 --> 00:29:17,880 will happily come over here and steal from us. So you can either 373 00:29:17,920 --> 00:29:21,559 physically steal it, or you can come into the computer systems. If you 374 00:29:21,599 --> 00:29:25,799 can get in and rate it that way, to take that intellectual property back. 375 00:29:25,839 --> 00:29:30,200 So that's a competitive advantage problem. That's not going to poison the food, 376 00:29:30,200 --> 00:29:33,599 that's not going to stop the machine from working, But economically, long 377 00:29:33,720 --> 00:29:41,799 term, you can cause huge damage to the food supply system if you've got 378 00:29:41,839 --> 00:29:47,640 competitors that are stealing information from you and then potentially selling cheaper into the market, 379 00:29:47,640 --> 00:29:52,680 but then selling bad stuff. You're probably very familiar with the problems that 380 00:29:52,720 --> 00:29:56,519 we've had with animal food, like dog food that's had to be recalled coming 381 00:29:56,559 --> 00:30:00,960 out of China, coming out of other countries that don't have the same type 382 00:30:00,960 --> 00:30:04,400 of food inspection that we have, and yet they're producing food cheaper than we 383 00:30:04,440 --> 00:30:07,680 can produce it here because their labor rates are lower. But the way they're 384 00:30:07,680 --> 00:30:12,519 doing that is from having stolen the information from us. The more obvious one, 385 00:30:12,559 --> 00:30:17,880 of course, that people are concerned about is disruptions, and if we 386 00:30:17,880 --> 00:30:22,480 were to ever get into just think national security, think big picture global like 387 00:30:22,599 --> 00:30:26,960 what's happened with Russia and Ukraine, China and potentially Taiwan. Things that are 388 00:30:26,960 --> 00:30:30,799 a foot down in Central and South America. Right now, We in the 389 00:30:30,920 --> 00:30:36,640 United States, Canada, we tend to enjoy the bounty of our land. 390 00:30:36,680 --> 00:30:40,680 We're well fed, we're well provided for. We've built a system that we're 391 00:30:40,720 --> 00:30:45,680 all very comfortable with the rest of the world other than maybe Europe doesn't enjoy 392 00:30:45,720 --> 00:30:48,519 that. And if we were ever to get into a large global conflict, 393 00:30:48,759 --> 00:30:55,880 a World War three. We now have a very high tech, somewhat vulnerable 394 00:30:55,920 --> 00:31:00,279 food supply system that you don't physically have to occupy North America to disrupt it. 395 00:31:00,319 --> 00:31:04,720 You can disrupt it via cyber means, come in through the computer networks, 396 00:31:04,759 --> 00:31:11,480 the trusted systems and potentially mess up our food supply. We have slack 397 00:31:11,559 --> 00:31:14,680 in the system. It's not like you can do a disruption today and everybody 398 00:31:14,720 --> 00:31:18,359 starts starving tomorrow. But depending on the type of food, the amount of 399 00:31:18,400 --> 00:31:22,799 slack varies from a few days to a few weeks, So you could run 400 00:31:22,839 --> 00:31:26,680 out of some products pretty quickly. You could have a few weeks worth on 401 00:31:26,839 --> 00:31:30,119 hand in the system before you'd start running out. Our adversaries know that, 402 00:31:30,319 --> 00:31:34,119 absolutely know that. So that threat of disruption, I think is something a 403 00:31:34,119 --> 00:31:38,079 lot of people focus on. But the threat of intellectual property theft, that 404 00:31:38,160 --> 00:31:42,119 hidden threat is something that we're not focusing on as much as we should, 405 00:31:42,200 --> 00:31:45,680 or at least it's not as well known to those in the growing community. 406 00:31:45,720 --> 00:31:51,519 They're producing community and so forth. That's a fair amount to worry about, 407 00:31:51,599 --> 00:31:57,720 from intellectual property theft to sort of global conflicts. How are we doing, 408 00:31:57,880 --> 00:32:05,359 what's the state of the press in this broad collection of industries. Let me 409 00:32:05,400 --> 00:32:08,559 say, I think we're doing better than we've were. There has certainly been 410 00:32:08,640 --> 00:32:15,559 a large amount of awareness that's been growing. One of the bad things that's 411 00:32:15,599 --> 00:32:19,799 happening to everybody is ransomware. I'm sure you're very familiar with it. And 412 00:32:20,319 --> 00:32:24,400 food industry companies can be victims of ransomware just like anybody else. And even 413 00:32:24,440 --> 00:32:29,039 though we don't like ransomware, we'd like it to go away, the fact 414 00:32:29,039 --> 00:32:34,079 that it exists has raised the awareness that we've got a problem here, that 415 00:32:34,119 --> 00:32:39,160 there are ways to be disruptive via computer systems, connectivities to the Internet, 416 00:32:39,200 --> 00:32:45,160 and so forth. And so that awareness has gone up because of the ransomware 417 00:32:45,240 --> 00:32:49,519 problem. That and in a sense is good because it's caused the leadership of 418 00:32:49,599 --> 00:32:53,799 companies, boards, CEOs, others beyond the security community to become aware that 419 00:32:53,839 --> 00:32:58,720 this is an issue, and then they start asking the correct questions. There's 420 00:32:58,759 --> 00:33:01,400 companies I've worked with that really didn't think about security, really didn't think that 421 00:33:01,440 --> 00:33:06,200 they would ever be targeted. They're just happy to run their machines and plants 422 00:33:06,279 --> 00:33:09,720 and whatever they're producing until they get hit with a ransomware attack and it shuts 423 00:33:09,759 --> 00:33:13,240 them down. And then all of a sudden, as they come out on 424 00:33:13,240 --> 00:33:17,400 the other side, they've got a brand new attitude and are investing heavily in 425 00:33:17,440 --> 00:33:22,759 the security of the company, and not so much the financial business side, 426 00:33:22,759 --> 00:33:27,079 but the actual production side, the side that would not have necessarily been impacted 427 00:33:27,119 --> 00:33:30,559 by the ransomware, but they're very aware that, yeah, that could be 428 00:33:30,640 --> 00:33:34,759 next, and we are certainly on somebody's radar somewhere, And so this, 429 00:33:35,680 --> 00:33:39,039 in a weird sort of way, has helped to raise the awareness of the 430 00:33:39,119 --> 00:33:44,279 problem that's out there. There's also the other good news is if you go 431 00:33:44,359 --> 00:33:49,200 to various events where food safety officials are getting together, or if you read 432 00:33:49,319 --> 00:33:52,759 Food Safety magazine or any of the other publications around there, over the past 433 00:33:52,799 --> 00:33:57,119 few years, there's been a steady rise in the discussion of this problem. 434 00:33:57,160 --> 00:34:01,000 So again the awareness is going up. Major problem though, I'm still seeing 435 00:34:01,799 --> 00:34:07,920 is a lot of businesses look at security or cybersecurity as being an it problem. 436 00:34:08,320 --> 00:34:13,519 It's not a safety problem, it's not a biology problem, it's not 437 00:34:13,599 --> 00:34:19,239 a chemistry problems. Well that's it. You go talk to those fellows install 438 00:34:19,280 --> 00:34:22,360 your PowerPoint and your email, and they need to worry about it, and 439 00:34:22,760 --> 00:34:28,079 we've got to change that attitude. I'm afraid that's not just in the food 440 00:34:28,119 --> 00:34:31,880 world, but probably in other manufacturing areas as well. Is that this type 441 00:34:31,920 --> 00:34:38,039 of security, from disruptions to espionage to whatever, is really everybody's problem, 442 00:34:38,280 --> 00:34:43,639 and from the low level employee all the way to the CEO and the board, 443 00:34:43,679 --> 00:34:46,599 there has to be awareness, has to be engagement. It's very much 444 00:34:46,760 --> 00:34:54,239 like environmental problems. We don't let just the environmental engineers worry about environmental harm. 445 00:34:54,400 --> 00:35:00,480 We're getting everybody engaged and trying to work towards protecting the planet, protecting 446 00:35:00,480 --> 00:35:05,239 the world around us. Safety works like this, where everybody is responsible for 447 00:35:05,320 --> 00:35:08,519 safety, not just the safety engineer, and I think that's where we're going 448 00:35:08,559 --> 00:35:12,760 with security, though we still have a long way to go. And of 449 00:35:12,800 --> 00:35:16,880 course, culturally within the food world, there hasn't been a lot of exposure 450 00:35:17,280 --> 00:35:22,239 because the computer systems are fairly new coming along, connectivity is fairly new. 451 00:35:22,320 --> 00:35:28,519 This precision agriculture. Precision farming is fairly new as compared to say, communications 452 00:35:28,719 --> 00:35:35,000 or power hospitals, you know, other critical infrastructure areas. So again, 453 00:35:35,039 --> 00:35:38,280 I think the news is good that we're making progress, but there's still a 454 00:35:38,320 --> 00:35:42,840 long way to go here before we're going to be as protected as some of 455 00:35:42,840 --> 00:35:46,079 the other sectors. That makes sense to a degree. I mean, in 456 00:35:46,119 --> 00:35:54,239 my own experience, the awareness of cybersecurity threats tends to be greatest in the 457 00:35:54,400 --> 00:36:00,679 largest enterprises. And you know, you've talked about baker farms, you haven't 458 00:36:00,800 --> 00:36:07,920 said million acre farms. Are we still dealing primarily with smaller businesses in this 459 00:36:08,079 --> 00:36:13,880 industry where you know it's you know, they may not have an IT person 460 00:36:13,920 --> 00:36:17,679 on staff, much less a cybersecurity person. In America North America, the 461 00:36:17,960 --> 00:36:22,920 small farm tends to rule. There's still the family farmer or the smaller business, 462 00:36:22,960 --> 00:36:28,159 the you know, thousand to a few thousand acre those big large things 463 00:36:28,199 --> 00:36:31,039 we mentioned the millionacre farms, that would be more of the large, open 464 00:36:31,199 --> 00:36:37,400 pasture raising types of things. I don't know if anybody that has an intact 465 00:36:37,440 --> 00:36:42,639 million acres where they're growing wheat, that certainly could happen. But I think 466 00:36:42,679 --> 00:36:46,079 that you're touching on a very interesting question, and that is at the growing 467 00:36:46,159 --> 00:36:52,599 level, it is largely small businesses. And yes, there are some large 468 00:36:52,639 --> 00:36:58,000 businesses that grow things, but the small to medium sized business is the backbone 469 00:36:58,039 --> 00:37:04,280 here in North America. Those businesses don't have the funding, the knowledge, 470 00:37:04,400 --> 00:37:07,880 the background to do security. And even as I've talked to many of them 471 00:37:07,920 --> 00:37:14,719 that the influx of it their heart. They're highly dependent upon the manufacturer, 472 00:37:14,800 --> 00:37:20,239 upon the vendor. You might put in a new system and everything is remotely 473 00:37:20,239 --> 00:37:23,280 controlled by the vendor and the person on the ground is just making sure that 474 00:37:23,280 --> 00:37:30,719 the power is on and they got connectivity. A great example of this is, 475 00:37:30,880 --> 00:37:32,199 and this goes back to what we're talking about earlier, with tractors. 476 00:37:34,159 --> 00:37:37,199 If I own a John Deere tractor, then that's just you know, a 477 00:37:37,199 --> 00:37:44,079 popular brand. There are many other ones that's connected Most farmers instinctively, No, 478 00:37:44,199 --> 00:37:45,480 I've got to have a satellite connection. I have to have, you 479 00:37:45,519 --> 00:37:50,920 know, some way for this machine to communicate. But a couple of years 480 00:37:50,920 --> 00:37:55,239 ago, if you recall when Russia went into Ukraine, the Ukrainians were using 481 00:37:55,360 --> 00:38:00,519 their John Deere tractors to haul carcasses of Russian tank back over to the Ukrainian 482 00:38:00,639 --> 00:38:06,239 side. Russians didn't like that. They hauled a bunch of Ukrainian tractors back 483 00:38:06,320 --> 00:38:09,840 over to Russia. And when John Deere heard about this, they were able 484 00:38:09,880 --> 00:38:14,320 to remotely turn off those tractors because they were the brand new, highly connected 485 00:38:14,320 --> 00:38:16,280 ones. Well, you know, everybody applauds and cheers, Wow, this 486 00:38:16,320 --> 00:38:22,440 is pretty cool. We can use technology to win the war. But it 487 00:38:22,440 --> 00:38:24,239 didn't take too long for somebody to ask the two questions. One is, 488 00:38:24,239 --> 00:38:28,800 well, if John Deere could do that to tractors hauled back to Russia, 489 00:38:29,199 --> 00:38:34,480 can they also turn off a tractor here in the United States remotely? And 490 00:38:34,559 --> 00:38:38,079 even worse, could somebody like Russia hack into John Deere and turn off the 491 00:38:38,119 --> 00:38:44,239 tractors here the United States? Absolutely fair questions, and unfortunately the answer is 492 00:38:44,440 --> 00:38:46,679 probably not the answer you want to hear, and it's yes to both. 493 00:38:47,519 --> 00:38:52,360 And this couple of years ago began to raise a lot of questions from these 494 00:38:52,400 --> 00:38:55,840 growers, the family small business types who feel like this has gotten a little 495 00:38:55,840 --> 00:39:00,519 bit out of control. I've got this million dollar piece of machinery out here, 496 00:39:00,519 --> 00:39:06,760 this big combine or tractor or whatever, and you're telling me that somebody 497 00:39:06,800 --> 00:39:10,920 else can turn it off, somebody else can take control of it. That 498 00:39:10,960 --> 00:39:14,920 may be a little more than what I had bargained for. So again, 499 00:39:15,039 --> 00:39:20,840 the awareness is growing. Here at Auburn. We're a land grant university. 500 00:39:21,000 --> 00:39:24,000 Every state has land grant schools. This goes back to the post Civil War 501 00:39:24,079 --> 00:39:28,760 era. A lot of good history there. But what that means is we 502 00:39:28,800 --> 00:39:35,559 have a mission to educate across the state, particularly in agricultural and mechanical areas, 503 00:39:35,559 --> 00:39:39,039 because think about post Civil War, this was a transition from an agricultural 504 00:39:39,079 --> 00:39:44,679 economy to an industrial economy, and we wanted to grow young engineers as well 505 00:39:44,719 --> 00:39:50,039 as agricultural specialists to really get things going. And so these land grant schools 506 00:39:50,079 --> 00:39:54,920 have extension services across the state. This is federally funded, state funded, 507 00:39:55,519 --> 00:40:00,599 and really good outreach into the growing farming community. This is in all states 508 00:40:00,760 --> 00:40:05,280 here in the United States, and I'm sure Canada has a similar type of 509 00:40:05,280 --> 00:40:08,840 program. But through that extension system there's a lot of trust and one of 510 00:40:08,840 --> 00:40:13,639 the areas we're looking at is, okay, can we use that to start 511 00:40:13,760 --> 00:40:17,400 educating growers on all these new cybersecurity issues, all the new threats, the 512 00:40:17,400 --> 00:40:22,199 new vulnerabilities. If you're going to build a mesh network across your farm, 513 00:40:22,320 --> 00:40:27,280 and you're going to fully automate all of your machinery and put all this new 514 00:40:27,320 --> 00:40:30,719 IT stuff in there. Do you understand the security side of it? And 515 00:40:30,760 --> 00:40:35,679 we need to bring that in and you push into that rural broadband. You 516 00:40:35,760 --> 00:40:38,840 know, there's a big growing effort to try and add fiber optic as far 517 00:40:39,000 --> 00:40:44,199 and wide as we can, much like rural electrification was over one hundred years 518 00:40:44,199 --> 00:40:51,320 ago. And as we bring small communities, small farms, others that previously 519 00:40:51,360 --> 00:40:53,719 had not been connected to high speed internet, we now connect them up to 520 00:40:53,840 --> 00:40:59,079 fiber optic. What are we doing to protect them and to protect those farms 521 00:40:59,079 --> 00:41:04,519 and those businesses, those communities that had not really thought about the global threat 522 00:41:04,559 --> 00:41:07,679 that you get from high speed connectivity. So this all plays into this whole 523 00:41:07,760 --> 00:41:13,039 food and agg thing where those of us who live in cities, we kind 524 00:41:13,039 --> 00:41:17,039 of understand how to protect ourselves for very street smart. Those that live in 525 00:41:17,079 --> 00:41:21,920 the rural areas. They have a different mindset when it comes to personal protection, 526 00:41:22,039 --> 00:41:25,320 but often it's local and you don't think about the big global threats that 527 00:41:25,360 --> 00:41:29,840 could be brought in through all this connectivity. So there's a lot of work 528 00:41:29,880 --> 00:41:31,880 here to be done. Again, there's a lot of good news in terms 529 00:41:31,880 --> 00:41:36,280 of awareness, but I think we've still got a long way to go before 530 00:41:36,280 --> 00:41:40,360 we get that entire food chain, everything from growing to the packaging to putting 531 00:41:40,360 --> 00:41:45,440 it right in front of you on a plate in your favorite steakhouse, and 532 00:41:45,480 --> 00:41:47,880 everything in between, to bring them up to the same level of security as 533 00:41:47,880 --> 00:41:58,480 we have in other critical infrastructures. Marcus's point there about Ukraine and Russia and 534 00:41:58,519 --> 00:42:04,920 the John Deere tractors is really interesting to me. Last year I had the 535 00:42:04,960 --> 00:42:09,760 privilege of interviewing a gentleman who goes by sit codes. He's an independent hacker 536 00:42:09,800 --> 00:42:16,519 who at Defcon demonstrated how he hacked into John Deere tractors and got them to 537 00:42:16,599 --> 00:42:21,320 play doom on their little dashboard. And what he was explaining to me is 538 00:42:21,320 --> 00:42:24,440 that, you know, ultimately these machines are made with the kinds of parts 539 00:42:24,719 --> 00:42:30,920 that we are used to. There is a cyber attack surface that is as 540 00:42:30,960 --> 00:42:35,079 well and good as any other machine you're talking about. And what does it 541 00:42:35,199 --> 00:42:39,920 mean if a hacker were to break in, either locally or remotely and start 542 00:42:39,960 --> 00:42:44,800 affecting the food supply. That's a good question and you know, to me, 543 00:42:45,480 --> 00:42:49,039 yeah, there's there's a local risk. If you're standing there with a 544 00:42:49,079 --> 00:42:52,000 you know, I don't know, your cell phone close to physically close to 545 00:42:52,119 --> 00:42:58,159 the tractor and you're hacking into it, that's sort of a local threat that 546 00:42:59,039 --> 00:43:01,440 you know, the farmers are likely to understand, who are you, what's 547 00:43:01,440 --> 00:43:06,159 happening to my tractor? Stop this, get out with his you know, 548 00:43:06,239 --> 00:43:09,440 his stick, and chase the off the property. To me, the scary 549 00:43:09,480 --> 00:43:14,880 scenario is the cloud scenario, where in theory, you could hack into the 550 00:43:15,000 --> 00:43:20,159 Jahn Deere cloud control system and send stop commands to every tractor on the continent. 551 00:43:21,719 --> 00:43:25,960 This is not unique to the agricultural sector. There's lots of other sectors 552 00:43:25,960 --> 00:43:30,599 that are talking about this cloud problem. You know. The one I'm most 553 00:43:30,599 --> 00:43:37,400 familiar with is power generation. A lot of power generation is done with turbines, 554 00:43:37,880 --> 00:43:43,320 steam drives, steam turbines, natural gas, you know, are gas 555 00:43:43,320 --> 00:43:47,000 turbines are basically stationary jet engines. Water turbines are are in big hydroelectric dams. 556 00:43:47,519 --> 00:43:51,280 These things are moving parts. They wear out. Friction is the enemy 557 00:43:51,280 --> 00:43:54,880 of moving parts, and so the turbine vendors by and large are monitoring remotely 558 00:43:55,159 --> 00:44:01,639 these turbines constantly, And the question is what happens if one of these vendors 559 00:44:02,280 --> 00:44:07,719 remote monitoring sites is compromised and you can start sending instructions to cause damage to 560 00:44:07,760 --> 00:44:12,559 the turbines. You could turn the lights out for a large part of the 561 00:44:12,639 --> 00:44:16,320 nation by crippling these these turbines remotely. This is you know, lots of 562 00:44:16,559 --> 00:44:21,599 lots of industries are talking about this problem, and you know, I take 563 00:44:21,639 --> 00:44:23,039 your point. That's a very interesting thing that you bring up. But the 564 00:44:23,159 --> 00:44:29,119 question that I'm more confused about is, you know, I understand why some 565 00:44:29,199 --> 00:44:35,559 centralized entity in whether it be power generation or tractors would want them. It 566 00:44:35,679 --> 00:44:39,599 would need to push software updates for example, but why Andrew do they need 567 00:44:39,599 --> 00:44:45,800 that extra layer of control? Right? Like Microsoft sends me software updates for 568 00:44:45,960 --> 00:44:49,840 my PC, but Microsoft doesn't control my PC. I know that, at 569 00:44:49,920 --> 00:44:52,239 least with tractors, this is an issue for some farmers when it comes to, 570 00:44:52,320 --> 00:44:55,320 for example, right of repair. Yeah, there's a there's a couple 571 00:44:55,400 --> 00:45:00,559 of issues there. Let me touch on right of repair first. I'm thinking 572 00:45:00,599 --> 00:45:04,679 back. There was an episode on the CANbus that we did a few months 573 00:45:04,679 --> 00:45:10,119 ago. Doctor Ken Tindall was explaining how people hack into the CANbus in automobiles 574 00:45:10,159 --> 00:45:15,159 and steal you know, expensive cars. You know, right of repair is 575 00:45:15,159 --> 00:45:20,400 tied up in managing keys. The way to prevent people hacking into and stealing 576 00:45:20,400 --> 00:45:25,880 cars or tractors in this example is to encrypt communications between automation within the tractor 577 00:45:27,400 --> 00:45:31,480 and the vendor. Is the natural place to manage those keys. If you 578 00:45:31,639 --> 00:45:37,719 pull in a random part from another sort of repair supplier, can't You can't 579 00:45:37,760 --> 00:45:42,599 make it talk to the rest of the car without consulting the vendor and getting 580 00:45:42,639 --> 00:45:47,239 the encryption key for that tractor. So that's an issue that I'm not sure 581 00:45:47,239 --> 00:45:52,599 has been solved. More generally, lots of different industries are worried about connections 582 00:45:52,599 --> 00:45:55,760 to the cloud, and you're connecting to the cloud, I mean the killer 583 00:45:55,800 --> 00:46:01,760 app for the cloud right now is predictive maintenance. Whoever's created the machinery, 584 00:46:01,840 --> 00:46:05,800 be it the tractor or the steam turbine or whatever, you know, the 585 00:46:06,079 --> 00:46:10,760 stamping machine for refrigerators, whoever's created the machinery is the world's expert generally on 586 00:46:12,079 --> 00:46:16,199 how it's supposed to work and diagnosing problems with it when something goes wrong. 587 00:46:16,639 --> 00:46:21,800 And so most of these vendors are offering services where you know, in the 588 00:46:21,800 --> 00:46:28,239 cloud, you're continuously monitoring these complex devices and from time to time issuing instructions 589 00:46:28,280 --> 00:46:31,719 back to the devices, saying, change your mode of operation just a little 590 00:46:31,760 --> 00:46:36,880 bit, because this piece of you is wearing out. We want to extend 591 00:46:36,880 --> 00:46:40,599 your service life to the maximum. We want to you know, minimize service 592 00:46:40,760 --> 00:46:45,880 costs. This is what predictive maintenance means. You're predicting what's going to be 593 00:46:45,920 --> 00:46:52,199 needed maintenance wise, and you're adjusting the equipment to you know, to make 594 00:46:52,239 --> 00:46:57,320 to make changes to make the equipment more efficient and and you know, require 595 00:46:57,400 --> 00:47:01,280 less maintenance. So this kind of cloud connection a lot of people are worried 596 00:47:01,280 --> 00:47:07,880 about. There are some solutions out there for sort of the really big iron 597 00:47:07,039 --> 00:47:10,519 you know, uh, steam turbines, you know, people use uni directional 598 00:47:10,519 --> 00:47:15,760 gateways and they do the corrections over the phone. For the smaller stuff, 599 00:47:16,079 --> 00:47:20,760 you know, there aren't good solutions. You know, people are figuring this 600 00:47:20,880 --> 00:47:28,639 out right now. In the long run, it looks like we have we 601 00:47:28,719 --> 00:47:34,079 have nation state threats, we have you know, worries about you know, 602 00:47:34,280 --> 00:47:39,320 food chain stability in terms in times of conflict, uh, coupled with you 603 00:47:39,360 --> 00:47:44,760 know, in the today's world, smaller producers and a whole mix of of 604 00:47:45,039 --> 00:47:51,360 you know, small and large manufacturers in the space in your mind. You 605 00:47:51,400 --> 00:47:57,480 know, is there a solution here? Is there? You know these you've 606 00:47:57,519 --> 00:48:01,800 described these as as critical infrastructures. I mean, should we be protecting every 607 00:48:02,280 --> 00:48:07,800 farm out there as thoroughly as we protect a high speed passenger rail switching system 608 00:48:07,880 --> 00:48:12,559 where you know, worst case consequence of compromises, mass casualty events. What 609 00:48:13,519 --> 00:48:17,519 is the end goal here? What are you shooting for? I think these 610 00:48:17,559 --> 00:48:22,760 are fair questions. And if you take a look at all of the infrastructures, 611 00:48:22,920 --> 00:48:27,719 some of the analysis that we've been try and tease apart, what does 612 00:48:27,719 --> 00:48:30,000 it mean? What are the different parts? There are some that are in 613 00:48:30,039 --> 00:48:34,760 a time world. They're very time sensitive. So the power grid, for 614 00:48:34,840 --> 00:48:38,360 example, is a good one. If it goes down within milliseconds, everybody's 615 00:48:38,400 --> 00:48:46,199 impacted. The communications networks are like that. Hot hospitals, banks, maybe 616 00:48:46,239 --> 00:48:50,679 a little less time or a little more time, maybe measured in minutes to 617 00:48:50,719 --> 00:48:55,719 hours. Food system though that could be weeks or months before you actually see 618 00:48:55,719 --> 00:48:59,840 an impact if there's some sort of an attack on a food system. So 619 00:49:00,599 --> 00:49:06,760 when it comes to should I pay more attention to a transportation system like trains 620 00:49:06,840 --> 00:49:10,920 or planes or something versus food. From a time sequencing, I would certainly 621 00:49:10,920 --> 00:49:15,199 say more attention should be paid to the transportation side because the impact can be 622 00:49:15,280 --> 00:49:22,519 fairly quick, whereas you have time working on your favor when it comes to 623 00:49:22,599 --> 00:49:28,079 food. But all that being said, the unfortunate side of this is food 624 00:49:28,119 --> 00:49:34,079 has largely been ignored from a safety perspective or a security perspective. Food safety, 625 00:49:34,119 --> 00:49:37,239 if you put those words together, has largely been a biology or chemistry 626 00:49:37,360 --> 00:49:42,440 type of conversation, and rightly so, because we want to make sure that 627 00:49:42,519 --> 00:49:46,960 the food that we eat or that our pets consume or whatever is absolutely safe 628 00:49:47,320 --> 00:49:52,719 and free of any toxins or any pathogens or anything that might harm or kill 629 00:49:52,800 --> 00:49:55,599 us or cause cancer or all the other things. We absolutely need to focus 630 00:49:55,639 --> 00:50:01,360 on that. But the disruptive side, or the spiona economics side, largely 631 00:50:01,400 --> 00:50:06,559 has not been a focus. And I think now as we begin to understand 632 00:50:06,639 --> 00:50:12,519 the long term impacts of what could happen inside this industry, yes we do 633 00:50:12,559 --> 00:50:15,639 need to pay more attention to it. Who should pay attention is probably the 634 00:50:15,679 --> 00:50:20,159 next question. Should this be a regulatory matter, should it be a business 635 00:50:20,159 --> 00:50:23,599 matter? I think the jury's out on that. Many people are not huge 636 00:50:23,639 --> 00:50:30,400 fans of additional regulation because that increases costs, that causes frustrations. On the 637 00:50:30,440 --> 00:50:35,679 other hand, if businesses can't solve it themselves, then that's not a bad 638 00:50:35,760 --> 00:50:37,719 use of government, you know, to come in and say, Okay, 639 00:50:37,719 --> 00:50:39,639 if you can't, if the economics of it won't fix it, then maybe 640 00:50:39,639 --> 00:50:45,639 a regulatory model would obviously beyond the scope of what we're talking about here, 641 00:50:45,679 --> 00:50:49,440 but certainly a lot of room for the debate there in terms of how to 642 00:50:49,480 --> 00:50:52,320 do that. But a third approach, and this has worked in lots of 643 00:50:52,320 --> 00:50:53,760 places, and it's kind of an old cliche thing, and that has to 644 00:50:53,760 --> 00:51:02,000 do with information sharing and in some sectors the flow of information between competing companies 645 00:51:02,280 --> 00:51:07,079 is very normal when it comes to security, and so if you get a 646 00:51:07,119 --> 00:51:12,719 company that gets data, breach, ransomware, whatever happens to them, they 647 00:51:12,760 --> 00:51:20,079 will happily share the technical information with their competitors because both competitors are expected to 648 00:51:20,159 --> 00:51:22,920 share that. That has nothing to do with competition. That has everything to 649 00:51:22,960 --> 00:51:29,639 do with protecting that industry and making sure that they're safe and secure. In 650 00:51:29,760 --> 00:51:36,000 the food world, Unfortunately, the culture is so resistant to any threat of 651 00:51:36,639 --> 00:51:44,079 antitrust or anything that might even look like an anti competitive thing. That sharing 652 00:51:44,159 --> 00:51:47,880 threat information has kind of fallen into that bucket, and it's a little frustrating 653 00:51:47,920 --> 00:51:53,920 because information sharing about cyber threats is not done at the same level as information 654 00:51:54,039 --> 00:52:00,280 sharing about biological threats. So if you have a salmonella issue, they'll share 655 00:52:00,280 --> 00:52:02,440 that information all day long because they don't want that to impact But if you 656 00:52:02,519 --> 00:52:07,519 have a cyber incident, a breach, or something else, trying to share 657 00:52:07,519 --> 00:52:12,320 that information between competing companies is very hard to do. The lawyers don't want 658 00:52:12,320 --> 00:52:15,280 you to do that. So I think that's that's an area we've got to 659 00:52:15,320 --> 00:52:20,000 figure out how to fix it, and how do we allow these companies that 660 00:52:20,159 --> 00:52:24,960 compete with each other in the food sector to encourage them and enable them to 661 00:52:25,000 --> 00:52:29,920 be able to share threat data cyber threat data or other types of threat data 662 00:52:30,480 --> 00:52:35,559 as readily as they're able to share biological threat data. And that'll help a 663 00:52:35,599 --> 00:52:39,440 lot too. That that third area, that information sharing piece, it suggests 664 00:52:39,480 --> 00:52:45,159 to me, you know, are you saying that in the agriculture and food 665 00:52:45,199 --> 00:52:53,159 processing businesses, maybe what we need is a greater capability in terms of resilience 666 00:52:53,639 --> 00:53:02,320 than necessarily in terms of absolute prevention. For example, if there's you know, 667 00:53:02,360 --> 00:53:07,920 a refrigeration failure at a warehouse and we have to throw out the contents 668 00:53:07,920 --> 00:53:15,239 of the warehouse, then do so and we're back. Or you know, 669 00:53:15,480 --> 00:53:22,679 if you know, the the the combine or the tractor vendor is hacked by 670 00:53:22,679 --> 00:53:27,039 a nation state and all of the tractors are bricked, that there's a way, 671 00:53:27,280 --> 00:53:30,599 you know, possibly by regulation, by law saying there has to be 672 00:53:30,679 --> 00:53:36,679 a way to turn these vehicles on again. Manufacturers make it happen so that 673 00:53:37,239 --> 00:53:39,280 you can turn a physical key, or you can press a physical button, 674 00:53:39,360 --> 00:53:44,440 or you can do something to reactivate the equipment. Is is this what I'm 675 00:53:44,480 --> 00:53:47,400 hearing? So the question you're asking then is is there some way we can 676 00:53:47,519 --> 00:53:54,440 anticipate failure and engineers a solution that either might prevent the failure that'd be great 677 00:53:55,239 --> 00:54:00,639 or at least reduce the consequences of that failure. And what's your describing as 678 00:54:00,679 --> 00:54:04,960 an initiative that's sort of new, been around a couple three years beginning to 679 00:54:04,960 --> 00:54:09,360 gain some good traction called cyber informed engineering. The general idea being is that 680 00:54:09,400 --> 00:54:14,280 if we're going to engineer something let's say we're going to build a new tractor, 681 00:54:14,280 --> 00:54:16,199 We're going to build a new air conditioning system, whatever it is. 682 00:54:16,800 --> 00:54:22,960 We anticipate a failure mode that could be caused by a trust problem. A 683 00:54:23,000 --> 00:54:29,159 computer system that is no longer trustworthy. It's misbehaving. It either died or 684 00:54:29,199 --> 00:54:35,280 it's producing bad information, or whatever it's controlling isn't being controlled properly. So 685 00:54:35,320 --> 00:54:40,239 we want to engineer something that can then tolerate that loss of trust and can 686 00:54:40,280 --> 00:54:45,079 survive it. Either have a good shutdown, you know, a proper control 687 00:54:45,159 --> 00:54:49,159 shutdown, or you've got to build in workarounds. So your tractor example is 688 00:54:49,199 --> 00:54:53,239 a perfect one like that, where I can anticipate that potentially my loss of 689 00:54:53,320 --> 00:54:58,679 trust through the computer system with it might brick that tractor. I should be 690 00:54:58,719 --> 00:55:01,400 able to reach under the hood, hit a little magic button, and now 691 00:55:01,440 --> 00:55:06,079 it goes into completely manual mode. It's not dependent on the computer anymore, 692 00:55:06,480 --> 00:55:07,800 and I can still fire up that tractor and run it. Yes, it's 693 00:55:07,880 --> 00:55:14,320 less efficient, as it might cost more in terms of hours, but at 694 00:55:14,400 --> 00:55:17,840 least it works and it runs. But I've deliberately engineered that into that tractor. 695 00:55:17,920 --> 00:55:23,199 That's a great example of cyber informed engineering, or you can take it 696 00:55:23,559 --> 00:55:29,840 into production where I'm going to depend on some cloud based service that's providing me 697 00:55:30,000 --> 00:55:35,599 with AI enabled information, so my production is so much faster. But as 698 00:55:35,639 --> 00:55:38,199 somebody attacks me, if I lose my network connection, if I lose trust 699 00:55:38,239 --> 00:55:44,400 on my databases, I can still produce food. I just can't necessarily produce 700 00:55:44,440 --> 00:55:49,119 it as efficiently as I could before, but I can at least continue production. 701 00:55:49,400 --> 00:55:52,519 That's cyber informed engineering, and I think that's kind of a neat approach 702 00:55:52,559 --> 00:55:57,480 here. I understand you've had guests in the past that they've spoken to this, 703 00:55:57,719 --> 00:56:00,199 because what we're looking at is can we can we take the brains of 704 00:56:00,199 --> 00:56:05,960 the engineers who are thinking about all sorts of different activities that are going on 705 00:56:06,239 --> 00:56:08,679 with their engineered world that from the environment to humans, to others that they're 706 00:56:08,719 --> 00:56:13,880 interacting with, and engineer systems that are resilient to these types of threats. 707 00:56:13,920 --> 00:56:16,079 Well, we're now adding in cybers so we're not asking the engineers to become 708 00:56:16,119 --> 00:56:22,079 cybersecurity experts. It's more of can you use your engineering skills to build an 709 00:56:22,079 --> 00:56:27,760 engineered system that can survive a cyber attack or at least reduce the consequences of 710 00:56:27,800 --> 00:56:30,519 a cyber attack down to some manageable level. So I'm glad you brought that 711 00:56:30,599 --> 00:56:37,119 up because that is a great way to introduce that concept of CIE into the 712 00:56:37,159 --> 00:56:42,000 food and at sector and how would it actually apply there? That makes sense. 713 00:56:42,679 --> 00:56:46,679 Something else you mentioned a couple of minutes ago, you talked about lack 714 00:56:46,719 --> 00:56:52,400 of information sharing. I mean, is there no you know, worldwide? 715 00:56:52,519 --> 00:56:59,199 Is there no jurisdiction with a food and beverage or an agricultural iceac As far 716 00:56:59,280 --> 00:57:01,039 as I know that, there's not a robust one. So if you look 717 00:57:01,079 --> 00:57:07,119 at other sectors like the electricity I SACK or the financial services I sack, 718 00:57:07,360 --> 00:57:12,840 healthcare is sack, they are very robust global sometimes in nature. There was 719 00:57:13,119 --> 00:57:15,480 an attempt to create a food and egg I sack a number of years ago. 720 00:57:16,400 --> 00:57:21,280 It lasted for a few years. They could not My understanding is they 721 00:57:21,280 --> 00:57:24,920 couldn't attract enough companies that wanted to belong to it. And if you recall 722 00:57:25,000 --> 00:57:30,159 what I said about the reluctance to share because of the fear of lawsuits, 723 00:57:30,559 --> 00:57:37,320 antitrust lawsuits largely has derailed that. But what you wind up with is there's 724 00:57:37,320 --> 00:57:42,960 still a desire to share, but there's a reluctance to share. And so, 725 00:57:43,199 --> 00:57:47,000 as you mentioned earlier, there's this large companies, your well known brand 726 00:57:47,079 --> 00:57:51,880 names that you see in the grocery stores. They probably are financially okay where 727 00:57:51,880 --> 00:57:57,079 they can protect themselves. But below them the producers and growers of which most 728 00:57:57,079 --> 00:58:00,199 people have never heard of because there's so many of them, the small how 729 00:58:00,519 --> 00:58:04,320 businesses, the farmers and others. They don't have that luxury. And that's 730 00:58:04,360 --> 00:58:09,480 probably where an ICEACK would have the most impact would be with those small communities, 731 00:58:09,559 --> 00:58:14,800 the small farms, the small businesses because they just don't have their own 732 00:58:14,800 --> 00:58:20,519 security team. And maybe through the extension system, maybe through some sort of 733 00:58:20,559 --> 00:58:27,039 agricultural outreach Department of Agriculture, that could be done. There is an initiative 734 00:58:27,079 --> 00:58:30,679 that occurred last year through the it I sack to create they had a special 735 00:58:30,719 --> 00:58:35,039 interest group. Some of their members who belonged to the food sector created a 736 00:58:35,079 --> 00:58:39,719 special interest group for that. They have labeled themselves as an Agricultural I sack, 737 00:58:40,239 --> 00:58:45,599 but it's not the same as one that would be very inclusive of all 738 00:58:45,880 --> 00:58:50,480 the small businesses and others. So it's still populated largely by large businesses, 739 00:58:50,480 --> 00:58:54,039 but they're still hampered by the legal challenges of trying to share. So yeah, 740 00:58:54,039 --> 00:58:58,440 I think that would make a big difference if we could do that. 741 00:58:58,480 --> 00:59:01,039 The challenge is how do you do it and who pays for it? Because 742 00:59:01,039 --> 00:59:05,360 again, if you want to bring in small businesses or medium sized businesses, 743 00:59:05,400 --> 00:59:07,480 if they don't have the budget to have an IT staff or security staff, 744 00:59:08,199 --> 00:59:12,000 would they have a budget to belong to an I sack? And what would 745 00:59:12,039 --> 00:59:16,079 be the right membership rate or is this something that state government should just pay 746 00:59:16,119 --> 00:59:22,599 for or agricultural grants much like we do with food stamps and other types of 747 00:59:23,880 --> 00:59:28,599 nutrition programs. Maybe that's a way to finance it. So this is still 748 00:59:28,880 --> 00:59:30,760 a great area of public policy to talk about. I don't think we have 749 00:59:30,800 --> 00:59:37,480 a firm answer yet, but we do need to think very strongly about how 750 00:59:37,519 --> 00:59:40,679 do we increase the amount of information sharing, the threat intelligence sharing, the 751 00:59:40,719 --> 00:59:45,440 analysis and so forth that goes on, and just briefly you know, of 752 00:59:45,440 --> 00:59:47,519 course, what we're doing at Auburn. One of the proposals has been to 753 00:59:47,559 --> 00:59:52,519 create a consortium. Find other land grant schools across the States. Let's build 754 00:59:52,559 --> 00:59:59,000 a consortium, and maybe that consortium together could become an I sack for small 755 00:59:59,039 --> 01:00:05,320 farmers. Students in our universities could become the staff, become the analysts. 756 01:00:05,320 --> 01:00:08,199 So they learned in their junior and senior years how to handle threats. They 757 01:00:09,079 --> 01:00:13,679 learn about what's going on these earlier topics we were talking about, from nation 758 01:00:13,840 --> 01:00:16,840 states to terrorists, to others that might impact the business they're going to work 759 01:00:16,880 --> 01:00:22,159 for. So then when they graduate with their agricultural degree or engineering degree and 760 01:00:22,519 --> 01:00:27,440 go off to their initial jobs, not only are they BookSmart on that area 761 01:00:27,599 --> 01:00:30,039 that they study, but they're also well aware of the threats to their industry 762 01:00:30,199 --> 01:00:35,119 and can start bringing in that level of knowledge. So that's an approach we've 763 01:00:35,119 --> 01:00:40,039 been talking about that might work. Just we're open to trying lots of different 764 01:00:40,079 --> 01:00:44,280 ideas because clearly the way we're doing it today is not working, and so 765 01:00:44,440 --> 01:00:50,199 we've got to come up with some other approaches. That was a long answer. 766 01:00:50,280 --> 01:00:53,199 Let me paraphrase just a minute. You know, in a traditional is 767 01:00:53,440 --> 01:00:58,440 sac and I've sat in on some of these traditional is sacks, they have 768 01:00:58,519 --> 01:01:01,840 weekly phone calls are maybe half an hour long. In every one of these 769 01:01:01,840 --> 01:01:07,039 phone calls, one of the participating businesses, big oil companies, big manufacturers, 770 01:01:07,199 --> 01:01:15,199 big power companies, you know, take the microphone and walk the rest 771 01:01:15,239 --> 01:01:19,679 of the listeners through an attack scenario that they've observed recently or attacks that they've 772 01:01:19,679 --> 01:01:23,760 defeated recently. And the bottom line is what's called actionable intel. Namely, 773 01:01:24,599 --> 01:01:30,639 there are intrusion detection signatures that these people are providing. There's IP addresses that 774 01:01:30,800 --> 01:01:35,039 you know, shouldn't be trusted anymore that these people are providing. They're providing 775 01:01:35,119 --> 01:01:40,199 very technical information that the consumers. The people who are listening on the call, 776 01:01:40,559 --> 01:01:45,360 are taking this information and putting it into their intrusion detection systems and putting 777 01:01:45,400 --> 01:01:51,760 it into their SEMs so that if they detect this kind of activity in the 778 01:01:51,800 --> 01:01:55,239 future, they know that it's malicious and they can activate their incident response teams. 779 01:01:57,079 --> 01:02:01,000 So here's the problem with you know, small farms. We're talking you 780 01:02:01,039 --> 01:02:07,440 know, one or two families operating you know, a handful of square miles 781 01:02:07,480 --> 01:02:13,239 of farmland. There might be three people, there might be five people with 782 01:02:13,280 --> 01:02:17,119 a couple of hired hands operating this this farm. Are they going to get 783 01:02:17,159 --> 01:02:22,639 on a phone call once a week for a half hour or an hour listening 784 01:02:22,679 --> 01:02:27,199 to IP addresses and you know, signatures and checksums. They don't have an 785 01:02:27,199 --> 01:02:31,639 intrusion detection system. They don't have an incident response system. They need a 786 01:02:31,679 --> 01:02:36,280 different kind of information, and you know what kind of information is that. 787 01:02:36,400 --> 01:02:39,440 I don't know, but this is the work that Marcus is doing at you 788 01:02:39,440 --> 01:02:45,000 know, at at the university there, so you know, it's it's it's 789 01:02:45,039 --> 01:02:46,280 a good thing he is doing the work. I look forward to seeing as 790 01:02:46,320 --> 01:02:52,199 results. Well, Mark, this has been tremendous. It's you know, 791 01:02:52,280 --> 01:02:54,840 this is a field an industry that I know very little about, and I'm 792 01:02:55,000 --> 01:03:00,360 grateful for the introduction. Thank you. Before we let you go, can 793 01:03:00,400 --> 01:03:04,440 you sum up for us what should our listeners take away from this problem from 794 01:03:04,480 --> 01:03:07,599 these solutions from this space. Thank you, Andrew, and I really do 795 01:03:07,679 --> 01:03:10,199 appreciate you letting me take the time today to talk to you and talk to 796 01:03:10,239 --> 01:03:14,960 your listeners about this. Probably the key thing, of course, is to 797 01:03:15,079 --> 01:03:20,239 recognize that in these critical infrastructure sectors, they're all different, but they're all 798 01:03:20,239 --> 01:03:25,360 interdependent. The food and eggs sector oftentimes is overlooked because it just works. 799 01:03:25,719 --> 01:03:30,960 We have an abundance of food, we're not starving, but it, like 800 01:03:30,000 --> 01:03:35,800 any other critical sector, is dependent on other sectors, and it's dependent more 801 01:03:35,800 --> 01:03:40,960 and more now on the connected systems and the IT infrastructure and the internet and 802 01:03:42,039 --> 01:03:45,360 cloud and AI and all these neat things that other sectors have embraced over the 803 01:03:45,400 --> 01:03:50,440 decades is now being embraced by food and Egg. And I want to understand 804 01:03:50,480 --> 01:03:53,840 that with all this new technology, while we're bringing in new efficiencies, we're 805 01:03:53,840 --> 01:04:00,239 bringing in new vulnerabilities, new threats, potential consequences we've never thought of before. 806 01:04:00,880 --> 01:04:04,559 And these are areas because it's changing so rapidly, we're challenged with how 807 01:04:04,599 --> 01:04:09,960 best do you address it? And the solutions we've come up with with the 808 01:04:10,039 --> 01:04:13,960 other critical infrastructure sectors may not work with food and agg We may need to 809 01:04:14,000 --> 01:04:17,639 come up with different ways of delivering the message, different ways of handling these 810 01:04:17,679 --> 01:04:23,239 threats, different ways of working with our regulators and working with the government, 811 01:04:23,320 --> 01:04:27,599 the private sector, small medium, large businesses, and even working globally. 812 01:04:27,920 --> 01:04:33,280 And how do you cooperate with Mexico and cooperate with Europe and China and so 813 01:04:33,360 --> 01:04:39,760 forth. These are all areas of interest, areas of research here at Auburn 814 01:04:39,880 --> 01:04:45,480 and other schools. This is great material for undergrads and grad students to dig 815 01:04:45,519 --> 01:04:48,280 in if they've got to write a paper, if they need to work on 816 01:04:48,320 --> 01:04:54,360 a degree program. These are perfect research areas. Otherwise we wind up just 817 01:04:54,440 --> 01:04:57,000 making it up. We don't want to do that, and I think that's 818 01:04:57,039 --> 01:05:00,639 one of the big benefits that the universities can bring in is that we can 819 01:05:00,800 --> 01:05:05,199 do this type of research and we can come up with some pretty good proposals, 820 01:05:05,480 --> 01:05:09,440 almost like a think tank might do it, but it's being done with 821 01:05:09,599 --> 01:05:14,079 young minds. And the benefit, of course is those students upon graduation, 822 01:05:14,199 --> 01:05:18,880 they're taking that knowledge with them right into industry and you know, helping industry 823 01:05:19,000 --> 01:05:24,480 understand what these threats are because of what they've learned. One of the common 824 01:05:24,519 --> 01:05:28,840 complaints we get from a lot of companies with and I'm sure every college professor's 825 01:05:28,880 --> 01:05:30,880 heard this, is you know, you're turning out book smart students, but 826 01:05:30,920 --> 01:05:34,920 they don't know anything about my industry and we have to start from scratch to 827 01:05:34,960 --> 01:05:40,039 teach them. Well, maybe this is an opportunity here where we start cranking 828 01:05:40,119 --> 01:05:45,320 out some book smart students, but they're also well aware of the threats, 829 01:05:45,400 --> 01:05:50,360 vulnerabilities, consequences of all this new connectivity and all this new precision stuff that 830 01:05:50,400 --> 01:05:55,400 we're beginning that we're bringing in and again focusing on food and egg, not 831 01:05:55,440 --> 01:05:58,360 to leave out the other sectors, but that's where the focus is here. 832 01:05:58,400 --> 01:06:02,840 So I think that would kind of be the big wrapper and where we might 833 01:06:02,880 --> 01:06:05,239 want to go, you know, take take a look at what we're doing 834 01:06:05,280 --> 01:06:09,760 here at Auburn, take a look at the McQuary Institute. We're fairly easy 835 01:06:09,800 --> 01:06:14,440 to find online. And if you're interested in this, if it sounds fun, 836 01:06:15,079 --> 01:06:17,480 contact us. Well. We would love to build out a consortium. 837 01:06:17,519 --> 01:06:23,280 We'd love to get more engagement, build bigger partnerships. There's no way that 838 01:06:23,360 --> 01:06:28,880 any one organization can own this problem. It has to be addressed and worked 839 01:06:28,920 --> 01:06:32,880 on by multiple organizations and institutes and people that all would like to collaborate for 840 01:06:32,920 --> 01:06:36,119 the common good. And there's a lot of room, you know, using 841 01:06:36,320 --> 01:06:41,679 the farm analogy, it's a very big pasture. There's a lot of room 842 01:06:41,719 --> 01:06:44,360 to spread out, so we don't all have to eat the same grass, 843 01:06:44,400 --> 01:06:47,000 if that makes sense. So I think that's kind of what I'd like to 844 01:06:47,079 --> 01:06:50,519 leave with. And if there's any other questions, Andrew open to answer those, 845 01:06:50,599 --> 01:06:55,119 But thank thanks again for allowing me to have the time with you today. 846 01:06:58,400 --> 01:07:02,519 And that just about does it for your interview with Marcus Andrew Yet another 847 01:07:02,559 --> 01:07:08,760 episode where we talked about an industry we've somehow not managed to talk about in 848 01:07:08,800 --> 01:07:14,320 all these years podcasting and presents unique and interesting new challenges to me. The 849 01:07:15,760 --> 01:07:19,280 unique challenge here is, especially on the primary production side of the farms, 850 01:07:20,119 --> 01:07:25,199 there's so many small operators. I mean, you know, in the electric 851 01:07:25,280 --> 01:07:30,639 power grid, something like ninety percent of the world's power is produced by ten 852 01:07:30,719 --> 01:07:35,760 percent of the world's power plants. We're talking about very big installations and the 853 01:07:35,800 --> 01:07:41,880 small ones, in a sense, are noise here. Most of the world's 854 01:07:41,880 --> 01:07:46,599 food seems to be produced by the smaller operators. And you know, those 855 01:07:46,639 --> 01:07:53,079 operators are not just worried about you know, John Deere or some other tractor 856 01:07:53,159 --> 01:07:57,519 vendor or equipment vendor shutting him down. You know, they are dependent on 857 01:07:57,960 --> 01:08:00,400 fuel coming in on a regular basis so they can run the tractors. They're 858 01:08:00,400 --> 01:08:08,159 dependent on electric power, They're dependent on communications facilities with satellites, with the 859 01:08:08,199 --> 01:08:13,519 internet, with their with their cloud providers, and you know, so the 860 01:08:13,519 --> 01:08:16,159 small operator is sort of a unique challenge here. The other thing I took 861 01:08:16,159 --> 01:08:19,880 from the interview is that you know, I have to wonder if time is 862 01:08:19,880 --> 01:08:27,680 not the key, because if a tractor is crippled for twenty four hours, 863 01:08:29,119 --> 01:08:33,239 probably nobody much will notice. Everybody will be annoyed, but it's not even 864 01:08:33,359 --> 01:08:36,079 going to impact the bottom line. If it's if attractor is crippled for a 865 01:08:36,119 --> 01:08:39,840 week, we have the beginnings of a problem. If it's crippled for you 866 01:08:39,880 --> 01:08:44,560 know, two months in planting season, this is a serious problem, especially 867 01:08:44,560 --> 01:08:47,000 if it happens to a lot of tractors. So you know, time is 868 01:08:47,000 --> 01:08:51,760 the key. If we can invent mechanisms so that if there's a cyber problem, 869 01:08:51,880 --> 01:08:56,920 they can you know, that problem can be fixed or worked around promptly, 870 01:08:57,399 --> 01:09:01,960 so that we can operate you know, the affected systems machinery in food 871 01:09:02,000 --> 01:09:05,640 processing plants or tractors or whatever. We can operate these systems, maybe in 872 01:09:05,680 --> 01:09:10,000 a degraded mode, maybe only you know, get ninety five percent of the 873 01:09:10,039 --> 01:09:15,000 efficiency benefits out of it that we thought we were going to get. Then, 874 01:09:15,279 --> 01:09:19,239 you know, then we've got a way forward. This seems absolutely doable. 875 01:09:19,439 --> 01:09:25,359 But you know, as Marcus was saying, it hasn't yet been done. 876 01:09:26,680 --> 01:09:30,680 There aren't those solutions and systems and knowledge in place. We need to 877 01:09:30,720 --> 01:09:34,359 invent them. So, you know, good on Auburn University and you know 878 01:09:34,840 --> 01:09:39,279 the other folks collaborating with them. Good on them. You know, let's 879 01:09:39,479 --> 01:09:43,920 let's solve this problem. It seems eminently solvable. And with that, thank 880 01:09:43,960 --> 01:09:47,960 you to Marcus Socks for this illuminating interview. And Andrew is always thank you 881 01:09:48,039 --> 01:09:50,640 for speaking with me. It's always a pleasure. Thank you, Nan. 882 01:09:51,119 --> 01:09:57,359 This has been the Industrial Security podcast from Waterfall. Thanks to everyone out there 883 01:09:57,439 --> 01:10:04,079 who's listening. Seven days produced Davys spat