1 00:00:03,000 --> 00:00:08,480 Speaker 1: Let me abstract the policy from the network infrastructure such 2 00:00:08,519 --> 00:00:11,960 that you can have a group of devices or a 3 00:00:12,000 --> 00:00:17,359 device itself that essentially associates with an IP address that's 4 00:00:17,359 --> 00:00:18,760 an overlay address. 5 00:00:22,320 --> 00:00:26,399 Speaker 2: Welcome listeners to the Industrial Security Podcast. My name is 6 00:00:26,480 --> 00:00:29,519 Nate Nelson. I'm here as usual with Andrew Ginter, the 7 00:00:29,600 --> 00:00:34,280 vice president of Industrial Security at Waterfall Security Solutions. He 8 00:00:34,560 --> 00:00:37,079 is going to introduce for all of us the subject 9 00:00:37,200 --> 00:00:40,359 and guest of our show today. So, Andrew, how are you. 10 00:00:41,079 --> 00:00:43,840 Speaker 3: I'm well, Thank you, Nate. Our guest today is Tom Siegel. 11 00:00:43,920 --> 00:00:48,079 He is the CEO and co founder of Blastwave, and 12 00:00:48,119 --> 00:00:52,759 he's going to be talking about distributed asset protection, which 13 00:00:52,799 --> 00:00:56,079 is a fancy name for a very common problem in 14 00:00:56,119 --> 00:01:02,359 the industrial space. We have, you know, stuff devices, computers, assets, 15 00:01:02,600 --> 00:01:06,239 cyber assets all over the place. You know, might be 16 00:01:06,319 --> 00:01:10,239 distant in pumping and substations, might be local. The stuff 17 00:01:10,400 --> 00:01:12,760 was bought, you know, on the cheap. It was the 18 00:01:13,000 --> 00:01:17,599 lowest bidder. It's old, it's ancient, and we have no 19 00:01:17,680 --> 00:01:19,359 budget to rip in place. So what do we do 20 00:01:19,719 --> 00:01:23,079 about cybersecurity? And this is something he'll be walking us through. 21 00:01:23,959 --> 00:01:25,280 Speaker 2: Then let's get right into it. 22 00:01:27,640 --> 00:01:30,200 Speaker 3: Hello Tom, and thank you for joining us. Before we 23 00:01:30,239 --> 00:01:31,959 get started, can I ask you to say a few 24 00:01:32,000 --> 00:01:34,439 words of introduction, tell us a bit about your background 25 00:01:34,640 --> 00:01:36,959 and about the good work that you're doing at Blastwave. 26 00:01:37,719 --> 00:01:41,400 Speaker 1: Sure, Andrew, thanks for having me so my background as 27 00:01:41,400 --> 00:01:44,719 I started my career as a chemical engineer at Caterpillar. 28 00:01:45,599 --> 00:01:50,280 I also spent eight years at Eli Lilly, designing and 29 00:01:50,319 --> 00:01:55,319 building processing facilities to make medicine. I was also a 30 00:01:55,319 --> 00:02:00,280 certified safety professional during that period and managed a twenty 31 00:02:00,280 --> 00:02:05,239 four to seven liquid incineration operation which burned a thirty 32 00:02:05,400 --> 00:02:10,280 thousand gallons of liquid waste per day, so a shit ton. 33 00:02:10,919 --> 00:02:15,319 And then I went to Emerson did business development corporate 34 00:02:15,360 --> 00:02:17,800 strategy there. Then I did product management at Alta Vista. 35 00:02:18,240 --> 00:02:21,439 Then I went on to do sales support at Apple, 36 00:02:21,759 --> 00:02:24,680 where I was at Apple for almost ten years. And 37 00:02:24,719 --> 00:02:27,840 then that's when I started my entrepreneurial career. I started 38 00:02:27,879 --> 00:02:31,439 a mobile telephony company, started a solar storage company, started 39 00:02:31,439 --> 00:02:35,000 a wine importing business, then played professional poker for a 40 00:02:35,000 --> 00:02:39,240 few years, and then eventually started this cybersecurity business called 41 00:02:39,280 --> 00:02:44,039 blast Wave. I co founded that in twenty seventeen, and 42 00:02:44,120 --> 00:02:46,800 our mission then is the same as it is today, 43 00:02:46,840 --> 00:02:51,199 which is to protect critical infrastructure from cyber threats, and 44 00:02:51,240 --> 00:02:53,439 we wanted to kind of come at this with a 45 00:02:53,599 --> 00:02:59,000 very different approach than other cybersecurity companies in that we 46 00:03:00,120 --> 00:03:03,120 kind of started from first principles thinking about what are 47 00:03:03,159 --> 00:03:07,840 the three highest kind of classes of threat and categories 48 00:03:07,840 --> 00:03:11,919 of threats and can we actually eliminate those. The biggest 49 00:03:11,960 --> 00:03:15,719 categories probably no surprise to anybody here, but it's fishing, 50 00:03:16,159 --> 00:03:19,439 credential theft, et cetera. I'm like, well, let's just get 51 00:03:19,520 --> 00:03:22,840 rid of user names and passwords altogether and come up 52 00:03:22,879 --> 00:03:26,599 with a different model for MFA that can actually apply 53 00:03:26,719 --> 00:03:30,840 to industrial settings. So we did that. The second category 54 00:03:31,000 --> 00:03:35,199 of threats was really cvees and vulnerabilities, and could we 55 00:03:35,240 --> 00:03:38,599 make those unexploitable. We came up with a concept called 56 00:03:38,639 --> 00:03:41,960 network cloaking, which I'm sure we'll discuss which kind of 57 00:03:42,000 --> 00:03:45,439 addresses that issue. And then the last one is human error, 58 00:03:45,639 --> 00:03:48,719 which is impossible to get rid of. But if you 59 00:03:48,719 --> 00:03:51,840 can make human beings make fewer decisions, they can also 60 00:03:51,919 --> 00:03:55,520 make fewer mistakes. So we also incorporated that into a 61 00:03:55,520 --> 00:03:57,479 lot of are UI and UX. 62 00:03:58,560 --> 00:04:05,080 Speaker 3: That's wow, that's a history like none other I've ever heard. Tom, 63 00:04:05,960 --> 00:04:08,680 you know, make like I'm thinking, makes makes my own 64 00:04:09,240 --> 00:04:14,000 what I thought storied background look completely mundane. You've been 65 00:04:14,280 --> 00:04:18,319 in lots of different industries. Now I understand that you know, 66 00:04:18,399 --> 00:04:21,240 a lot of what blast Wave does right now is 67 00:04:21,600 --> 00:04:25,480 upstream and midstream, and we've never had someone on the 68 00:04:25,519 --> 00:04:28,959 show explaining how that works. I mean, I think we've had, 69 00:04:29,160 --> 00:04:32,720 you know, one person on talking about an offshore platform 70 00:04:32,720 --> 00:04:35,279 at some point. But you know, when you're looking at 71 00:04:35,639 --> 00:04:37,839 the industry, can we start with the industry? What's what's 72 00:04:37,879 --> 00:04:40,680 the physical process physically? What's this stuff look like, what's 73 00:04:40,720 --> 00:04:41,800 it do? How does it work? 74 00:04:42,639 --> 00:04:45,519 Speaker 1: Yeah, it's really interesting because I can talk about the 75 00:04:45,519 --> 00:04:49,759 physical process and it's also evolved quite a bit in 76 00:04:49,839 --> 00:04:54,199 the last twenty years. So, first of all, just stepping 77 00:04:54,240 --> 00:04:59,279 back looking at the industry, the overall oil and gas 78 00:04:59,319 --> 00:05:04,360 market globe generates two trillion dollars of revenue per year, 79 00:05:05,040 --> 00:05:08,399 and that generates one trillion in profit. So there's a 80 00:05:08,399 --> 00:05:12,000 lot of money in this business. And that also means 81 00:05:12,040 --> 00:05:15,480 that there's a lot of gallons of oil and a 82 00:05:15,519 --> 00:05:19,160 lot of cubic feet of gas that are being extracted 83 00:05:19,639 --> 00:05:24,360 and transmitted and sent everywhere around the world. And the 84 00:05:24,399 --> 00:05:27,399 other thing that's interesting is that, in spite of how 85 00:05:27,439 --> 00:05:32,040 old this industry is, there's between fifteen and twenty thousand 86 00:05:32,079 --> 00:05:37,160 new oil wells created per year, and in fact half 87 00:05:37,199 --> 00:05:39,399 of those were done in the Permian Basin, so about 88 00:05:39,439 --> 00:05:42,680 eight thousand wells were created last year in the Permian Basin. 89 00:05:43,319 --> 00:05:47,480 I don't think people realized the magnitude of which the 90 00:05:47,480 --> 00:05:51,439 oil and gas companies are continuing to create wells and 91 00:05:51,720 --> 00:05:54,600 extract oil. The other thing that's interesting about it is 92 00:05:55,079 --> 00:06:00,720 twenty years ago we had a traditional vertical drilling approach 93 00:06:00,959 --> 00:06:05,120 to oil and gas, and in that to last two 94 00:06:05,160 --> 00:06:09,079 decades we've noticed that there are capabilities to actually now 95 00:06:09,160 --> 00:06:13,560 drill horizontally. And what's pretty interesting is you can actually, 96 00:06:13,639 --> 00:06:18,000 as you start drilling a well today, you create the 97 00:06:18,279 --> 00:06:22,480 initial bore, which is usually a foot or more in diameter, 98 00:06:23,639 --> 00:06:27,160 and then you can send these kind of devices and 99 00:06:27,519 --> 00:06:34,079 drill bits down a relatively sloping curve that over the 100 00:06:34,120 --> 00:06:36,800 course of maybe one hundred or two hundred meters, you've 101 00:06:36,839 --> 00:06:40,079 now done a ninety degree angle, and then you can 102 00:06:40,079 --> 00:06:46,600 start drilling horizontally, which allows you to have higher probabilities 103 00:06:46,800 --> 00:06:50,480 of not hitting a dry well. It gives you more 104 00:06:50,519 --> 00:06:55,360 capabilities for lower cost extraction, and so it's been a 105 00:06:55,399 --> 00:06:59,879 great boon for the industry. Hydraulic fracturing, which is another 106 00:07:00,079 --> 00:07:04,879 technique that's been exploited to get much higher yields out 107 00:07:04,879 --> 00:07:09,480 of these wells, also contributed to the recent boom in 108 00:07:09,600 --> 00:07:14,040 oil and gas. So there are many, many things that 109 00:07:14,079 --> 00:07:17,240 have to be considered when you start doing this process. 110 00:07:17,319 --> 00:07:20,480 You know, you've got to go through site selection, permitting, 111 00:07:21,439 --> 00:07:23,319 you've got to do all this site prep. And one 112 00:07:23,360 --> 00:07:27,120 thing people may not realize is site prep means building roads. 113 00:07:28,759 --> 00:07:32,879 You have to build an entire infrastructure to get to 114 00:07:33,040 --> 00:07:37,160 and from these wells. And then once you start actually 115 00:07:37,240 --> 00:07:40,519 drilling the well, it's much like a CNC machine if 116 00:07:40,519 --> 00:07:43,519 you've been in a factory like Caterpillar or something where 117 00:07:43,600 --> 00:07:47,560 there's a fluid heat transfer fluid that allows you to 118 00:07:48,160 --> 00:07:50,759 you know, cut the metal. In this case, they use 119 00:07:50,800 --> 00:07:56,199 a mud that both stabilizes the well bore and it 120 00:07:56,240 --> 00:08:01,199 also helps you manage pressure. And that muddud flows down 121 00:08:01,240 --> 00:08:06,959 through the drill pipe and then it comes out around 122 00:08:07,120 --> 00:08:10,319 in kind of an annulus, almost like a doughnut, that 123 00:08:10,439 --> 00:08:14,600 comes back up the outside of that drill pipe to 124 00:08:14,680 --> 00:08:21,720 be then cleaned. Having the rock kind of cuttings removed 125 00:08:21,759 --> 00:08:24,959 from it using a screening and operation, and then you 126 00:08:25,040 --> 00:08:27,240 kind of reuse the mud and so forth. So there's 127 00:08:27,279 --> 00:08:33,960 a lot to it. And increasingly much of this is 128 00:08:34,000 --> 00:08:38,960 being automated, and you're having connectivity that is absolutely essential 129 00:08:39,759 --> 00:08:41,960 to be your eyes and ears and these wells, because 130 00:08:42,000 --> 00:08:45,159 once you start producing oil and gas, these things are 131 00:08:45,639 --> 00:08:49,440 hours and hours away from each other. They're very remote, 132 00:08:49,759 --> 00:08:54,679 very rural areas, and so that connectivity is absolutely critical. 133 00:08:55,279 --> 00:08:57,039 And you may have you know, we have one customer 134 00:08:57,080 --> 00:09:00,799 who has seven hundred sites that they're trying to manage, 135 00:09:00,919 --> 00:09:04,000 and so they have to have the ability to do 136 00:09:04,039 --> 00:09:07,960 this in an automated fashion, which requires not just connectivity 137 00:09:08,000 --> 00:09:10,519 but secure connectivity. 138 00:09:10,559 --> 00:09:12,440 Speaker 3: Cool. I mean, you know, it's a piece of the 139 00:09:13,120 --> 00:09:17,240 of the the industry I never dug into. So thank 140 00:09:17,279 --> 00:09:19,919 you for that. Can I ask you, you know you've 141 00:09:19,919 --> 00:09:24,399 said in the modern world, you know, increasingly everything is automated. 142 00:09:24,399 --> 00:09:26,759 I mean, that makes perfect sense. The example I often 143 00:09:26,840 --> 00:09:30,159 use is you buy an automobile, it's got three hundred 144 00:09:30,279 --> 00:09:34,799 CPUs in it. Everything, Every every device, you know, every 145 00:09:34,879 --> 00:09:37,799 non trivial device you buy nowadays has a CPU in it. 146 00:09:38,159 --> 00:09:41,840 Can you talk about the automation in these these drilling systems, 147 00:09:41,840 --> 00:09:46,600 in these these upstream systems. You know, what does what's 148 00:09:46,600 --> 00:09:48,840 that automation look like? Is it like built into the 149 00:09:48,879 --> 00:09:52,679 device like an automobile. Is it a program wile logic controller? 150 00:09:52,759 --> 00:09:55,799 I mean, I'm familiar with, you know, power plants vaguely, 151 00:09:55,879 --> 00:09:57,960 I mean monthly. I don't get out much. I'm a 152 00:09:58,000 --> 00:10:00,279 I'm a software guy more than a hardware guy. But 153 00:10:00,519 --> 00:10:03,320 I've had a few tours. You know, I know what 154 00:10:03,360 --> 00:10:06,399 a PLC looks like. If I visited one of these 155 00:10:06,440 --> 00:10:09,159 well sites, would I recognize the automation? What's it look like? 156 00:10:09,559 --> 00:10:12,720 Speaker 1: Yeah, you would definitely recognize the automation. So what you 157 00:10:12,759 --> 00:10:16,200 see is your classic kind of SCATA tech stack, if 158 00:10:16,240 --> 00:10:19,679 you will. So you'll have remote terminal units, You're going 159 00:10:19,759 --> 00:10:24,080 to have PLCs. You're going to have these things mounted 160 00:10:24,200 --> 00:10:27,879 on a din rail in a cabinet and there can 161 00:10:27,919 --> 00:10:32,679 be various size cabinets. At some well locations, you're going 162 00:10:32,759 --> 00:10:35,519 to have just a few number of devices. And then 163 00:10:35,559 --> 00:10:38,480 at some other well sites, again I go back to 164 00:10:38,519 --> 00:10:41,519 the horizontal drilling, You're gonna have a much bigger operation there. 165 00:10:42,000 --> 00:10:44,799 You're also going to have those well sites connected to 166 00:10:44,840 --> 00:10:48,559 what are called tank batteries, so that you can essentially 167 00:10:48,759 --> 00:10:53,240 manage the flow of oil and gas into these storage facilities. 168 00:10:53,759 --> 00:10:58,639 So there's a lot of automation that's necessary, using kind 169 00:10:58,639 --> 00:11:05,440 of pid control loos to maintain equilibrium within these systems. 170 00:11:05,639 --> 00:11:11,799 And there can also be oftentimes challenges that happen, shocks 171 00:11:11,799 --> 00:11:14,799 to the system where let's say, in the case of 172 00:11:14,840 --> 00:11:18,039 oil and gas, the price starts dropping. Well, when the 173 00:11:18,039 --> 00:11:21,639 price starts dropping, the motivation of the business unit is 174 00:11:21,679 --> 00:11:25,759 not to just keep cranking production at maximum capacity, and 175 00:11:25,799 --> 00:11:28,960 so you actually want to have dynamically. You want to 176 00:11:28,960 --> 00:11:33,840 manage your operation dynamically based on economic conditions that can 177 00:11:33,960 --> 00:11:37,000 change over time. And I'll tell you something else, Andrew, 178 00:11:37,080 --> 00:11:40,320 about what's happening today. There's a lot more uncertainty in 179 00:11:40,320 --> 00:11:43,320 the business world today than there was four months ago. 180 00:11:43,720 --> 00:11:47,320 And I think that is going to affect oil and gas. 181 00:11:47,519 --> 00:11:49,639 It's going to affect the price of oiling gas. It's 182 00:11:49,639 --> 00:11:52,039 going to affect the supply of oil and gas. It's 183 00:11:52,039 --> 00:11:57,879 going to affect the transmission across borders. So these kinds 184 00:11:57,919 --> 00:12:01,600 of things can affect the automation. I'll call it like 185 00:12:01,720 --> 00:12:06,879 uber automation. Okay, not just between the actual plant operations 186 00:12:06,879 --> 00:12:12,559 and facilities, but also between different entities in the upstream, downstream, 187 00:12:12,679 --> 00:12:16,080 and midstream ecosystem. So there's a lot of there's a 188 00:12:16,080 --> 00:12:19,159 lot of very interesting factors that affect that. And I'll 189 00:12:19,159 --> 00:12:22,600 tell you one other thing that's kind of interesting. That's 190 00:12:22,720 --> 00:12:26,360 everybody's talking about AI, and there are some of the 191 00:12:26,440 --> 00:12:30,919 larger oil and gas companies are trying to figure out 192 00:12:30,919 --> 00:12:36,000 how to apply AI to optimize their operation. And you know, 193 00:12:36,080 --> 00:12:39,279 everybody knows that there's there's automation that's used to help 194 00:12:39,360 --> 00:12:46,039 identify ways to to to deliver predictive maintenance to rotating machines, 195 00:12:46,679 --> 00:12:50,879 but there's also uses of AI in oil and gas 196 00:12:51,399 --> 00:12:55,080 to prevent things like spills. And one of the big 197 00:12:55,159 --> 00:12:58,279 challenges is it's easy. If you go talk to someone 198 00:12:58,320 --> 00:13:01,799 at BP or Shell or Chevron and you say can 199 00:13:01,840 --> 00:13:03,480 I get data to the cloud, They're going to go, well, 200 00:13:03,519 --> 00:13:06,279 heck yeah, there's all kinds of great things that can 201 00:13:06,279 --> 00:13:09,240 allow you to get data out of your process. And 202 00:13:09,279 --> 00:13:11,200 in fact, I think you're associated with a company that 203 00:13:11,200 --> 00:13:13,320 does a really good job of doing that kind of 204 00:13:13,360 --> 00:13:18,200 one way transmission of data. And the other thing is, 205 00:13:18,440 --> 00:13:22,279 but once you have that data and you're using it 206 00:13:22,320 --> 00:13:26,720 to build AI models, then how do you get deliver 207 00:13:26,799 --> 00:13:30,440 those set points and control variables back to the process. 208 00:13:31,720 --> 00:13:34,840 It scares the crap out of these people the idea 209 00:13:35,320 --> 00:13:39,480 of connecting their control network to a much less secure 210 00:13:40,799 --> 00:13:44,399 cloud network or corporate network, because as we all know, 211 00:13:44,639 --> 00:13:48,799 security is a continuum. It's not Boollyan secure or insecure. 212 00:13:49,679 --> 00:13:51,600 So I think there's a lot of interesting things that 213 00:13:51,639 --> 00:13:55,679 are happening with that, and I think just to kind 214 00:13:55,679 --> 00:13:59,039 of close the story on that, one company, for example, 215 00:13:59,679 --> 00:14:03,159 is pulling that data, they're analyzing it actually an AWS 216 00:14:04,279 --> 00:14:07,600 and then they are taking some of those control variables 217 00:14:07,919 --> 00:14:10,840 and they're using a human in the loop process so 218 00:14:10,879 --> 00:14:13,759 that they'll say this is the recommended set point for 219 00:14:13,840 --> 00:14:18,399 this process, and then the human and the loop then 220 00:14:18,480 --> 00:14:22,399 implements that through their control HMI. So there's a lot 221 00:14:22,480 --> 00:14:26,720 of very interesting traditional ways in which automations apply to 222 00:14:26,720 --> 00:14:30,320 oil and gas, but there's also some very interesting evolving 223 00:14:30,759 --> 00:14:32,679 mechanisms that involve machine learning. 224 00:14:35,919 --> 00:14:38,039 Speaker 3: So Nate, let me jump in and give sort of 225 00:14:38,039 --> 00:14:41,399 a bit of context here. Yeah, you know, AI and 226 00:14:41,720 --> 00:14:45,480 cloud based systems. In my opinion, these are the future 227 00:14:45,720 --> 00:14:50,519 of industrial automation and pretty much everything you know, the 228 00:14:50,600 --> 00:14:53,960 question is not if the question is win, because different 229 00:14:54,399 --> 00:14:56,600 kinds of cloud systems are going to be used in 230 00:14:56,639 --> 00:14:58,919 different kinds of industries at different times, you know, with 231 00:14:58,960 --> 00:15:03,159 different intensities. You know, I care enormously about this topic 232 00:15:03,200 --> 00:15:07,200 because I am writing my fourth book. The working subtitle 233 00:15:07,200 --> 00:15:09,039 of the book, possibly the title of the book is 234 00:15:09,200 --> 00:15:12,840 CIE for a Safety Critical Cloud. You know, when you 235 00:15:12,879 --> 00:15:18,360 have cloud systems controlling potentially dangerous physical processes, how do 236 00:15:18,399 --> 00:15:22,240 you do that? There are designs that work, you know. 237 00:15:22,399 --> 00:15:25,799 I I'm keen to to listen to the rest of 238 00:15:25,840 --> 00:15:28,360 the episode here. I'm keen to, you know, when I 239 00:15:28,360 --> 00:15:30,279 had Tom on, I was keen to learn from him. 240 00:15:30,799 --> 00:15:33,879 When I write these books, I try not to make 241 00:15:33,960 --> 00:15:37,600 up solutions myself. I tend to get them wrong when 242 00:15:37,639 --> 00:15:40,480 I do that. I try to learn from experts like 243 00:15:40,559 --> 00:15:43,960 Tom and you know, gather up the best knowledge in 244 00:15:44,000 --> 00:15:46,200 the industry and try and package it up in a 245 00:15:46,879 --> 00:15:51,919 digestible format. So, yeah, you know, the cloud is the future, 246 00:15:51,960 --> 00:15:56,080 and I'm you know, when we recorded this, I was 247 00:15:56,159 --> 00:15:59,279 keen to learn from Tom about what the future looks like. 248 00:15:59,559 --> 00:16:02,120 Speaker 2: And I know we're about to get right back into 249 00:16:02,120 --> 00:16:04,720 the interview and what I'm about to say, actually kind 250 00:16:04,759 --> 00:16:06,840 of has nothing to do with you just said, but 251 00:16:06,960 --> 00:16:10,320 before we go. A few times now it feels like 252 00:16:10,360 --> 00:16:14,639 you guys have mentioned the terms upstream, downstream, midstream, and 253 00:16:14,679 --> 00:16:16,240 I just want to make sure I'm clear on this 254 00:16:16,320 --> 00:16:17,960 before we continue. 255 00:16:18,159 --> 00:16:21,360 Speaker 3: Sure, this is this is standard oil and gas terminology. 256 00:16:21,759 --> 00:16:24,480 You know, people say, oh, oil and gas as if 257 00:16:24,480 --> 00:16:30,200 it were one industry. It's not. Really. There's three industries involved, 258 00:16:30,240 --> 00:16:32,759 and each of these these you know sort of sub 259 00:16:32,799 --> 00:16:36,480 industries have a lot of different kinds of facilities. So 260 00:16:37,399 --> 00:16:41,399 the stream is generally considered be the pipeline. So we're 261 00:16:41,440 --> 00:16:47,799 talking upstream is producing stuff to feed into midstream the pipeline, 262 00:16:48,440 --> 00:16:52,360 and downstream is taking stuff out of the pipeline for 263 00:16:52,960 --> 00:16:55,960 refining and such. So, you know, sort of next level 264 00:16:55,960 --> 00:16:59,720 of detail. What's involved in upstream exploration is considered part 265 00:16:59,720 --> 00:17:06,799 about stream. Initial drilling is part of upstream. Offshore platforms 266 00:17:06,920 --> 00:17:11,799 are part of upstream. The you know, onshore pump jacks 267 00:17:11,920 --> 00:17:15,920 are part of upstream. You know, the whole infrastructure building 268 00:17:16,000 --> 00:17:21,480 roads is part of the upstream process. Midstream is pipelines 269 00:17:21,839 --> 00:17:25,720 and tank farms, and you know, in the natural gas space, 270 00:17:25,799 --> 00:17:28,279 you need to do sort of an initial separation and 271 00:17:28,359 --> 00:17:31,880 you know, discard waste from the product. You might even 272 00:17:31,960 --> 00:17:33,880 need this in liquids to take you know, if you 273 00:17:33,920 --> 00:17:36,759 can do an initial filter and take water out of 274 00:17:36,799 --> 00:17:38,720 the oil and pump it back down, you know, the 275 00:17:38,720 --> 00:17:41,319 dirty water back down into the well, sort of waste 276 00:17:41,799 --> 00:17:44,960 or carbon dioxide out of the natural gas. There's initial 277 00:17:45,000 --> 00:17:48,960 processing facilities that are sort of pre sending stuff into 278 00:17:49,000 --> 00:17:52,960 the pipeline. There's tank farms where the pipeline store stuff. 279 00:17:53,079 --> 00:17:57,720 Sort of intermediate, there's liquid natural gas ports, there's oil 280 00:17:58,079 --> 00:18:00,920 you know, oil ports, there's oil tank This is all 281 00:18:01,000 --> 00:18:05,000 part of midstream, the process of moving stuff and from 282 00:18:05,039 --> 00:18:07,000 place to place, and you know, to a degree storing 283 00:18:07,039 --> 00:18:11,000 it while you're moving it. And then downstream is sort 284 00:18:11,039 --> 00:18:13,680 of everything you do after it comes out of the pipeline. 285 00:18:13,680 --> 00:18:17,960 So there's refining, turning it into diesel fuel and jet fuel. 286 00:18:18,240 --> 00:18:22,440 There's the finished processing on natural gas, taking out all 287 00:18:22,480 --> 00:18:25,759 of the natural gas liquids, you know, making it basically 288 00:18:25,799 --> 00:18:32,519 pure methane with not much else. You know, there's even 289 00:18:32,599 --> 00:18:36,680 you know, stuff like trucking gasoline from the pipeline to 290 00:18:36,759 --> 00:18:42,240 the gas stations is considered part of downstream. Midstream kind 291 00:18:42,240 --> 00:18:45,680 of rears its head again because you might have the 292 00:18:45,680 --> 00:18:48,160 concept of a gasoline pipeline. So you got the oil 293 00:18:48,200 --> 00:18:51,599 pipeline bringing the crude oil to the refinery. Then you've 294 00:18:51,599 --> 00:18:54,000 got the you know, you sort of hit midstream again 295 00:18:55,160 --> 00:18:58,839 taking the finished product gasoline and sending it to consumers. 296 00:18:58,920 --> 00:19:01,599 Then you've got the truck, you've got the gas stations. 297 00:19:03,000 --> 00:19:05,880 Each of these sort of upstream, midstream and downstream sub 298 00:19:05,880 --> 00:19:10,319 industries has sort of many components. I've lost it now, 299 00:19:10,319 --> 00:19:11,799 but I saw a list once of you know, here's 300 00:19:11,839 --> 00:19:14,480 all the different kinds of things that can be in midstream, 301 00:19:14,519 --> 00:19:16,440 and it was like I countered it was twenty seven 302 00:19:16,759 --> 00:19:20,319 kinds of things. So it's a complicated industry, but very loosely. 303 00:19:20,599 --> 00:19:27,880 You know, upstream produces midstream transports and downstream consumes in 304 00:19:27,880 --> 00:19:31,759 a sense, refines and produces the goods that we actually consume. 305 00:19:34,240 --> 00:19:37,200 Human in the loop, I've heard that described as open loop. 306 00:19:37,720 --> 00:19:41,279 You know, in power plants, which I'm more familiar with, 307 00:19:41,359 --> 00:19:44,640 you monitor the turbines the AI and the cloud comes 308 00:19:44,720 --> 00:19:46,599 back and sends you a text message and says, you know, 309 00:19:46,680 --> 00:19:50,000 you should really service you know, the turbine and generating 310 00:19:50,039 --> 00:19:52,559 in at number three sometime in the next four weeks, 311 00:19:52,559 --> 00:19:54,640 and it goes into my eyes, goes into my brain. 312 00:19:54,720 --> 00:19:56,720 I go and double check with my fingers. I type 313 00:19:56,759 --> 00:19:59,400 on things, I say, you know, I think they're right, 314 00:19:59,599 --> 00:20:02,880 and I schedule the service that's open loop. And yeah, 315 00:20:02,960 --> 00:20:06,400 it gets scary when you start doing closed loop. 316 00:20:07,400 --> 00:20:10,920 Speaker 1: And I would say that one of the key things 317 00:20:11,680 --> 00:20:15,720 if you look at some analogous systems where they have 318 00:20:15,799 --> 00:20:18,079 actually gone from open loop human and a loop, if 319 00:20:18,079 --> 00:20:21,680 you will to closed loop, you could. I'll give two examples. 320 00:20:21,759 --> 00:20:25,400 One would be autopilot on planes and another would be 321 00:20:25,440 --> 00:20:29,640 self driving cars. And in both of those cases, you 322 00:20:29,720 --> 00:20:33,039 don't just switch from open loop to closed loop. No, 323 00:20:33,559 --> 00:20:39,079 you do an extensive amount of testing and validation, and 324 00:20:39,160 --> 00:20:45,480 you also in many cases build redundant systems that allow 325 00:20:45,920 --> 00:20:50,599 an additional level of supervisory control on top of your 326 00:20:50,640 --> 00:20:54,160 normal process control loops. And so like an example that 327 00:20:54,200 --> 00:20:57,279 I had heard about was a company that was looking 328 00:20:57,319 --> 00:21:03,559 at having tank level measurements and looking at an AI 329 00:21:03,680 --> 00:21:08,279 model that would actually analyze the input feeds to that 330 00:21:08,400 --> 00:21:12,599 tank model. So and it would pull data from third 331 00:21:12,640 --> 00:21:17,559 parties that would look at the truck routes for the 332 00:21:17,599 --> 00:21:22,039 tankers that were pulling oil from that tank, and so 333 00:21:22,079 --> 00:21:26,039 you could actually synthesize that data. Now you would have 334 00:21:26,119 --> 00:21:29,519 to put in place a lot of i'll call it 335 00:21:29,839 --> 00:21:34,599 ancillary systems and ancillary testing to make that safe enough 336 00:21:34,640 --> 00:21:38,880 to be like an autopilot on a car, because you know, theoretically, 337 00:21:39,440 --> 00:21:44,119 now with all that supporting testing, autopilot on a car 338 00:21:44,359 --> 00:21:48,279 is supposed to be safer than humans. And with people 339 00:21:48,440 --> 00:21:51,200 on their phones like I see them these days, I 340 00:21:51,279 --> 00:21:53,319 think that's become an increasingly. 341 00:21:52,799 --> 00:21:57,160 Speaker 3: Low bar fascinating stuff. The future of automation, I'm convinced. 342 00:21:57,640 --> 00:21:59,400 But you know, if we could come back to the 343 00:21:59,480 --> 00:22:03,119 to the mundane, you talked about phishing, you talked about 344 00:22:03,440 --> 00:22:08,640 you know, cvees, exploiting vulnerabilities, we're talking about protecting these 345 00:22:08,799 --> 00:22:12,640 assets in you know, the the the upstream and midstream 346 00:22:12,640 --> 00:22:15,960 oil and gas. You know, can you can you bring 347 00:22:16,039 --> 00:22:18,799 us back to cybersecurity? How does how does this big 348 00:22:18,839 --> 00:22:21,839 picture fit with with what you folks do and what 349 00:22:21,880 --> 00:22:23,559 you're focused on cybersecurity wise? 350 00:22:24,599 --> 00:22:28,000 Speaker 1: Absolutely. So. One of the things that's interesting is, you know, 351 00:22:28,160 --> 00:22:31,279 I love talking to customers, and I try to spend 352 00:22:31,319 --> 00:22:35,440 at least fifty percent of my time actually listening more 353 00:22:35,480 --> 00:22:38,480 than talking to customers and understanding what their challenges are 354 00:22:38,559 --> 00:22:41,599 and how we can solve those. And in the case 355 00:22:41,759 --> 00:22:46,160 of oil and gas, there were three customers that came 356 00:22:46,200 --> 00:22:49,599 to us and told us the identical story, and they 357 00:22:49,640 --> 00:22:53,480 became our largest customers. And the story they were telling 358 00:22:53,559 --> 00:22:58,920 us was that they had these highly distributed assets all 359 00:22:58,960 --> 00:23:04,799 over these these very wide geographic areas, and they had 360 00:23:05,160 --> 00:23:10,480 spotty cellular and they had backup satellite to enable that 361 00:23:11,240 --> 00:23:13,440 connectivity that they need. They need the eyes and the 362 00:23:13,480 --> 00:23:17,160 ears in the field because it would be cost prohibitive 363 00:23:17,160 --> 00:23:20,039 for them to get in a truck and drive out 364 00:23:20,039 --> 00:23:23,279 there to monitor that, you know, every few hours. So 365 00:23:24,039 --> 00:23:27,920 the challenge they brought to us was the security team 366 00:23:28,319 --> 00:23:33,319 didn't like the operations team having this insecure connectivity to 367 00:23:33,480 --> 00:23:36,720 these remote areas, and so the security team said, you 368 00:23:36,759 --> 00:23:40,559 need to do something about that. And that's where blastweed 369 00:23:40,680 --> 00:23:43,200 came in, and we said, you know, we can actually 370 00:23:43,920 --> 00:23:49,559 use our software define networking solution to cloak those assets 371 00:23:49,759 --> 00:23:55,680 so they're undiscoverable to adversaries, but also segment them so 372 00:23:55,720 --> 00:23:58,400 that if there were malware that were to get introduced 373 00:23:58,440 --> 00:24:02,240 in one area, it would not to others. And then finally, 374 00:24:02,319 --> 00:24:05,559 you would have the ability to get secure remote access. 375 00:24:06,119 --> 00:24:08,319 And one of the coolest parts about this is this 376 00:24:08,400 --> 00:24:11,400 is not a bump in the wire kind of solution. 377 00:24:12,680 --> 00:24:20,480 This is a solution that allows routing and switching between 378 00:24:20,799 --> 00:24:26,519 groups of devices and users. So it cuts across firewalls 379 00:24:26,559 --> 00:24:30,599 as if they don't exist. It doesn't route traffic based 380 00:24:30,640 --> 00:24:34,680 on source and destination. It routes it based on identity. 381 00:24:35,400 --> 00:24:38,880 And this is something I think is very unique to us, 382 00:24:39,079 --> 00:24:42,440 and it's something that I think customers absolutely love. And 383 00:24:42,519 --> 00:24:46,519 this has enabled us to address a benefit that we 384 00:24:46,599 --> 00:24:49,720 hadn't even thought about, which was when oil and gas 385 00:24:49,799 --> 00:24:53,480 companies acquire other oil and gas companies that one of 386 00:24:53,519 --> 00:24:58,119 the first things they face are the need to maybe 387 00:24:58,160 --> 00:25:02,720 reip this architecture because oftentimes the IP space there's overlapping 388 00:25:02,720 --> 00:25:09,119 addresses and the you know, that can be problematic. It 389 00:25:09,160 --> 00:25:10,960 can take a lot of time, it can take a 390 00:25:11,000 --> 00:25:14,440 lot of money. And that's another solution that we've been 391 00:25:14,480 --> 00:25:19,279 able to deliver. Come almost by accident. We had one company, 392 00:25:19,960 --> 00:25:22,759 oil and gas company that acquired a thirty billion dollar 393 00:25:24,279 --> 00:25:28,400 acquisition target. That's a big company that you're acquiring, and 394 00:25:28,440 --> 00:25:31,599 they were able to protect that with blast shield in 395 00:25:31,640 --> 00:25:35,559 three weeks of acquiring them, and they didn't have to 396 00:25:35,599 --> 00:25:38,240 re ip anything. Again, that's just because of the way 397 00:25:38,279 --> 00:25:41,880 we do this network overlay. So there's a lot of 398 00:25:41,880 --> 00:25:46,160 cool things that that use cases that have we've discovered 399 00:25:46,880 --> 00:25:49,680 through the process of listening and talking to customers. 400 00:25:50,440 --> 00:25:53,079 Speaker 3: You know, you've said the phrase sd WAN, you know, 401 00:25:53,200 --> 00:25:59,000 software defined wide area network. I have never figured out 402 00:26:00,119 --> 00:26:02,960 what is an sd WAN. I mean, I've worked with 403 00:26:03,119 --> 00:26:08,119 firewalls for twenty years. I you know, I did a 404 00:26:08,119 --> 00:26:10,640 lot of different kinds of networking, not not hugely. I 405 00:26:10,640 --> 00:26:13,880 mean I never worked for a telco. But but can 406 00:26:13,920 --> 00:26:17,400 you work with me? You know, what is an sd WAN? 407 00:26:17,480 --> 00:26:19,680 What is your sd WIN? How does one of these 408 00:26:19,720 --> 00:26:21,680 things actually work? What does it do? 409 00:26:22,799 --> 00:26:26,000 Speaker 1: First of all, I said SDN, not sd WAN, So 410 00:26:26,039 --> 00:26:29,640 I said software to find networking, which is a principle, 411 00:26:30,160 --> 00:26:35,000 not sd WAN, which is an architecture. So but what 412 00:26:34,880 --> 00:26:38,160 I what? I guess the best way for me to 413 00:26:38,240 --> 00:26:41,519 think about this, And keep in mind, I'm a chemical engineer, 414 00:26:42,000 --> 00:26:46,799 not a software engineer, So that means I'll if it 415 00:26:46,839 --> 00:26:49,440 takes me, it may take me longer to understand these concepts. 416 00:26:49,519 --> 00:26:51,519 But when I finally do, I can probably explain them 417 00:26:51,519 --> 00:26:55,640 to people. So the the way I've learned this is 418 00:26:55,680 --> 00:27:03,400 that we essentially establish we abstract the policy from the 419 00:27:03,440 --> 00:27:08,200 network infrastructure, so such that you can have a group 420 00:27:08,359 --> 00:27:14,799 of devices or a device itself that essentially associates with 421 00:27:15,200 --> 00:27:18,839 an IP address that's an overlay address, much like you 422 00:27:18,880 --> 00:27:24,079 get network address translation. All right, so you have an 423 00:27:24,079 --> 00:27:29,400 original IP address, you have a translated IP address, and 424 00:27:29,839 --> 00:27:35,559 the software to find network then uses the overlay address 425 00:27:36,480 --> 00:27:40,000 to both communicate with each other to establish the most 426 00:27:40,000 --> 00:27:44,920 efficient route because performance is very important in OT environments 427 00:27:45,000 --> 00:27:50,799 unlike IT environments, and this allows us to optimize the 428 00:27:51,079 --> 00:27:55,119 path for any given packet, which is also very cool. 429 00:27:55,200 --> 00:27:57,400 So that's one of the elements that I think is 430 00:27:57,440 --> 00:28:01,599 important in software to find networking. The other thing is 431 00:28:01,599 --> 00:28:07,319 is that it creates this illusion that it is a 432 00:28:07,359 --> 00:28:12,279 point to point between two different devices or two different groups, 433 00:28:13,079 --> 00:28:15,759 And so that's part of the abstraction. So if you 434 00:28:15,839 --> 00:28:19,160 don't have to like set the path, which is what 435 00:28:19,279 --> 00:28:23,839 firewalls do path looking at the routing how you go 436 00:28:23,920 --> 00:28:27,039 from this firewall to that firewall, from this port to 437 00:28:27,079 --> 00:28:30,519 that port, when you just abstract that too, I want 438 00:28:30,519 --> 00:28:37,279 to go from this centrifuge to that control room. It 439 00:28:37,319 --> 00:28:40,000 doesn't matter if the infrastructure changes. And this is a 440 00:28:40,119 --> 00:28:45,640 very powerful benefit of software defined networking because if you're 441 00:28:45,759 --> 00:28:48,559 just looking at the device you want to protect and 442 00:28:48,640 --> 00:28:51,839 the user who wants to connect to that protected device, 443 00:28:53,000 --> 00:28:57,559 as the environment evolves, and it absolutely will, you don't 444 00:28:57,559 --> 00:29:00,160 get put in the penalty box like you would in 445 00:29:00,200 --> 00:29:04,920 a firewall situation, where you could get firewall rule conflict. 446 00:29:05,799 --> 00:29:08,720 And if one thing to think about, Andrew, is when 447 00:29:08,720 --> 00:29:14,200 you think about the breaches that occur, about one hundred 448 00:29:14,200 --> 00:29:19,440 percent of those breaches already have firewalls, and so that 449 00:29:19,680 --> 00:29:24,440 means that the firewall didn't work properly, which is usually 450 00:29:24,480 --> 00:29:29,279 a result of a firewall rule problem, or the environment 451 00:29:29,359 --> 00:29:32,640 has evolved in such a way that it's no longer protected. 452 00:29:32,680 --> 00:29:35,440 There's a hole. And of course we all know that 453 00:29:36,039 --> 00:29:39,920 adversaries just need to be right once, whereas us defenders, 454 00:29:40,160 --> 00:29:43,039 we've got to be right all the time, which is 455 00:29:43,200 --> 00:29:44,599 very tough unless you're my wife. 456 00:29:47,880 --> 00:29:50,640 Speaker 3: So Nate, let me jump in here. You know, I've, 457 00:29:52,160 --> 00:29:55,599 as I told Tom, I've wondered about this space of 458 00:29:55,720 --> 00:30:00,720 software defined networking wide area networking for sometime and I'm 459 00:30:00,920 --> 00:30:04,440 beginning to wrap my head around it. You know, he 460 00:30:04,519 --> 00:30:07,880 gave the example of, you know, you might imagine that 461 00:30:07,920 --> 00:30:13,039 we've got you know, the Internet, you know, local area networks. 462 00:30:13,079 --> 00:30:17,400 Wire networks were designed so that devices have Internet Protocol 463 00:30:17,400 --> 00:30:19,480 addresses and they talk to each other, and you know, 464 00:30:19,839 --> 00:30:23,839 routers move messages from one network to another so they 465 00:30:23,839 --> 00:30:26,519 get from the source to the destination. Why is any 466 00:30:26,519 --> 00:30:28,680 of this complicated? Why do we need any more than that? 467 00:30:30,279 --> 00:30:33,839 One example that that Tom gave was you know, acquisitions. 468 00:30:35,000 --> 00:30:38,319 If Company A, you know, I mean there's there's Internet 469 00:30:38,359 --> 00:30:41,799 addresses the ten dot series, you know, two to the 470 00:30:41,799 --> 00:30:46,880 twenty fourth addresses our private addresses. Private businesses can assign 471 00:30:46,960 --> 00:30:50,160 them to their you know address to assets on their 472 00:30:50,160 --> 00:30:53,920 private networks, and you know, never show those those addresses 473 00:30:53,960 --> 00:30:56,880 to the public, to the public Internet. That's fine. There's 474 00:30:56,920 --> 00:31:00,160 another set, you know, one one sixty eight is a 475 00:31:00,200 --> 00:31:05,039 sixteen bit address range that everyone uses. So you might say, so, 476 00:31:05,039 --> 00:31:08,720 so what Company A uses you know, let's say ten 477 00:31:08,799 --> 00:31:12,079 dot you know, zero dot one through ten do zero 478 00:31:12,160 --> 00:31:14,960 dot you know twenty They've got a lot of assets, 479 00:31:15,240 --> 00:31:17,960 they use up a bunch of the address space, and 480 00:31:18,000 --> 00:31:21,519 then they buy company B that's used the same addresses. 481 00:31:21,519 --> 00:31:24,240 Because they're private addresses, you don't have to register that 482 00:31:24,279 --> 00:31:27,160 you're using them in public. And now all of the 483 00:31:27,200 --> 00:31:29,599 equipment has the same IP addresses, and you know, for 484 00:31:29,880 --> 00:31:32,359 each IP address, there's two pieces of equipment in the network. 485 00:31:32,359 --> 00:31:36,640 How do you route messages from from these subnetworks, from 486 00:31:36,680 --> 00:31:39,519 these assets to each other. This is the problem of 487 00:31:39,599 --> 00:31:43,440 you know, renumbering. When you acquire a business, often you 488 00:31:43,480 --> 00:31:46,279 have to renumber. It's a it's a pain in the 489 00:31:46,279 --> 00:31:50,480 butt on it networks. It can shut you down until 490 00:31:50,519 --> 00:31:53,599 you're done and tested the renumbering on ot networks, and 491 00:31:53,640 --> 00:31:58,720 nobody wants to shut down. So you know, if there's 492 00:31:58,720 --> 00:32:01,759 a piece of technology, I mean the textbook technology is 493 00:32:01,839 --> 00:32:05,480 network address translation part of most firewalls. It lets you 494 00:32:05,640 --> 00:32:09,680 hide some private addresses and assign a different address to 495 00:32:09,839 --> 00:32:12,039 sort of that set of of private addresses. You got 496 00:32:12,079 --> 00:32:13,400 to you got to set up a whole bunch of 497 00:32:13,440 --> 00:32:17,400 firewall rules. You can do that sort of manually painfully, 498 00:32:19,160 --> 00:32:21,440 but you know, it gets worse than that. I mean, 499 00:32:22,079 --> 00:32:24,839 I was talking to Tom after the recording. He gave 500 00:32:24,839 --> 00:32:27,440 me an example. You know that I didn't capture on 501 00:32:27,799 --> 00:32:30,680 the recording, but he said, you know, Andrew you know, 502 00:32:30,759 --> 00:32:33,319 they're they're working with an airport, and the airport's building 503 00:32:33,359 --> 00:32:36,440 a new wing. I mean, this is common airports expand 504 00:32:37,200 --> 00:32:39,720 and in every you know, let's say there's twenty seven 505 00:32:39,759 --> 00:32:42,720 gates in the new wing. Every gate has got one 506 00:32:42,759 --> 00:32:45,960 of those machines, those those ramps that that sort of 507 00:32:46,039 --> 00:32:49,119 snuggle up to the aircraft and the door opens and 508 00:32:49,160 --> 00:32:51,880 people come out and step onto this device that has 509 00:32:52,240 --> 00:32:54,480 I forget what the name of it is, moved up 510 00:32:54,480 --> 00:32:56,599 to the aircraft and then they walk into the into 511 00:32:56,640 --> 00:32:59,920 the airport building. Every one of these devices has automation 512 00:33:00,039 --> 00:33:02,720 and has computers. Every one of these devices when you 513 00:33:02,759 --> 00:33:06,000 buy it from the manufacturer, the manufacturer assigns the same 514 00:33:06,279 --> 00:33:09,519 private addresses to every one of their products. So now 515 00:33:09,519 --> 00:33:14,079 you've got twenty seven of these ramps in the new wing, 516 00:33:14,359 --> 00:33:19,680 and every you know, batch of twenty computers or devices 517 00:33:19,680 --> 00:33:23,440 that are built into the ramp have the same IP addresses. 518 00:33:24,079 --> 00:33:28,359 How do you route this stuff again? You can put 519 00:33:28,359 --> 00:33:30,359 firewalls in place. You can do so now you need 520 00:33:30,359 --> 00:33:33,759 a firewall in every ramp. You need technology, and it 521 00:33:33,880 --> 00:33:37,480 gets it gets more complicated than that. For example, you know, 522 00:33:37,680 --> 00:33:39,519 many years ago, I worked with a bunch of pipelines. 523 00:33:39,599 --> 00:33:43,200 I remember one pipeline, you know, one thousand kilometers long, 524 00:33:43,319 --> 00:33:46,079 pumping stations, compressor stations all the way down the pipeline. 525 00:33:46,599 --> 00:33:50,200 Communication was important. You have to communicate with these these 526 00:33:50,200 --> 00:33:53,039 stations or you have to shut down the pipeline. You know, 527 00:33:53,359 --> 00:33:59,119 it's illegal to operate a pipeline in that jurisdiction unless 528 00:33:59,119 --> 00:34:04,599 there's human supervis and so you had. You know, there 529 00:34:04,680 --> 00:34:07,480 was a fiber laid along the right of way for 530 00:34:07,519 --> 00:34:10,719 the pipeline, and from time to time some fool would 531 00:34:10,840 --> 00:34:13,960 run a back ode through it. So you'd need backup communications. 532 00:34:14,360 --> 00:34:17,440 I could you not. This pipeline had something like seven 533 00:34:17,800 --> 00:34:21,960 layers of backup communication. There was satellites. There was DSL 534 00:34:22,039 --> 00:34:25,519 modems to the local Internet service provider. There was cable modems. 535 00:34:25,639 --> 00:34:29,760 When there were a local Internet service provider, there was 536 00:34:31,800 --> 00:34:33,719 I don't think I think this was before the era 537 00:34:33,920 --> 00:34:38,079 of cell phones. There were there were analog modems that 538 00:34:38,199 --> 00:34:41,360 you know, we're talking fifty six kilobit you know, one 539 00:34:41,400 --> 00:34:45,679 hundred kilobit per second modems that you could route in 540 00:34:45,719 --> 00:34:52,119 an emergency Internet protocol down very slowly. But and and 541 00:34:52,159 --> 00:34:55,599 they had built their own by hand. They had rolled 542 00:34:55,639 --> 00:34:58,119 their own what today I think would be called a 543 00:34:58,880 --> 00:35:03,760 software defined wide area network, where the task of that 544 00:35:04,239 --> 00:35:07,400 component was to say, I need you know, I need 545 00:35:07,400 --> 00:35:10,519 to send an Internet Protocol message from the SKATA system 546 00:35:10,679 --> 00:35:15,239 to you know, a device five hundred kilometers away. What 547 00:35:15,360 --> 00:35:19,320 infrastructure is up, what infrastructure is dead? If a piece 548 00:35:19,320 --> 00:35:25,840 of the infrastructure, the communications infrastructure, has failed, then you know, 549 00:35:26,000 --> 00:35:29,559 activate another piece of the one of the backups, and 550 00:35:30,000 --> 00:35:33,639 change all the routes, change all the firewall rules so 551 00:35:33,880 --> 00:35:37,280 that all of the messages that have to get from 552 00:35:37,320 --> 00:35:39,559 A to B can get from A to b. It was, 553 00:35:39,719 --> 00:35:42,880 it was, It seemed to me ridiculously complicated, But in 554 00:35:42,960 --> 00:35:46,159 hindsight it sounds like the same kind of need that 555 00:35:46,840 --> 00:35:50,559 modern software defined wide area networks address. You know, they 556 00:35:50,559 --> 00:35:53,079 address security needs as well as just the basics of 557 00:35:53,239 --> 00:35:56,280 getting the messages from one place to another when the 558 00:35:56,440 --> 00:36:03,440 underlying infrastructure changes from moment to more. I think of 559 00:36:03,519 --> 00:36:05,599 wide area network, I think of routing. So there's a 560 00:36:05,679 --> 00:36:08,960 routing element, You've got multiple pads. The system sort of 561 00:36:09,000 --> 00:36:12,440 auto heels and figures out the best pads or presumably 562 00:36:12,480 --> 00:36:20,239 the cheapest pads. But you've also talked about users and security. 563 00:36:20,559 --> 00:36:23,880 You know how does How does this routing concept work 564 00:36:24,280 --> 00:36:27,719 with security? How is security part of this? You've also 565 00:36:27,760 --> 00:36:30,280 mentioned firewalls. Can you can you can you dig a 566 00:36:30,280 --> 00:36:30,719 little deep? 567 00:36:32,039 --> 00:36:34,440 Speaker 1: Well? I think I think we in a way are 568 00:36:34,440 --> 00:36:40,559 disrupting firewalls that are used for uh industrial, lots of 569 00:36:40,599 --> 00:36:44,360 industrial applications. There are great uses of firewalls. They're a 570 00:36:44,400 --> 00:36:47,199 fantastic tool, but it's it's kind of been used like 571 00:36:47,280 --> 00:36:49,960 the if you have a hammer, all the world looks 572 00:36:49,960 --> 00:36:54,920 like a nail, and you know, especially again, I'll talk 573 00:36:54,920 --> 00:36:59,119 about these remote oil and gas locations where you may 574 00:36:59,159 --> 00:37:04,079 only have five or ten devices, and so the idea 575 00:37:04,119 --> 00:37:08,639 of having a firewall to segment that is ridiculous. The 576 00:37:08,719 --> 00:37:12,679 expense would be prohibitive. So that's one of the other 577 00:37:12,719 --> 00:37:15,199 reasons why it's so cool about the way we can 578 00:37:15,280 --> 00:37:20,000 scale dramatically from protecting five devices at a very remote 579 00:37:20,119 --> 00:37:25,559 well site to two thousand devices with a single gateway. 580 00:37:26,639 --> 00:37:30,159 So there's a lot of flexibility that we have that 581 00:37:31,440 --> 00:37:35,079 firewalls can't deliver. And when you look at a comparison 582 00:37:35,199 --> 00:37:37,760 of a project that involves a firewall as a solution 583 00:37:37,880 --> 00:37:43,840 versus blast shield, are we take one tenth of time, cost, 584 00:37:43,960 --> 00:37:48,639 one fourth as much. We can deliver this with half 585 00:37:48,679 --> 00:37:52,039 the administrative lift. It's much easier to deploy as well, 586 00:37:53,079 --> 00:37:56,239 and it actually works. So there's a lot of benefits 587 00:37:56,239 --> 00:38:00,559 that we bring over a firewall a solution. 588 00:38:01,480 --> 00:38:03,440 Speaker 3: Can we come back to the technology. Can you tell 589 00:38:03,519 --> 00:38:05,880 us what does this stuff look like? I mean you 590 00:38:05,920 --> 00:38:10,280 said it's not a bump in the wire physically. What 591 00:38:10,320 --> 00:38:12,400 does it look like? Is it a dinrail box at 592 00:38:12,400 --> 00:38:14,639 each of these sites? Is it a dinrail box on 593 00:38:14,679 --> 00:38:18,000 a central tower? Is it what is it? Something in 594 00:38:18,039 --> 00:38:20,719 the cloud? Can you talk about what is it that 595 00:38:21,079 --> 00:38:22,360 is solving these problems? 596 00:38:23,119 --> 00:38:27,000 Speaker 1: Sure? So there are basically five components that we have 597 00:38:27,159 --> 00:38:32,599 to our platform. The first to create the authentication handshake. 598 00:38:33,760 --> 00:38:39,199 One is a client that runs locally on your HMI 599 00:38:39,360 --> 00:38:42,320 or on your machine. And then you also typically have 600 00:38:42,559 --> 00:38:48,639 either a mobile application that provides the MFA without passwords, 601 00:38:48,920 --> 00:38:51,840 and that was patterned after Apple pay. So I spent 602 00:38:51,920 --> 00:38:54,599 a decade at Apple, and so the idea was, let's 603 00:38:54,599 --> 00:38:58,760 try to use some of that technology to provide stronger authentication. 604 00:39:00,280 --> 00:39:03,119 The other thing that we have is we have a gateway, 605 00:39:03,599 --> 00:39:06,840 and the gateway is a software appliance and it can 606 00:39:06,880 --> 00:39:10,760 be deployed on X eighty six bar metal. It can 607 00:39:10,800 --> 00:39:15,920 be deployed on containers, it can be deployed on Kubernetes clusters, 608 00:39:16,480 --> 00:39:22,000 it can be deployed in the cloud awsgcp az're. It's 609 00:39:22,199 --> 00:39:25,639 very flexible, and it can be operated both in passive 610 00:39:25,679 --> 00:39:28,559 mode and active mode, so in the pat traffic path 611 00:39:28,679 --> 00:39:32,519 or outside the traffic path. We also have an agent 612 00:39:33,000 --> 00:39:35,280 that can run locally on a machine, which most people 613 00:39:35,280 --> 00:39:38,639 know what agents are. And then finally there's an orchestrator 614 00:39:39,000 --> 00:39:43,719 that is used to drag and drop devices and people 615 00:39:44,039 --> 00:39:49,039 into groups and then establish policies between those groups. So 616 00:39:49,119 --> 00:39:52,119 that's a little bit about the way the technology is 617 00:39:52,119 --> 00:39:55,559 set up. And one of the things that we found 618 00:39:55,599 --> 00:39:59,039 is that you can have people who are i'll say 619 00:39:59,119 --> 00:40:05,880 less sophistic hated than many CCNA trained professionals, so they 620 00:40:05,880 --> 00:40:07,920 don't even need to know how to use command line 621 00:40:08,440 --> 00:40:12,239 to deploy our solution, so it's relatively simple. We have 622 00:40:12,280 --> 00:40:18,079 an example where one person is managing twenty two thousand devices, 623 00:40:18,679 --> 00:40:22,159 so again that provides a benefit to them in terms 624 00:40:22,159 --> 00:40:25,079 of op X reduction ongoing. So that's a little bit 625 00:40:25,119 --> 00:40:29,599 about the way the technology works and these the way 626 00:40:29,639 --> 00:40:32,039 these components fit together. Because that it's your question, Andrew. 627 00:40:33,119 --> 00:40:35,440 Speaker 3: That's close. I mean what you've described is sort of 628 00:40:35,519 --> 00:40:40,079 the pieces of the puzzle, but you know, I'm still 629 00:40:40,119 --> 00:40:43,760 a little weak on how they work together. I mean, again, 630 00:40:43,800 --> 00:40:49,039 we've used routing a couple of times. To me, there's 631 00:40:49,079 --> 00:40:51,239 two ways to do routing. You can either take the 632 00:40:51,280 --> 00:40:54,280 message messages into one of your components, I'm not sure 633 00:40:54,320 --> 00:40:58,559 which one and figure out where they belong and send 634 00:40:58,559 --> 00:41:01,079 them on their way yourself. You can be a router 635 00:41:01,920 --> 00:41:05,880 or and I understand you know sometimes some software WANs 636 00:41:05,880 --> 00:41:11,840 can do this. They reach out to routers like firewalls 637 00:41:11,880 --> 00:41:14,599 and just routers and who knows what else that can 638 00:41:14,679 --> 00:41:18,320 route messages and they send commands to those devices when 639 00:41:18,519 --> 00:41:21,960 things need to be routed differently, you know, is one 640 00:41:22,000 --> 00:41:24,000 of these models what you use? How how do you 641 00:41:24,039 --> 00:41:25,480 guys do the routing? 642 00:41:26,400 --> 00:41:28,960 Speaker 1: Yeah, so let me talk about how these pieces all 643 00:41:29,000 --> 00:41:33,519 fit together. So the software appliance that is the gateway 644 00:41:33,719 --> 00:41:37,000 sits upstream of the switch and usually downstream of the firewall, 645 00:41:37,559 --> 00:41:41,599 and what it often will do is it will provide 646 00:41:41,840 --> 00:41:45,840 what we call layer two isolation. And so what that 647 00:41:46,039 --> 00:41:49,039 is if you think about we can essentially turn a 648 00:41:49,079 --> 00:41:52,800 forty eight port switch into forty eight d lands, so 649 00:41:52,840 --> 00:42:02,159 that each one of those is its own ENCRYPTI unit 650 00:42:03,079 --> 00:42:06,480 that can't see their neighbors and can't talk to their 651 00:42:06,519 --> 00:42:11,639 neighbors unless the policy allows that to happen. And so 652 00:42:11,760 --> 00:42:15,280 that level of very granular control is something we can 653 00:42:15,320 --> 00:42:20,119 deliver because of the way the gateway controls and manages 654 00:42:20,199 --> 00:42:23,440 the routing that you're discussing. Now, there's two other components 655 00:42:23,480 --> 00:42:26,599 I didn't really talk that much about. One was the 656 00:42:26,679 --> 00:42:29,920 authenticator and the second was the client. And the client 657 00:42:30,000 --> 00:42:33,599 is different than the agent, and so what the client 658 00:42:33,719 --> 00:42:38,840 does is essentially is a challenge response between either the 659 00:42:38,920 --> 00:42:43,639 sso the PHITO two compliant key or the mobile authenticator. 660 00:42:44,199 --> 00:42:47,159 And so what it'll do is essentially produce a QR 661 00:42:47,280 --> 00:42:52,960 code that the mobile application would scan and then apply 662 00:42:53,079 --> 00:42:56,239 your face ID, and then you would be into the system, 663 00:42:56,679 --> 00:42:59,960 but not authorized or permitted to see anything unless the 664 00:43:00,440 --> 00:43:03,840 policy had already been allowed. So that's the way we 665 00:43:03,960 --> 00:43:08,000 manage both the authentication and the authorization, and that's also 666 00:43:08,079 --> 00:43:13,199 the way we manage routing of traffic between devices, gateways 667 00:43:13,440 --> 00:43:19,559 and the groups that those devices are kind of encapsulated in. 668 00:43:22,599 --> 00:43:26,559 Speaker 2: So in his answer there, Tom was trying to describe things. 669 00:43:26,559 --> 00:43:28,760 But admittedly I was getting a little bit mixed up 670 00:43:28,800 --> 00:43:31,320 because there were certain things that were upstream from other 671 00:43:31,360 --> 00:43:35,400 things and downstream from other things, and layers two and switches, 672 00:43:35,440 --> 00:43:40,360 and can you Andrew just help simplify everything we're talking about. 673 00:43:40,119 --> 00:43:44,440 Speaker 3: Here In my understanding, they have a few different kinds 674 00:43:44,480 --> 00:43:47,559 of components. And I might have got this wrong, but 675 00:43:47,599 --> 00:43:50,599 you know what I got out of it was, you know, imagine, 676 00:43:53,280 --> 00:43:56,519 you know, firewalls can do network address translation. They can 677 00:43:56,559 --> 00:43:58,159 say I've got a bunch of addresses here, I'm going 678 00:43:58,199 --> 00:44:00,480 to show you a different address to the world. But 679 00:44:00,639 --> 00:44:04,199 you know, managing them in sort of scale, at scale 680 00:44:04,239 --> 00:44:06,800 with tens of thousands of devices can be a real challenge, 681 00:44:06,880 --> 00:44:09,920 especially if each firewalls only managing a handful of devices. 682 00:44:09,920 --> 00:44:13,119 That's a ridiculous number of firewalls to manage. So what 683 00:44:13,679 --> 00:44:17,079 Thomas gott I believe is a I think you call 684 00:44:17,119 --> 00:44:19,360 it a gateway device is something that sort of sits 685 00:44:19,480 --> 00:44:21,840 between let's say a small network of five to ten 686 00:44:21,880 --> 00:44:27,199 devices and the infrastructure, and you can assign whatever IP 687 00:44:27,320 --> 00:44:30,840 address you need to to that gateway. It might in 688 00:44:30,880 --> 00:44:34,039 fact have two addresses, one on sort of the infrastructure 689 00:44:34,079 --> 00:44:37,559 side and one on the device side. So it has 690 00:44:38,000 --> 00:44:41,280 a device address that is compatible with whatever stupid little 691 00:44:41,320 --> 00:44:45,360 network of five you know, local always reused, you know, 692 00:44:45,480 --> 00:44:50,079 ramp IP addresses, the airport ramp addresses. You know, it's 693 00:44:50,159 --> 00:44:52,760 compatible with that bit of address space. It talks to 694 00:44:52,800 --> 00:44:55,920 those five devices, and when those devices send it messages, 695 00:44:56,639 --> 00:45:00,000 it forwards those messages into the infrastructure, and it figures 696 00:45:00,199 --> 00:45:04,280 out the addressing, It figures out the it does encryption. 697 00:45:06,079 --> 00:45:12,280 If you've got sort of more conventional Windows or Linux communications, 698 00:45:12,280 --> 00:45:16,519 you can put his software on those devices. They that 699 00:45:16,679 --> 00:45:19,159 that software will do the crypto. The software will connect 700 00:45:19,239 --> 00:45:22,239 sort of natively into the infrastructure and sort it all out. 701 00:45:22,599 --> 00:45:25,199 And then, you know, the thing of beauty is okay, 702 00:45:25,239 --> 00:45:28,039 those pieces kind of make sense. The thing of beauty 703 00:45:28,119 --> 00:45:31,000 is what I heard was they've got a management system 704 00:45:31,280 --> 00:45:36,800 which says, okay, you have twenty thousand devices. You know, 705 00:45:37,239 --> 00:45:40,880 half of them have exactly the same IP address. That 706 00:45:40,960 --> 00:45:44,559 doesn't matter. This device over here in this building in 707 00:45:44,599 --> 00:45:49,280 this country can talk to that device over there. It's allowed, 708 00:45:50,119 --> 00:45:52,519 you know. But when that device wants to talk to 709 00:45:53,280 --> 00:45:57,679 Andrew's laptop, because I'm a maintenance technician, Andrew has to 710 00:45:57,760 --> 00:46:02,840 provide two factor authentication, so you can you basically you 711 00:46:02,920 --> 00:46:06,440 stop caring what IP addresses these devices have you don't have. 712 00:46:06,519 --> 00:46:11,079 You're not configuring routing rules. You're configuring permissions in a 713 00:46:11,239 --> 00:46:15,000 sort of a high level user friendly permission manager, and 714 00:46:15,079 --> 00:46:18,079 all of the routing nonsense and the encryption nonsense is 715 00:46:18,119 --> 00:46:20,400 figured out for you under the hood, so you can 716 00:46:20,519 --> 00:46:23,880 you can think about, you know, your your big picture 717 00:46:23,960 --> 00:46:26,239 of devices that need to talk to each other, who 718 00:46:26,280 --> 00:46:28,760 should be allowed to talk to each other? Instead of 719 00:46:29,039 --> 00:46:31,800 how do I route this when the IP address is conflict? 720 00:46:31,800 --> 00:46:36,360 You don't have to ask that question anymore. Cool, So 721 00:46:36,400 --> 00:46:39,679 that starts to make sense. I mean, can you talk 722 00:46:40,039 --> 00:46:41,880 a little bit about you've been doing this for you know, 723 00:46:42,000 --> 00:46:46,800 twenty seventeen, this eight years. Can you talk about can 724 00:46:46,840 --> 00:46:49,920 you give us some examples to help us understand, you know, 725 00:46:49,960 --> 00:46:51,079 how this stuff works. 726 00:46:51,800 --> 00:46:57,000 Speaker 1: Having run this for almost eight years now, the journey 727 00:46:57,320 --> 00:47:02,519 was not a straight line we went through. We originally 728 00:47:02,519 --> 00:47:05,199 started out, believe it or not, Andrew as a hardware company, 729 00:47:06,519 --> 00:47:10,199 and the thesis was to build an unhackable stack. So 730 00:47:10,280 --> 00:47:13,840 this sounds naive, and it was. We were going to 731 00:47:13,840 --> 00:47:17,519 start with a chip, a new chip that we had 732 00:47:17,519 --> 00:47:21,079 a partner developing that would have an onboard neural net. 733 00:47:21,159 --> 00:47:25,599 It would create seventeen key pairs, and it would encrypt 734 00:47:25,599 --> 00:47:29,760 the bootloader in the factory and burn a fuse so 735 00:47:29,800 --> 00:47:33,920 it couldn't be reset. And that was the foundation of 736 00:47:34,000 --> 00:47:35,719 our product. And then we were going to write our 737 00:47:35,719 --> 00:47:38,519 own kernel, write our own operating system and this was 738 00:47:38,519 --> 00:47:42,760 from someone who helped write the OS ten kernel. We 739 00:47:42,760 --> 00:47:44,639 were going to write that in such a way that 740 00:47:44,679 --> 00:47:48,800 it used byte codes and would not be exposed to 741 00:47:49,360 --> 00:47:53,119 buffer overflows and other issues, so it could We were 742 00:47:53,119 --> 00:47:57,239 going to use formal methods to even prove the kernel, 743 00:47:57,559 --> 00:47:59,440 and then we'd have our networking layer, which is what 744 00:47:59,480 --> 00:48:02,360 our company is now, and then we'd have our own 745 00:48:02,440 --> 00:48:06,760 SDK to manage applications that would also use formal methods, 746 00:48:07,079 --> 00:48:09,679 and then finally we would have the authentication layer that 747 00:48:09,719 --> 00:48:12,719 we also have today. So we went from a five 748 00:48:14,280 --> 00:48:19,079 very ambitious levels of tech stack to two, and then 749 00:48:19,119 --> 00:48:22,159 we have other people doing some of those other things. 750 00:48:22,320 --> 00:48:27,519 I think the market really wasn't ready for something that complex, 751 00:48:27,639 --> 00:48:33,119 maybe that secure from a you know, on the higher 752 00:48:33,199 --> 00:48:36,760 end of the security spectrum, if you will. The market 753 00:48:36,800 --> 00:48:39,920 just really wasn't willing to pay that, and so we simplified, 754 00:48:40,039 --> 00:48:43,360 we pivoted, and then, by the way, once we did 755 00:48:43,400 --> 00:48:47,719 come out with our hardware product in February of twenty twenty, 756 00:48:48,119 --> 00:48:51,639 there was another global issue that hit everyone that caused 757 00:48:51,679 --> 00:48:54,960 us to then pivot to a software as a service model, 758 00:48:55,360 --> 00:48:57,920 which then required some more development everything else. So we 759 00:48:57,920 --> 00:49:01,960 didn't really launch our product until late in twenty twenty 760 00:49:02,000 --> 00:49:06,239 one and started getting our first customers very shortly thereafter, 761 00:49:06,639 --> 00:49:10,960 and since then we've grown very rapidly, to the point 762 00:49:11,000 --> 00:49:16,280 where this most recent year we quadrupled our revenue and 763 00:49:16,320 --> 00:49:25,960 tripled our customer count. So it's been an exciting ride. 764 00:49:26,280 --> 00:49:31,920 So let me give you an example. One customer, again 765 00:49:31,960 --> 00:49:36,760 an oil and gas customer, who was again trying to 766 00:49:37,079 --> 00:49:38,880 They were faced with a challenge where they were going 767 00:49:38,960 --> 00:49:43,599 to have to build their own cell towers, essentially become 768 00:49:43,639 --> 00:49:46,639 their own wireless isp. And this is not unique to 769 00:49:46,679 --> 00:49:49,239 this oil and gas customer. There are many that are 770 00:49:49,280 --> 00:49:51,880 facing that and I don't know if you or your 771 00:49:51,920 --> 00:49:54,519 audience knows, but it's about a quarter million dollars to 772 00:49:54,519 --> 00:49:56,880 build a cell tower and you have to have many 773 00:49:56,920 --> 00:50:02,440 of them. So in a relative sense, we are not 774 00:50:02,639 --> 00:50:06,239 just delivering security to this customer, we're also helping save 775 00:50:06,360 --> 00:50:09,320 them a ton of money. So instead of ten to 776 00:50:09,400 --> 00:50:13,760 twenty million dollars, they're spending a fraction of that, which 777 00:50:13,760 --> 00:50:17,840 is also very interesting. When they did this acquisition, there 778 00:50:17,880 --> 00:50:20,480 was another company that did an acquisition. They wanted to 779 00:50:20,519 --> 00:50:24,079 sell off certain components too, So they wanted to sell 780 00:50:24,079 --> 00:50:30,960 off the salt water rejuvenation or I don't know exactly 781 00:50:31,000 --> 00:50:33,480 what the right word is, but they wanted to offload 782 00:50:33,519 --> 00:50:36,960 this asset. And one of the things that they were 783 00:50:37,000 --> 00:50:41,599 able to do very quickly because all of our segmentation, 784 00:50:42,079 --> 00:50:45,239 all of our granularity and access is done in software, 785 00:50:45,960 --> 00:50:52,000 we can essentially just take that new entity, put their 786 00:50:52,199 --> 00:50:54,880 users in a group, put the devices that they control 787 00:50:54,880 --> 00:50:58,719 into another group, and they would have complete control of 788 00:50:59,079 --> 00:51:04,159 just their newly acquired saltwater assets and no visibility, no 789 00:51:04,320 --> 00:51:07,639 access at all to the oil and gas parent company. 790 00:51:08,280 --> 00:51:11,719 So that was another great example of using this in 791 00:51:11,760 --> 00:51:12,559 a creative way. 792 00:51:13,559 --> 00:51:18,719 Speaker 3: So you've mentioned acquisitions a few times. I mean, I 793 00:51:18,719 --> 00:51:21,280 live in Calgary, this is oil country. I hear about 794 00:51:21,280 --> 00:51:25,760 these acquisitions all the time. You know, is this is 795 00:51:25,800 --> 00:51:30,679 this sort of part of the genesis of your organization 796 00:51:30,840 --> 00:51:33,599 is is this How often do these things happen? How 797 00:51:33,599 --> 00:51:37,599 complicated are these sort of mergers and acquisitions technology wise 798 00:51:37,639 --> 00:51:38,679 that happen all the time? 799 00:51:39,639 --> 00:51:42,639 Speaker 1: Well, they happen very frequently, especially again in oil and 800 00:51:42,679 --> 00:51:45,639 gas in the in the case of oil and gas, 801 00:51:45,679 --> 00:51:50,480 because one customer or sorry, one asset owner has a 802 00:51:50,519 --> 00:51:57,360 certain tech stack that can only profitably make money up 803 00:51:57,360 --> 00:52:00,960 to a point, and then they can sell that asset 804 00:52:01,159 --> 00:52:05,840 to someone else who has a richer skill set that 805 00:52:05,920 --> 00:52:10,320 can extract more profit, more money, more revenue from that 806 00:52:10,480 --> 00:52:14,760 same resource. And I would say an example that we've 807 00:52:14,800 --> 00:52:20,559 also seen where people are pleasantly surprised about blast shield 808 00:52:20,760 --> 00:52:24,599 is when there's one oil and gas customer that acquired 809 00:52:24,599 --> 00:52:27,800 a company and their biggest fear was they were going 810 00:52:27,840 --> 00:52:31,440 to have to do an IP space assessment and figure 811 00:52:31,440 --> 00:52:35,480 out whether they were overlapping IP addresses. And so instead 812 00:52:35,480 --> 00:52:37,239 of having to do that, which they didn't have to 813 00:52:37,239 --> 00:52:42,559 do at all, they just deployed our software overlay, and 814 00:52:43,599 --> 00:52:49,039 immediately we're able to segment using software each one of 815 00:52:49,079 --> 00:52:54,039 these devices, even regardless of whether the underlay IP address 816 00:52:54,239 --> 00:52:57,159 was the same. That saved a lot of money in 817 00:52:57,280 --> 00:53:00,480 truck rolls that saved a lot of money and hassle 818 00:53:01,239 --> 00:53:05,599 and headaches in managing that that IP space, which which 819 00:53:05,639 --> 00:53:07,360 they were very happy about it. And the way they 820 00:53:07,360 --> 00:53:09,760 described it, actually they described it two ways to me. 821 00:53:10,639 --> 00:53:12,800 One way was, my god, this is like a Swiss 822 00:53:12,920 --> 00:53:16,679 army knife, and the other guy said, this is like 823 00:53:16,840 --> 00:53:19,920 duct tape. It's like networking duct tape. It has it 824 00:53:20,000 --> 00:53:24,559 provides lots of different purposes, and it's very versatile to 825 00:53:24,960 --> 00:53:28,920 deliver things, to basically deliver the network they want with 826 00:53:29,039 --> 00:53:29,840 the network they have. 827 00:53:33,159 --> 00:53:36,760 Speaker 3: So let me just sort of emphasize. Uh, Tom has said, 828 00:53:36,880 --> 00:53:39,320 you talked about changing IP addresses a few times. I 829 00:53:39,360 --> 00:53:43,400 talked about it a few times. I've actually, you know, 830 00:53:43,480 --> 00:53:47,920 from time to time, had to change IP addresses on stuff, 831 00:53:48,199 --> 00:53:50,760 you know, not so much in an industrial setting, just 832 00:53:50,760 --> 00:53:55,719 just you know Internet protocol networks, just you know, business infrastructure. 833 00:53:56,599 --> 00:54:01,119 And here's the tricky bit. It's very hard to do 834 00:54:01,159 --> 00:54:07,679 that remotely. You know, imagine that you want to remote 835 00:54:07,719 --> 00:54:11,639 into a remote substation. There's nobody there, but there's one 836 00:54:11,679 --> 00:54:15,360 hundred devices and you have to log into each device 837 00:54:15,400 --> 00:54:18,800 with I don't know SSH or remote desktop, and you've 838 00:54:18,800 --> 00:54:21,280 got to change the IP address on the device. And 839 00:54:21,360 --> 00:54:24,599 at some point you've got to tell the firewall that 840 00:54:25,079 --> 00:54:29,440 it's talking to a different network of IP addresses. And 841 00:54:29,480 --> 00:54:31,760 if you do that in the wrong order, if you, 842 00:54:31,840 --> 00:54:35,159 let's say, hit the firewall first, now you can't send 843 00:54:35,280 --> 00:54:37,760 messages to any of the devices because the firewall doesn't 844 00:54:37,760 --> 00:54:39,719 know how to route to those devices anymore. They have 845 00:54:39,760 --> 00:54:42,519 different IP addresses, So you have to undo that. Now 846 00:54:42,559 --> 00:54:45,480 you go into the device and you give the SSH 847 00:54:45,519 --> 00:54:49,320 command a Linux box, you give the command line command 848 00:54:49,360 --> 00:54:52,199 to change the IP address, and it stops talking to 849 00:54:52,239 --> 00:54:55,320 you because you're connected to the old IP address. You've 850 00:54:55,320 --> 00:54:57,320 got to try and connect to the new IP address. 851 00:54:57,679 --> 00:55:00,039 Only the firewall won't connect you to the new I 852 00:55:00,239 --> 00:55:03,719 address because it's IP address hasn't been updated. So now 853 00:55:03,760 --> 00:55:06,360 you have to sort of blindly change all these addresses. 854 00:55:06,639 --> 00:55:08,559 Then you change the firewall, and then you see if 855 00:55:08,599 --> 00:55:10,719 you can still talk to these devices, and three of 856 00:55:10,760 --> 00:55:14,280 them have gone missing. Why did I fumble finger the 857 00:55:14,320 --> 00:55:17,639 IP address? Is there some other problem? It's just really 858 00:55:17,679 --> 00:55:22,800 hard to do this remotely. And so again, if you 859 00:55:22,920 --> 00:55:26,119 have you know, seven hundred sites, you've got to put 860 00:55:26,159 --> 00:55:28,559 people in trucks and drive out to these wretched sites 861 00:55:28,559 --> 00:55:31,480 to make these changes. If there's a way to avoid that, 862 00:55:32,159 --> 00:55:34,599 you can save a lot of money. So yeah, I 863 00:55:35,239 --> 00:55:38,920 kind of get that that it's really useful to avoid 864 00:55:39,000 --> 00:55:44,159 doing that. So this is starting to come together for me. 865 00:55:44,199 --> 00:55:48,159 I mean, you can do the network you know, address 866 00:55:48,639 --> 00:55:53,159 management in your what did you call them the gateways, 867 00:55:55,599 --> 00:55:58,719 and that you know, gives you an enormous amount of flexibility. 868 00:55:58,960 --> 00:56:04,400 But and it's it's the client that does the crypto, 869 00:56:06,079 --> 00:56:08,280 or maybe it's the agent I've lost. 870 00:56:09,079 --> 00:56:13,000 Speaker 1: Yeah, so the client is used to authenticate the agent. 871 00:56:13,360 --> 00:56:16,480 The agent runs on typically a server in the cloud, 872 00:56:16,599 --> 00:56:20,039 those kinds of maybe a historian type of applicant use case. 873 00:56:20,440 --> 00:56:24,159 The gateway is the workhorse because so much of OT 874 00:56:24,719 --> 00:56:28,960 infrastructure cannot run an agent, and so because it can't 875 00:56:29,000 --> 00:56:31,719 run an agent, you need to have a gateway that 876 00:56:31,880 --> 00:56:37,000 can do the encryption and decryption of traffic. Now, when 877 00:56:37,000 --> 00:56:39,599 you think about the way a lot of these processes 878 00:56:39,679 --> 00:56:45,320 are controlled, they use PLCs, and the PLCs, you know, 879 00:56:45,960 --> 00:56:50,159 we don't encrypt the traffic below the switch, we don't 880 00:56:50,239 --> 00:56:57,840 interfere with that. However, with the traffic that is upstream 881 00:56:57,840 --> 00:57:00,760 of the switch, all of that's encrypted wherever it may go. 882 00:57:01,840 --> 00:57:03,800 So I think that's that's the way it's done. 883 00:57:04,559 --> 00:57:09,000 Speaker 3: One other technical question. You know, you mentioned cvees and 884 00:57:09,039 --> 00:57:12,760 exploits and vulnerabilities earlier. I mean, I'm familiar with you know, 885 00:57:12,840 --> 00:57:17,360 let's say firewalls that say they do stuff like virtual patching, 886 00:57:17,559 --> 00:57:22,159 meaning if there's a vulnerability in a PLC, the firewall, 887 00:57:22,320 --> 00:57:24,760 you know, if it sees an exploit for that vulnerability 888 00:57:24,800 --> 00:57:27,800 come through, will drop the exploit and will protect the 889 00:57:28,239 --> 00:57:32,360 you know, prevent the exploit from reaching the device. Is 890 00:57:32,360 --> 00:57:34,000 is that the kind of thing you do when you 891 00:57:34,039 --> 00:57:37,400 talk about about protecting from exploits or are you doing 892 00:57:37,480 --> 00:57:38,000 something else? 893 00:57:39,039 --> 00:57:42,760 Speaker 1: We're definitely doing something else. And I think the approach 894 00:57:42,800 --> 00:57:47,639 that we take is we use this networking cloaking concept 895 00:57:47,679 --> 00:57:52,039 where you have to authenticate first before you can see anything. 896 00:57:52,519 --> 00:57:58,360 There's no management portal, so there are zero exposed web services. 897 00:57:58,400 --> 00:58:02,480 If you run a network scan on a UH factory 898 00:58:03,000 --> 00:58:06,039 that's protected by blashshield, you're going to come up with nothing. 899 00:58:06,519 --> 00:58:09,559 And what that means is if there are cvees, and 900 00:58:09,599 --> 00:58:12,360 I guarantee you there will be, there will also be 901 00:58:12,880 --> 00:58:16,800 zero day viruses, okay, which may not be on anyone's list. 902 00:58:17,320 --> 00:58:19,679 And so in those both of those cases as well 903 00:58:19,719 --> 00:58:22,320 as ancient devices that are never going to be patched. 904 00:58:22,840 --> 00:58:25,400 You've got a way to deal with these unpatchable systems 905 00:58:25,480 --> 00:58:29,519 because they're unaddressable and so it's going to be very 906 00:58:29,559 --> 00:58:32,199 difficult to exploit those cool. 907 00:58:32,239 --> 00:58:35,159 Speaker 3: So, you know, I understand you're you're you're heavy into 908 00:58:35,159 --> 00:58:37,079 oil and gas with all of the examples we've been 909 00:58:37,079 --> 00:58:39,360 talking about oil and gas, but I'm guessing you you 910 00:58:39,840 --> 00:58:42,440 are active in other industries as well. You know, given 911 00:58:42,480 --> 00:58:46,400 your personal background, are you active in other industries? What 912 00:58:46,440 --> 00:58:48,480 can you give me some examples of what's going on there? 913 00:58:49,360 --> 00:58:54,360 Speaker 1: Yeah? Absolutely, I think manufacturing is a fantastic, uh kind 914 00:58:54,360 --> 00:58:58,599 of industry for us. They oftentimes have our a little 915 00:58:58,639 --> 00:59:05,159 bit earlier adopters as it pertains to machine learning, predictive maintenance, 916 00:59:05,159 --> 00:59:08,440 those kinds of things, advanced analytics. And we had one 917 00:59:09,679 --> 00:59:14,559 manufacturing customer, in fact, who was hacked, and many manufacturers 918 00:59:14,599 --> 00:59:17,119 do get hacked from time to time. They were hacked 919 00:59:17,119 --> 00:59:22,599 and the board asked the SISO to have an assessment 920 00:59:22,639 --> 00:59:26,320 to figure out what their risk posture was, and before 921 00:59:26,400 --> 00:59:31,119 they could complete that assessment, they were hacked again. And 922 00:59:31,199 --> 00:59:34,719 so this really lit a fire under the entire kind 923 00:59:34,719 --> 00:59:38,800 of security team, and they basically came up with a 924 00:59:38,840 --> 00:59:42,639 list of findings, and with those findings, they started implementing 925 00:59:42,679 --> 00:59:46,960 those findings and they were testing various kinds of solutions. 926 00:59:47,280 --> 00:59:52,480 And in one facility, they had ten different lines, manufacturing lines, 927 00:59:53,360 --> 00:59:57,920 and they had deployed Blashield on one of those manufacturing lines. 928 00:59:58,039 --> 01:00:01,199 They got hacked a third time. Now this time though, 929 01:00:02,199 --> 01:00:06,559 nine of the ten lines shut down, whereas the line 930 01:00:06,559 --> 01:00:09,920 that was protected by Blashield continued to run. And what 931 01:00:09,960 --> 01:00:14,079 was really interesting about that is how quickly the organization responded. 932 01:00:14,320 --> 01:00:19,039 The CFO of this company responded and elevated that to 933 01:00:19,119 --> 01:00:23,199 the parent private equity company. And now that's leading to 934 01:00:23,800 --> 01:00:27,599 us becoming the default standard for not just that one 935 01:00:27,639 --> 01:00:30,760 company and all of its seventeen plants, but also the 936 01:00:30,800 --> 01:00:34,880 parent private equity company and all the other manufacturing facilities 937 01:00:34,880 --> 01:00:35,920 that they're trying to manage. 938 01:00:36,719 --> 01:00:38,360 Speaker 3: I mean, I've learned a lot. Thank you so much 939 01:00:38,360 --> 01:00:41,760 for joining us. Before we let you go, can we 940 01:00:41,800 --> 01:00:45,199 ask you to sum up what are the key concepts 941 01:00:45,199 --> 01:00:48,519 we should be taking away from from our conversation here. 942 01:00:49,320 --> 01:00:52,320 Speaker 1: So I think the company as it was founded was 943 01:00:52,440 --> 01:00:58,119 tried to establish protecting critical infrastructure based on first principles, 944 01:00:58,639 --> 01:01:02,320 and the first principle was to try to eliminate entire 945 01:01:02,400 --> 01:01:06,960 classes of threats if possible, and so our solution then 946 01:01:07,559 --> 01:01:11,199 tries to eliminate phishing, credential theft, so we have an 947 01:01:11,320 --> 01:01:17,920 MFA passwordless feature. We also allow you to segment using software, 948 01:01:18,400 --> 01:01:22,400 we cloak your network so it's undiscoverable. Thirty five percent 949 01:01:22,440 --> 01:01:26,440 of all cvees discovered last year are what are called 950 01:01:26,480 --> 01:01:31,320 forever day vulnerabilities, and so that network cloaking capability means 951 01:01:31,320 --> 01:01:34,039 that they're not exploitable. And then finally, we also have 952 01:01:34,119 --> 01:01:37,239 a secure mode access component in there, so we're trying 953 01:01:37,280 --> 01:01:40,599 to deliver a lot of value to our oil and 954 01:01:40,639 --> 01:01:45,559 gas manufacturing customers so that they when you couple this 955 01:01:45,639 --> 01:01:48,639 with a continuous monitoring and visibility tool like a Nozomi 956 01:01:49,639 --> 01:01:55,599 Drago's Dark Trace armis Skate Offence Industrial Defender, you know, 957 01:01:55,679 --> 01:01:59,760 the group Clarity. So when you combine those two, you 958 01:01:59,800 --> 01:02:04,119 get a ton of protection at a very low price. 959 01:02:07,679 --> 01:02:10,639 Speaker 2: So that just about does it. Andrew for your interview 960 01:02:10,679 --> 01:02:13,639 with Tom, do you have any final words to take 961 01:02:13,679 --> 01:02:14,800 this episode out with? 962 01:02:15,320 --> 01:02:18,320 Speaker 3: Yeah, I mean I really like Tom. You know, the 963 01:02:18,840 --> 01:02:22,920 customer that gave the duct tape analogy. You know, you 964 01:02:23,079 --> 01:02:27,360 have lots of little networks, sometimes thousands of devices. Half 965 01:02:27,360 --> 01:02:30,400 of them have literally the same IP address or half 966 01:02:30,400 --> 01:02:33,920 of these you know, tiny little subnetworks of five devices 967 01:02:34,000 --> 01:02:41,400 on on airport runways or on you know, networks that 968 01:02:41,440 --> 01:02:45,039 you've acquired with you know, acquiring an oil field. They 969 01:02:45,079 --> 01:02:46,679 all have the same IP address. They all have the 970 01:02:46,679 --> 01:02:50,440 same IP address range. None of it's encrypted. It's just 971 01:02:50,480 --> 01:02:53,559 a mess and you know this is something that lets 972 01:02:53,599 --> 01:02:57,840 you patch it all together. You need crypto, You need authentication. 973 01:02:58,039 --> 01:03:01,159 You know, passwordless is good, use certificate instead. They're harder 974 01:03:01,199 --> 01:03:03,960 to fish. You know, you need to hide all of 975 01:03:04,000 --> 01:03:07,079 these repeated subnets with the same IP addresses. You need 976 01:03:07,119 --> 01:03:10,199 a permissions manager, you know, saying A can talk to BE. 977 01:03:10,719 --> 01:03:15,000 You know you need infrastructure underneath the permissions manager to 978 01:03:15,079 --> 01:03:18,480 make the messages from A go to be. You know, 979 01:03:18,559 --> 01:03:21,000 you need to have some synthetic IP addresses so that 980 01:03:21,039 --> 01:03:23,639 when you set everything up, you know, your SCATA system 981 01:03:24,039 --> 01:03:26,760 can talk to an address and a port I don't know, 982 01:03:26,760 --> 01:03:29,800 probably on the gateway or some piece of the infrastructure, 983 01:03:30,280 --> 01:03:33,880 rather than the real address that's repeated you know, a 984 01:03:34,000 --> 01:03:37,440 hundred times in your infrastructure this. You know, this, this 985 01:03:37,679 --> 01:03:40,880 just makes a lot of sense. I I. You know, 986 01:03:41,159 --> 01:03:44,760 it seems to me there's a bright future for this 987 01:03:44,880 --> 01:03:48,360 kind of of again, duct tape or you know, just 988 01:03:48,639 --> 01:03:51,519 patch it all together and make it work, and you know, 989 01:03:51,639 --> 01:03:55,239 throw some security on top of it, crypto authentication. This 990 01:03:55,320 --> 01:03:57,239 is all good. I'm impressed. 991 01:03:57,320 --> 01:04:00,519 Speaker 2: Well, thank you to Tom Cego for speaking with you 992 01:04:00,559 --> 01:04:03,920 about all of that, Andrew, and Andrew, as always, thank 993 01:04:03,960 --> 01:04:04,920 you for speaking with me. 994 01:04:05,599 --> 01:04:06,960 Speaker 3: It's always a pleasure. Thank you, Nate. 995 01:04:07,840 --> 01:04:12,000 Speaker 2: This has been the Industrial Security Podcast from Waterfall. Thank 996 01:04:12,039 --> 01:04:17,920 you to everybody out there that's listening.