August 27, 2025 • 47 mins
Shawn Tierney meets up with Ashley Weckwerth of ISA to learn all about the OT Cybersecurity Summit in this episode of The Automation Podcast.
For any links related to this episode, check out the "Show Notes" located below the video.
Watch The Automation Podcast from The Automation Blog:
Note: This episode was not sponsored so the video edition is a "member only" perk. The below audio edition (also available on major podcasting platforms) is available to the public and supported by ads. To learn more about our membership/supporter options and benefits, click here.
Listen to The Automation Podcast from The Automation Blog:
The Automation Podcast, Episode 245 Show Notes:
To learn about our online and in-person training courses please visit TheAutomationSchool.com.
Read the transcript on The Automation Blog: (automatically generated)
Shawn Tierney (Host): Welcome back. My name is Shawn Tierney from Insights and Automation, and I wanna thank you for tuning back in to this episode of the automation podcast. This week on the show, I have Ashley Weckworth from ISA to talk about the OT cybersecurity summit they just held over in Europe in Brussels, and, very interesting conversation about OT cybersecurity. In addition to that, I had a couple announcements. First off, I wanted to let you know that I have rebooted the automation news podcast, and I renamed it Automation Tech Talk.
And I'm trying to do a show at least three or four times a week at lunchtime. So if you're not already subscribed to the old automation news podcast, you should be able to find it now as Automation Tech Talk. And, I'm just trying to spend ten to twenty minutes every lunch trying to share some knowledge that I have with the community. I also wanna mention that if you are a listener, I'm running a special 20% off, sale on my courses over at the automationschool.com. You will not see that there.
It's only for those listening. And I know most of you are already automation experts, so you don't need to take these courses. So, really, this would be something you would pass on to the people who work for you or people you know who need to get up to speed on whether they need an introductory PLC course, so they need to get up to speed on ControlLogix, CompactLogix, s seven twelve hundred and fifteen hundred, PanelView plus, USC, and so on. So in any case, to get that discount, that 20% off any course or bundle of courses at $99 or more, All you have to do is send me the email address of the person who wants the discount. And, of course, we do do, group enrollment with, we've done it with a lot of Fortune 500 companies.
Actually, I got a new order that just came in I gotta process. But, when we do a group enrollment, you you enroll, like, several people at your shop, and then I enroll them all at once, and you get a discount a quantity discount and all that. So in any case, if you have any questions about that, just go to the automationschool.com. All my contact info is at the very top, my voice mail, my email. You can even fill in a form there or book a meeting with me.
But, please let me know if you know anybody who needs training. Even if you just want me to reach out to them to see if I can help them with their training needs, please let me know over there. And with that, let's go ahead and jump into this week's episode of the automation podcast. And, Ashley, I know this is your first time on the show. So before we jump into the summary of what what what this OT cybersecurity summit is and what it was all about and the highlights and all that good stuff, before we even get into that, could you tell the audience a little bit about yourself?
Ashley Weckwerth (ISA): Yeah. Thank you, Shawn. I appreciate being here. My name is Ashley Weckworth. I am located in Orlando, Florida.
I've been a volunteer for ISA for twelve years now. I actually have a day job, though. I'm a volunteer with ISA,
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Welcome back. My name is Sean Tierney from
Insights and Automation, and I wanna thank you
for tuning back in to this episode of
the automation podcast.
This week on the show, I have Ashley
Weckworth from ISA
to talk about the OT cybersecurity summit they
just held
over in Europe in Brussels,
and, very interesting conversation
(00:22):
about OT cybersecurity.
In addition to that, I had a couple
announcements.
First off, I wanted to let you know
that I have rebooted the automation news podcast,
and I renamed it Automation Tech Talk. And
I'm trying to do
a show at least three or four times
a week at lunchtime.
So if you're not already subscribed to the
old automation news podcast,
(00:45):
you should be able to find it now
as Automation Tech Talk. And, I'm just trying
to spend ten to twenty minutes every lunch
trying to share some knowledge that I have
with the community.
I also wanna mention that if you are
a listener,
I'm running a special 20% off,
sale on my courses over at the automationschool.com.
(01:05):
You will not see that there. It's only
for those listening.
And I know most of you are already
automation experts, so you don't need to take
these courses.
So, really, this would be something you would
pass on to the people who work for
you or people you know who need to
get up to speed on whether they need
an introductory PLC course, so they need to
get up to speed on ControlLogix,
CompactLogix,
(01:26):
s seven twelve hundred and fifteen hundred, PanelView
plus, USC, and so on. So in any
case,
to get that discount, that 20% off any
course or bundle of courses at $99
or more,
All you have to do is send me
the email address of the person who wants
the discount.
And, of course, we do do, group enrollment
with, we've done it with a lot of
(01:46):
Fortune 500 companies. Actually, I got a new
order that just came in I gotta process.
But, when we do a group enrollment, you
you enroll, like, several people at your shop,
and then I enroll them all at once,
and you get a discount a quantity discount
and all that. So in any case,
if you have any questions about that, just
go to the automationschool.com.
All my contact info is at the very
(02:07):
top, my voice mail,
my email. You can even fill in a
form there or book a meeting with me.
But, please let me know if you know
anybody who needs training. Even if you just
want me to reach out to them to
see if I can help them with their
training needs, please let me know over there.
And with that, let's go ahead and jump
into this week's episode of the automation podcast.
And, Ashley, I know this is your first
(02:28):
time on the show.
So before we jump into the summary of
what what what this OT
cybersecurity summit is and what it was all
about and the highlights and all that good
stuff,
before we even get into that, could you
tell the audience a little bit about yourself?
Yeah. Thank you, Sean. I appreciate being here.
My name is Ashley Weckworth.
(02:48):
I am located in Orlando, Florida.
I've been a volunteer for ISA for twelve
years now.
I actually have a day job, though. I'm
a volunteer with ISA, which is the International
Society of Automation. But in my day job,
I'm actually a project manager for automation
projects, so specifically
SCADA systems projects for the electric grid right
(03:10):
now. But our company also supports many other
industries, so I actually started my career out.
I was a chemical engineer. So I like
to tell people, you never know how you're
gonna find your way to automation professions.
There's so many different varying degrees and everything
that kinda lead us to this place. But
I graduated in chemical engineering, went into instrumentation
(03:31):
and controls,
for the oil and gas industry. So doing
a lot of, you know, it was PLCs
or DCS systems that we used. But essentially,
as I actually got my pro professional engineer
license in control systems. So as a chemical
engineer,
you don't know a lot about instrumentation controls
(03:51):
and automation,
at least I didn't.
And so I was actually recommended to join
ISA right out of school.
So I joined ISA in June 2012 and
became a volunteer leader at the local section
in 2013 and then just grew,
in my volunteer roles, and I am now
the ISA
president-elect
(04:12):
secretary.
So what that means
is in 2026,
I will be the, ISA president
for that calendar year. So I'm excited to
be here today,
to talk to you all about the ISA
OT
Cyber Summit.
I actually was able to attend this event
(04:32):
this year. It's the third
year that ISA has done this event.
The first year was Aberdeen,
Scotland.
The second year was in London.
And then this year, the first year I
was able to attend
was actually in Brussels, Belgium. So we've been
all over Europe in different capacities,
(04:53):
and I was really excited to attend this
event. And I wanted to come on here
today, and I'm so thankful you allowed us
to come on here today to just tell
your audience and community that are all very,
enthusiastic about automation about this summit.
So, hopefully, maybe they wanna attend in the
future or maybe just can see what ISA
is all about,
and look into it more. So I'm really
excited.
(05:14):
No. And thank you for coming on. You
know, it's we we all get so wrapped
up in our day to day that it's
great to have people on, like, from ISA
to tell us what's going on. And, you
know, maybe, you know, you're you get in
a position later in your career where you
can actually spend some time after work, you
know, meeting with, your colleagues from all kinds
of different industries.
(05:35):
ISA is a great place to check into
and and get involved with. But let me
go ahead and turn it back to you.
Yeah. No. And, Sean, you're so right in
the sense of I tell people is even
though right now I'm not really in
the day to day cybersecurity
or OT cyber space, this conference was actually
still really beneficial because of all the diverse
(05:55):
connections that I gained there.
It was actually the first time I had
been more of the minority coming from The
United States in the sense that you had
people from Spain.
You had people from,
you know, Belgium, of course. You had France,
you had Ireland, you had London in The
UK. Right? You had different perspectives that everybody's
(06:16):
trying to come together.
And ISA had this vision statement that's create
a better world through automation. Is and that's
truly what this group's trying to do is
we're trying to protect
all of our automation systems in the OT
space
against those vulnerabilities or those threats and how
it will impact us from an operational standpoint,
but also a business standpoint. So I thought
(06:37):
even though I'm not in it day to
day,
like you mentioned, is sometimes I just have
my blinders on, do my job, know what
I'm doing,
is it was very unique to talk to
these folks at the socials and in the
the meetings and listen to them to really
expand my knowledge of what automation can be
and also what we can do to protect
(06:57):
it, but also just, like, building those connections
because you never know where your career might
lead.
And I really did value that. So,
with that, I did wanna mention that ISA
OT Cyber Summit did have two unique tracks
this year. I do feel like we try
to change up the tracks based on what's
happening in today's world, what people are talking
(07:18):
about, the trends
in this area. And so this year,
we had a chain a track called threat
intelligence.
So really just identifying threats, knowing the vulnerabilities,
knowing
how to respond
and react to those, how to prepare for
those threats. So that was one track that
we had, and the other track was securing
(07:39):
the supply chain. Hey, everybody. Just wanted to
jump in there for a minute and pay
the bills and talk to you about some
of the changes coming to the courses at
theautomationschool.com.
If you're watching this video, then you will
see me standing in front of a bunch
of equipment, and that's because I am updating
actively updating all of my PLC courses
as well as filming new additions.
(08:02):
So I just wanna make it very clear.
If you buy the existing course today,
you will get the updated edition as well.
And, there are some add on courses I'm
doing that will be optional. You can buy
them or not buy them. But in any
case, I just wanted to let everybody know
that I wanna protect your investment. I know
I've been doing this for twelve plus years,
you know,
(08:22):
on my own as the automation school and
the automation blog.
And twenty five years before, I was, you
know, working as a, a specialist. But I
just wanted to let you know that, you
know, if you make an investment today, you're
not gonna miss out on what I previously
did, but you're also gonna get what I
continue to do. And that that's very important
to me. And all my courses are buy
once own forever.
(08:43):
So if you, make the investment if you
made the investment, let's say, going back to
2013, 2014,
you're still gonna get the updated,
courses. So I know a lot of people
get confused when you start looking at the
new versions of Studio 5,000. It looks different,
you know, than even version 30. Right? And
so, you know, I figured it was you
know, a lot of people too move to
a Windows 11, and, there's some new cool
(09:06):
stuff I wanna include. You know, over the
time, I've looked for different hardware sales and,
you know, I bought a lot of different
equipment, you know, just out of my own
pocket that I wanna show you guys as
well. So with that said, that's an update
on the automation school. Now let's get right
back into this week's podcast.
So making sure that
when we have disruptions to those supply chain
(09:27):
areas or what those disruptions might look like,
how are we gonna adapt to those? What
does that mean to do
to make sure that we're being dependable and
reliable in what we're trying to accomplish in
the supply chain and making sure we understand
those impacts as well. So two different tracks.
Of course, we had speakers,
that sometimes overlapped both because they do kinda
(09:48):
intertwine together. We had 40 speakers,
two
thirty attendees, and
over 20 sponsors this year. So the event
just continues to grow and grow.
But the, the real thing that I loved
about the conference and the content
was it it actually shocked me how transparent
(10:10):
and
open the conversation was, because I feel like
at some conferences, you go and you feel
like you're just sitting and being, like, preached
at.
And you're like, I don't know if I
agree with that. At this conference, I felt
like was different. It had more panel discussions.
And one that really stood out to me
is it was a panel discussion about ITOT
(10:33):
convergence. And now this has been a theme
word for years now. Right? IT, OT convergence,
that's the way to go.
It actually took a shift in the the
discussion in the panel discussion where people were
actually like, why?
Why why are we trying to do that?
It seems like IT just wants to do
(10:53):
that, and OT is being told you must
do that. And so I thought it was
and and you would think that we were
about to go, like, in a boxing ring,
but we weren't. Right? It was actually, like,
people wanted to hear
and be inclusive
of counterarguments,
which, again, I think was very unique for
this kind of conference in the sense of
(11:15):
you might think that we were trying to
push
OT, IT convergent, but it was no. Like,
let's discuss the pain points and the challenges
and where we like, what's holding us back
from converging? What are the benefits of that
convergence?
And I thought what was unique is we
had IT
backgrounded people
(11:37):
on the panel as well as OT backgrounded
people. So you kinda see
both sides where they actually had people raise
their hand
what their background was in. And it was
kinda unique to see the audience members
being like, yeah. I came from the IT
background, and I'm being told I need to
watch over this IT space or the IT
(11:58):
people raising their hand or OT people. I'm
sorry. OT people saying,
yeah. I came from the OT side, and
I want the IT side to to watch
what they're asking and be careful and stuff
like that. And so
I, again, wanna go back to it was
very cool to see the diverse connections
in this group, but also the inclusiveness
that we weren't trying to
(12:21):
push ideas. We were trying to get people
talking about the options and what's available and
why. And I so I thought it was
interesting that I feel like I've always heard,
like, we wanna push towards convergence,
with, you know, just having better data,
knowing what's happening through the whole system, and
and from a cyber aspect.
But
I thought it was unique to hear how
(12:41):
we could work together and keep them still
separate
in some certain situations and and why. And
so that was that was unique to me.
I I thought I was like, wow. This
took a it took a turn, but in
a positive way. And I think we all
left there
really challenged with
where do we want this to head,
(13:02):
why, and how do we get rid of
those pain points. So Yeah. You know, I
think a lot of controls engineers, right, they
they know their they know their IT guys.
So let's say you're an NGS er,
and they know but they know the the
cost of downtime.
Mhmm. And and in many cases, there's there's
no convergence because
Right.
(13:23):
There's there's no
tolerance for downtime.
If you're making computer chips or you're making,
well, I guess, even potato chips, you you
really downtime is such a profit killer. Right?
And Yeah. In in some cases, it can
it can take years to recover from a
day or a week of downtime.
And so
that mission critical aspect of what we do
(13:46):
in industrial automation
is not always that mentality is not always
present in IT.
In many companies, and I'm not saying all
IT people, but in many companies, IT is
a firefighter.
They're a tech who's been thrown into the,
you know, thrown to the wolves, and they're
fixing everything from smartphones to, you know, trying
to get the UPS, replaced to, you know,
(14:08):
somebody needs a better monitor to the to
the CEO, maybe needs a little hand holding
to get the PowerPoint to work. So, yeah,
different worlds and and and it's so you
every every and I'm sure you see this
in your business, but every site, every customer
seems to be
unique well, because they have unique people. Right?
But every site you go to is even
different sites in the same company. They have
(14:30):
different cultures and just I guess they all
have unique people, unique teams, so they're gonna
that's gonna happen. But, yeah, I can definitely
see where you're coming from,
with with that. That sounds like it was
a very interesting discussion.
Right. And you bring up a great point
in the sense of I I remember specifically
this,
CISO or CISO,
you know, chief information security officer from Johns
(14:51):
Mansville came in
and was talking about how he came from
an IT background and was told you're kinda
leading this. And he noticed that he had
the gap from the OT lens and that
downtime, like you're talking about, or the individual
plant to where he did a strategic
hire, essentially, or move to bring in an
OT lens
(15:13):
into his, you know, umbrella, essentially, to make
sure he wasn't, like, missing something or
speaking and not realizing that impact of downturn.
And that's that's actually Scott Reynolds who talked
here, I believe, last year about this summit,
is that's who he brought under him to
bring in that, you know, OT
thought process, and they actually do travel
(15:35):
to their different locations. Like you said, every
plant's different, every manufacturing facility is different, to
make sure they're hearing
the unique circumstances and what they can do
to support,
but also not just, like, pushing
them to do it a certain way knowing
that there are the variances. So I think
that you're exactly right. So
(15:56):
perfect.
So the other side, right, is that that's
really trending right now and especially in Europe,
which I learned, fun fact, I was like,
why is this conference in Belgium
and in Brussels? And I did not realize
that Brussels is, like, the de facto
capital of the EU, the European Union.
(16:16):
And so there's a lot of regulation
that is happening
in Brussels
and and things that, like, come down from
a compliance standpoint.
And so a lot of the other, you
know, discussions that happened was regarding the regulatory
landscape across,
all the all the world essentially and, like,
(16:36):
NIST two, which I had to write this
down because I am I'm not as familiar
with NIST two, is network and information security
directive.
There's been NIST one for a while or
just NIST,
and now they've come up with an update
that actually spans across multiple sectors.
And we can see from NIST two and
from RED, which is radio equipment directive, and
(16:57):
just other cyber initiatives and regulation coming down,
cybersecurity initiatives,
that more and more
government or state officials are seeing the vulnerabilities
that could happen or the risk
that could happen
if they don't say you shall follow this
or do something to protect your
(17:18):
OT
systems
from, you know, disruption,
from downtime, all of that, especially the those,
again, like you mentioned, mission critical
things. And and and there and I'm gonna
talk about one specifically, one session that stood
out with this.
But I do want us to all be
aware is, like, with these regulatory
and governmental
(17:39):
mandates or guidance or directives,
is there are products out there and standards
out there that a lot of people are
leaning on to make sure they are protected
and, you know, ready for an incident and
how they respond, how they react if it
happened. And I I think last time this
was also talked about is six two four
four three. I think you all had Eric
(18:00):
Cosman on Yes. Yeah. On an episode as
well.
So I would advise anybody that isn't familiar
with 62443,
go back,
look for that episode to really dive into
the meat of what that is. But
ISA
developed
the
the IEC
ISA six two four four three standard that
(18:21):
has different
different layers to it that you kinda can
pick it which layer you need to do
based on where you stand in this process.
But, essentially, is
because ISA has this as the foundation
is this is what a lot of regulators
are looking at to be like, you need
to make sure you're doing this. You need
to make sure you're being as compliant as
(18:42):
you can be with six two four four
three. So that's why ISA
continues to host this event and talk about
it because we can see from a regulatory,
you know, perspective
that it is coming. And and and it
has been coming for a while now, but
I think it's now being more enforced
than ever before in certain regions. So just
keep that in mind. Yeah. You know, I
(19:02):
think,
and and I may get this wrong, but
from a previous coverage of NIST and NIST
two, you know, it's it's, you know, from
memory, just going by memory. You know, NIST
was really about core
providers. So those people who, if they got
hacked, could really affect society in a big
way. And with NIST two, right,
it broadens that. So some industries that you
(19:24):
may think, well, you know, if that plant
goes down, it's really not gonna well, it
could affect your your community,
your city in a big way. You just
may not be have been aware of that
previously.
And
so, you know, in America, I think you're
absolutely right. You know,
not that we're gonna get those same regulations,
(19:44):
probably not word for word, but,
you know, a lot of OEMs here are
shipped there. Right? A lot of integrators work
on machines here ship there. But beyond that,
understanding
what the threats they're trying to protect from,
the six two four four three layered you
know, the different layers of standards,
You know? So you understand what when you
see a product, right, like a remote access
(20:05):
product,
and it has all these different numbers on
it, you understand
what are they protecting? What kind of what
kind of security was built in, baked into
this product? Like, this this product has this
number on it. That means they went through
all kinds of testing and and, you know,
and to to make sure that their, you
know, processes and the product itself and the
(20:26):
supply chain and all that. So I think
it's very helpful. Not that we're going to
necessarily have to meet this and this too.
We may have similar regulations, but the fact
that you're staying up to date with what's
going on in the world as far as
cybersecurity is concerned. And we've had so many
vendors on talking about zones and conduits and
Yeah. Just all kinds of all kinds of
different things, you know,
(20:46):
secure remote access, VPNs.
And all of this plays a role in
in you know, there's just so many great
products out there, but, you know, that that's
my pitch for why staying abreast of these
is important.
In worst case scenario
hey, everybody. Just wanted to break in here
and pay some bills. Did you know that
the automation school is a factory IO reseller?
(21:09):
That's right. Not only that, I have questions
on using factory IO with ControlLogix and CompactLogix,
with the MicroLogix and Slic 500,
and with the micro 800.
Now factory IO is a three d,
factory simulator that allows you
to really practice your programming skills,
not on an actual machine, but on a
(21:31):
three d simulation of a machine. And I'll
tell you what, some of these, are really
challenging. Right? The early editions are not the
early levels aren't really that hard, but as
you get them to lesson three, four, five,
six, and more, they start getting much harder.
And a lot of times, we utilize, like,
a state machine to solve them because, like,
(21:51):
if we have, merging two different conveyors
or if we're checking for the height of
packages and things like that,
or we're filling a tank, whatever we're doing,
a lot of times you wanna take a
very sequential approach to those type of applications,
whereas other applications, you know, you take more
of a batch approach. But in any case,
if you don't know anything about Factory IO,
(22:12):
go check out lesson one zero two in
any of my PLC courses, and I put
a little demo in there along with the
free utility I give away with my courses
as well as for the compact and control
logics. There's another package we sell called,
PLC Logics
that is similar to Factory IO, but it
doesn't require a PLC. It doesn't require that
you have your own license of Studio 5,000.
(22:33):
It's actually it's all self contained training,
software. So check those out over at theautomationschool.com.
And with that, let's jump right back into
this week's episode. Don't connect the plant flow
to the Internet. You know? I know you
I know you wanna be able to VPN
in and check on your PLCs, but, you
know, just make sure that connection is ultra
secure. If you're not if you're not sure
(22:54):
if it's secure,
unplug it and and do the research because,
you know, we've heard about the pipeline where
there was, you know, a cyber attack and
there was, you know, ransomware, and we've heard
about hospital hospitals and, you know, just, you
can pretty much think any place in our
society, there's been a ransomware attack. And so
we're just gonna be cognizant. We heard a
major news talking about don't even charge your
(23:16):
phone at the airport because Right. Cult I
don't know how to get in, but culprits
have been going in and hacking the physical
hardware so they can steal your information when
you're using The US. So we all have
to help each other stay up to date
on this. We gotta share these stories. That's
what people do best is share stories about
things that are important that we need to
know about.
And, you know, that's that's kind of my
(23:38):
pitch for staying. Let me turn it back.
Let me turn it back to you. Well
no. And you bring up it honestly makes
me think about a session that happened about
Wi Fi. Is it it's talking about Wi
Fi security, and I know that I'm just
as, like,
guilty of this where we'll just sign on
to what we believe is the local safe
Wi Fi, whether it's the airport.
(23:59):
Yep.
Or the use case that he gave me
even here, like, how many of us signed
into the hotel's Wi Fi? Yeah. Right? And
he talked about how and he kept saying,
hypothetically,
to make sure because he knew it was
against the law, but, like, hypothetically, I could
spoof it right now. Right? Is essentially and
he went through how he could do it.
Right? How he could use a device, hypothetically,
(24:22):
in his laptop to essentially make the Wi
Fi go out for a second, create a
new Wi Fi with a very similar name
that makes you believe that that's now the
new connection that you have to, you know,
say that you're joining
and, you know oh, there it is. My
my current hotel Wi Fi went off. There's
the other name that looks very similar Yeah.
(24:43):
And joining and not realizing you're joining,
that unsecure network. They can get in different
ways now. So you're you're very right. As
I tell people, is is really that threat
intelligence
track at OT,
cyber made me, in a good way, again,
expand my knowledge for what is possible out
there, but also, like, what
(25:05):
what I should be thinking about taking into
consideration
in my day to day home personal, you
know, career and life and what I'm doing.
But also, what am I doing in the
job
that I should be second guessing or making
sure I've thought through? Are there any loopholes
or gaps that someone could get in or
is already in? Right? Well, that's the thing
(25:26):
because you bring most people are bringing their
devices to work. So if you get hacked
at the airport or get hacked at the
hotel,
that's a vector into your company. And a
lot of companies, that's where that's where the
intrusion comes from a personal device. I mean,
today, it used to be people are a
little on and don't bring your devices. And
today, everybody brings their phone with them everywhere.
Yeah. And so that is a vector into
(25:47):
the plant.
And that's another reason why maybe your POC
and HMI and SCADA system and VFDs and
everything that you have in your network should
only talk to a list of approved IP
addresses and proved you know? You know? Maybe
there should be some digital signatures there. I'm
not saying for for certain networks, but for
other networks that are more wide open, like,
maybe you plant for a Wi Fi, maybe
(26:07):
you should be locked down a little bit
more. Maybe it shouldn't be a great place
to to stream you to. But, anyways, let
me turn it back to you. Well and
and you,
doctor,
her name was doctor Marina Krotafil, And I'm
gonna say it wrong.
She actually
shared a case study. Now I won't give
all the details of the case study, but,
essentially, is it talked through how
(26:27):
even at, like, state
sponsored
cyber operations. So when we're talking,
you know, we're talking maybe, like, everybody thinks,
like, hackers are, like, you know, the the
people that just have too much time. They
wanna do ransomware, get money. They wanna get
through
it's like, you know, you think about especially
with all the things happening in the world
today is Mhmm.
(26:48):
Countries against countries or states against states, essentially,
that want to get in and disrupt
the economy or disrupt and show their power
can do so through
cyber attacks. And she actually talked through
how attackers, especially at a state level, that
get recruited by a state,
(27:10):
maybe like a Russia, you know, at first,
like, essentially, she went through different scenarios where
is if a if a government official or
government wanted to get in and learn the
vulnerabilities
and all that for another,
entity or another country,
they know how to do that. Right? They
know how to
essentially
(27:30):
make it to where they
they're testing their limits. Right? How long does
it take them to get caught?
How long does it take them to to
make you notice that they're in your system?
How what do you do about it? Like,
they're essentially, she gave examples in this case
study where
everything certain state
sponsored cyber operations do is strategic. Right? They're
(27:53):
testing their limits. They're testing their capabilities. They're
testing
and training up folks for when they actually
want to do something. And I think you
mentioned this in other,
podcasts too that I listen to is, like,
we gotta be cautious that people could be
lurking. They could be in. They could be
just not making themselves known
in our
(28:13):
critical infrastructure. And and, again, she she spun
it in such a way that I'm not
here to scare anybody on this podcast, but,
essentially, just being aware
that people are very smart,
and we need to be smart and ahead
of that as well.
And that's what I think this conference allows
us to do is it shares best practices.
It shares that knowledge. It builds those connections.
(28:35):
So now, like, you kinda mentioned, there's so
much equipment
that you can buy and vendors selling different
things that have different security settings. Like, all
those sponsors make great products. And and understanding
what they can do, what they can't do
helps us
be able to protect ourselves, get ahead of
these risks, get ahead of these potentials, and
not be afraid. Right? It's kinda like you
(28:57):
put a lock on your door
to make sure you're not just welcoming anybody
in, not that you're gonna plan for someone
just to walk in your house that's not
welcome. Right? Is we wanna make sure we're
doing what we can, and I think that's
what this conference really allowed
is to know the risk out there, to
be aware of the situations, the cyberattacks that
have happened in in recent history,
but also, like, what can I do as
(29:19):
an end user, as a consultant, as an
integrator,
as a product, you know,
manufacturer? What can I do to make a
difference to help safeguard our OT systems
and make a difference and and protect them?
You know, I I I restore to the
people. They're like, well, why would they hack
us? And it's like, you know, take a
step back. You know, the first of all,
(29:40):
these people who are working for their governments,
whether it's The US, whether it's EU, any
country in the world, you name it. Right.
They all they all think that they're doing
a patriotic thing working for their com their
country.
In every country, every almost virtually every country
in the world, virtually every one of them
have been hacked by almost every other one
of them. Yeah. And we don't know who
(30:01):
hacked for us. Right? This is the eye
for the eye thing. Like, it's been going
on for so long. You know, did the
French start it? Did the Americans start it?
Did the Russians start it? Did no. Every
country in the world's been hacking every other
country. There there's no tracing back to who
started this this roller coaster of hacking,
but everybody's perceived like the other people are
hacking me, so I have to hack back.
(30:21):
So you just have to be cognizant of
that
and and and understand that it may not
be you. It may not be your company.
It may not even be what you make
that's the target. You may just be the
punch back for the punches they received last
month, and you're just the only target they
can hit. And so we we, you know,
let's stop all the punching. Let's secure our
(30:42):
facilities. So so we frustrate all of these,
including our own, all these people who are
trying to illegally hack into different companies and
and cause problems like the ransomware. And, you
know, I and and it's real.
And, you know, it came years ago, it
came to me. I put a SCADA server
as a demo for my customers. I put
it on the Internet. I was just like,
hey, boss. Give me a cable modem. I'm
(31:03):
gonna put my server on. I'm gonna demo,
you know, web based SCADA to all my,
to all my great customers in the area.
And the thing was hacked within a day.
I mean and I'm going back twenty years
now. This is twenty years. It was hacked
in a day. And every week, I would
spend a couple hours trying to make it
hack proof.
You know? And, you know, this was before
I even you know, firewalls were even, like,
(31:24):
consideration for a small business. Right? And so,
yes, the people are being hacked all the
time.
Yep. We we you know? And and we
have to be vigilant
against those hacks.
And we gotta
people are tired of me saying this. Also,
please back up your PLC HMI SCADA systems
and all those VFPs.
Just in case. Stuff up just in case.
(31:46):
It'll there there's so much room on your
hard drive now. You could back it all
up a thousand times, and you would still
have room left over. So I like to
Can you imagine how much money you would
save having that backup
ready to go instead of like you mentioned,
downtime earlier, right, is
Yeah. Essentially, if if something were to happen,
right, say, ransom
ransomware hap whatever. Right? Is is you you
(32:08):
end up saying, no. We're not paying it,
and you lose everything.
Is now if you had to rebuild
all of that code and all of your
systems and get everything back talking to each
other is I mean, I don't even wanna
do the math. I mean, you're talking you're
you're not you're losing revenue, just whatever you're
producing or making with that system,
(32:29):
but you're also now
spending money to get it back to whereas
if you had the backups
already ready. Yes. You're still gonna have downtime.
You're still gonna have to get everything back
up, but you're saving all that developmental time
to, like, redo it all, essentially. Sometimes you
can't. There are some machines that are so
complicated.
Right.
And they, you know, they may have had
changeover. Nobody may have that file anymore. So
(32:50):
take your take your own future in your
own hands,
back up everything,
back it up more at once.
Right. You know, and take it like Microsoft
will tell you if you go to any
type of server type of training
or certifications, you're gonna have a copy of
that off-site. They all cannot be on your
site because if there's a fire where you
store all that stuff, you don't have any
backups anymore. So very interesting stuff and, you
(33:12):
know, I hate to preach. I know the
the I know the audience is used to
me saying this stuff, but, but it's so
important. I I I've had multiple customers
well, former customers, colleagues, audience members tell me
about their horror stories where they had ransomware,
and it's just it truly is devastating to
the companies. Right.
And it really, like, I mean, it hurts
people's paychecks because, you know, there's no raises
(33:34):
that year, no bonuses that year,
sometimes layoffs. So Oh, yes. It kills the
culture. I mean, truly. And
and that's where I
and I I think sometimes we take for
granted, kinda like you mentioned at the beginning.
We put our blinders on.
We just do our job. We think we're
doing our job, and you don't think about
all these things. And I think that's the
(33:54):
the benefit of groups like this. Right? Your
podcast, bringing a community together to talk about
things like this, lessons learned,
things that I've learned in my career, my
product. Like, you're getting knowledge out there, and
that's exactly what ISA is trying to do
as well. It's like, why do we all
have to learn by the the hard way
or learn by things happening when you have
all these resources? That's what I think frustrates
(34:16):
me the most sometimes is people will be
like, well, I didn't know that.
Hey, buddy. I just wanted to jump in
here and pay some bills and tell you
about my training at the Automation School, my
in person training
that I do right here in my offices
in the beautiful Berkshires.
So many great things to do out here
in Western Massachusetts. We're about an hour away
from Albany, New York. And one of the
(34:38):
things you're gonna find with my training that
you're not gonna find with, the big vendors
is, you know, I can kinda customize it
for you. Right? So, you know, if you
wanna do, like, a day of, Allen Bradley
PLCs and a day of Siemens PLCs, I
can do that for you.
Also,
you know, we teach not just using the
the trainer trainer boxes, but we also teach
using factory
(34:59):
IO so that even the most advanced students
should have a full day's worth of work
or two or three full days depending on
what you wanna do.
And you're gonna see over the coming weeks,
I'm adding even more hardware to the training
room. I'm, creating all of these one by
one demo boards that I'll be showing you
guys in on the, the lunchtime show that
I'm doing,
(35:20):
where,
I'm bringing in things like Flex IO, Point
IO,
you know, seventeen sixty nine distributed IO, fifty
sixty nine distributed IO. All these things that,
you know, if you go to some of
the place where they just bought, you know,
APLCs and APCs and say, here's a manual,
you're not gonna get the same experience.
So in any case, if you have any
(35:41):
needs for in person training, maybe you don't
wanna send your folks off to the factory
for $5,000
a pop and have them gone for a
week, get in touch with me, and you
can see all these details about what I'm
doing over at the automationschool.com
forward slash live.
That is where I have
not only information about my in person training,
(36:01):
I have pictures of the training room, I
got pictures of the building. I also have
all the local hotels. Within three miles, we
have all of the big hotels
as well as all of the kind of
fun stuff you can do in the Berkshires
when you come out here, like visit the
Norman Rockwell Museum,
climb Mount Greylock,
and there's so many other things to do
as well out here. And a lot of
historical places too, like Susan b Anthony's home
(36:24):
or Herman Melville's home and so on. So
with that, I just wanted to tell you
about my in person training that I'm offering
here in my office. And now let's jump
right back into this week's show.
And I'm like, but you gotta, like, you
gotta go find that out. Right? You gotta
ingrain yourself in a community
that knows more than you do and admit
you're not the smartest person in the room.
(36:45):
Right? And and learn from the group. Right?
Learn from the greater good that is really
trying to help make make the world a
better place. I know it's a a tagline,
but, essentially, that's true. Right? Like, you're trying
to get the automation community
more knowledge, more information, and that's what ISA
is trying to do. And I think it's
nice to know that you don't have to
do it alone
(37:05):
in the sense of whether you're starting out
in automation and you have no clue what
you just signed up for,
or you're in it. You're now charged with
making sure the OT system's safe
is knowing that there's
conferences out there that specialize
in OT cybersecurity
as well as, like, standards that tell you
how to make sure that you're protecting your
(37:27):
OT cyber, you know, security assets and all
that stuff, but also training courses. So I
think Scott mentioned this last year, but we
did the same thing this year where we
hosted two training courses with this conference that
you could sign up for. One of them
even sold out, and that was using the
IEC ISA six two four four three standard,
(37:48):
like how to use it to secure your
control systems.
Literally a two day course sold out. Full
house packed room.
Marco
Aiola?
I can't ever say his last name. Sorry,
Marco, if you're listening.
He is great if you've never met him,
but he has tons of knowledge. He he
trained that or taught that course this during
(38:08):
this conference in Belgium. So if you're not
sure where to
start and you're just like, I just need
to, like, wrap my head around what this
standard is, maybe reading,
you know, a standard is not what you
love to do, maybe you want someone to
teach you what's in there and how to
use it, that's the place to start, as
well as, Steve Mustard taught, assessing the cybersecurity
(38:29):
of new and existing
systems. So industrial con industrial automation control systems.
So Steve Mustard's also been on an episode.
He taught a a class
as well at Brussels. And so I just
wanted to encourage everyone that is listening,
is you don't have to be an automation
professional alone. You don't have to do
figure out how to just make sure you're
(38:50):
safe and secure alone. Get involved in communities
like this podcast, like ISA. Find those people
that have walked it, have learned from mistakes,
have done things
because there's resources out there that you can
find
and get involved in, whether that's discussion boards,
conferences, standards,
training,
all of the above, podcasts.
(39:12):
I just I think that's where I truly
people are like, why are you involved in
ICA? I'm like, why wouldn't I be? Like,
it's like you just it's so much knowledge.
It's so
take it take it with what I I
say as I just ask people to get
involved. That that's what I'm saying in in
any automation community. Yeah. And if you're an
engineering manager out there, consider, you know, be
in the first take the first step. Get
(39:33):
yourself involved with your local chapter. Right? And
maybe it is an ISA. Right?
If you don't have an ISA local, there's
probably another another similar organization,
and get involved. And if you find it
valuable, right, that whatever it is, an hour
or a week, an hour a month, then,
you know, encourage the people who work for
you to also get involved. It's it's yes.
(39:54):
Some of them may find
may network a little bit and find a
new job, but then again, you may find
people to fill positions you're open. So but
it did just,
you know, this this this industrial automation,
industry is so tiny.
Right? To tip to, like, health and fitness,
right, or or all those type of things
that that, you know, we're we're at a
(40:15):
disadvantage as far as, you know, just be
able to have, you know, everybody on the
corner. Had there's a gym on every corner
or there's Yes. You know, a a maker
shop on every corner. Well, with industrial automation,
you know, a lot of times, we can't
visit each other's facilities just because of intellectual
property. So so consider that, and there's some
great places online, plcs.net,
misterplc.com,
(40:36):
and other forms online. We get the ISA
and other organizations. So, yeah, I definitely,
confirm that too. We wanna we wanna encourage
people to get involved. And I know a
lot of folks are like me. You got
family, you got kids, grandkids. You're just busy
all the time. But if you're able to,
and and I live in the boonies, but
if you're able to, get involved.
So I I definitely encourage that. Yeah. Exactly.
(40:58):
And I have I have two boys on
my own, two and six. And the the
joke around ISA is that they're the youngest
members because they are going to be I
literally have bought merch with ISA on it
for them because it's just one of those
things that the it it it does take
a village to be part of something like
this and and try to really make a
difference.
So I do wanna go back a step.
(41:19):
You mentioned this too, and I think it's
so valuable.
I joined ISA because my manager
found the value and said,
you should join ISA
because it will skyrocket your career. You'll learn
from other professionals. You'll network. You'll get up
to speed faster
in this type of industry
(41:39):
with if you didn't. Right? And I can
tell you as as working for the same
company now for thirteen years,
that that hasn't been a true statement. Is
is it truly
enabled me to, one, get involved in this
industry, grow from an I and c engineer,
you know, putting in big EPC projects, engineer
(41:59):
procurement construction projects, you know, midstream refineries to
now managing automation
projects
for my clients. And it I I I
truly credit getting involved in the automation community
because, again, it's a small world. I've literally
met people across The United States that are
like, I feel like I've gotten an I
like, an email from you. Like, are you
part of ISA? Like, it's truly, like, you
(42:22):
don't realize how that, like, comes full circle.
You're like, yes, I am. And, like, what
how do you and how are you involved?
So I'll just say, I totally agree.
And I do want to say, if you
go to events,
is you might start you might be the
first to hear something that's in the works
or that's starting. So I did wanna mention
in here, because I think it's it's a
(42:42):
really cool, initiative that's rolling out,
is our group ISA Secure,
which, again, focuses on six two four four
three,
is they're rolling out the industrial
automation control system security
assurance program
this fall. So there was a session on
it at the conference to announce it, and
(43:02):
there's a whole,
flyer on it. You can find it at
isasecure.org.
What it's doing is it's kinda coming full
circle. Right? Is ISA developed a standard.
They then made training for the standard.
They then, you know, essentially said, okay. What
else can we do? Okay. Let's do ISA
secure and really, like, certify
(43:23):
devices and and things that that fall as
ISA secure. They're doing what they should be
doing.
And now it's saying, now let's
offer a site assessment
program
to where we will validate or essentially
not prove, but essentially, they're gonna say, yes.
You are following what you can do for
six 2443.
(43:43):
And so it's gonna roll out this fall,
so more details to come. Like I said,
there's a two page flyer on it. It
goes through different stakeholder benefits depending on, are
you an asset owner? Are you an insurance
underwriter?
Are you, you know, an end you you
know, I said end user, but you know
what I mean. It essentially
is it kinda lays out that they're going
to come in and say, yes. You are
(44:04):
being compliant with 62443
as the person that, you know, wrote 62443
is essentially kind of validating that through this
new, it's called
ACSSA.
We love acronyms in ISA,
and control systems love acronyms. So we had
to fit the the part there.
So all to say, I think it's good
to join events because they're the first ones
(44:25):
to know.
I learned that at the conference. So it's
essentially it's like you're always finding out what's
coming ahead
that you can be on the lookout for,
what can help you instead of going down
a rabbit hole that you didn't even realize
this was coming into play. So That's awesome.
That's awesome. Was there anything else you wanted
to share with us about the event? I
know we covered a lot of ground already.
(44:46):
Yeah. But were there other things that you
wanted to talk about? The only thing I
wanted to say was, I know I mentioned
this before, but I would say get involved
at a conference that maybe is overseas if
you ever get the opportunity. Next year, it's
going to be in Prague,
Czech Republic, also in the month of June.
You'll find all the details coming out, on
our website,
(45:07):
o t c s, for OT cybersecurity,
summit,
.isa.org.
And I I want to just reiterate that
you really do
build that diverse connections. You build confidence if
you're doing it the right way. You get
the knowledge if you essentially,
you know,
needed more knowledge on what to do to
secure your OT assets. So I I just
(45:28):
think going to a conference like this really
builds that community, that network, and that confidence.
And so I encourage you all to join,
but, essentially, I think you should look at
our pictures on our website. It makes it
look like you missed out. I will say
it was a lot of fun. I was
so glad to join.
But I do thank you, Sean, for letting
me be here today. No. And it's great
to hear what, ISA is doing. You guys
(45:48):
do so much. And I know this, this
security summit, OT security summit, or cyber summit
is a big part and and and touches
on a very important aspect of what, the
audience the people in the audience do on
a regular basis. And, we love getting updates
from you guys. Maybe we can get you
back in a few months to talk about,
some maybe something else you guys are working
(46:09):
on. But, in any case, we should that.
Yeah. I really appreciate you coming on today
and, bringing us up to speed on the
the summit.
Well, thank you, Sean. I really appreciate you
and your community. Well, I hope you enjoyed
that episode, and I wanna thank Ashley for
coming on the show and talking
OT cybersecurity
with us. It sounds like a great opportunity
to go to this, event if you especially
(46:30):
if your company has, offices in Europe.
It's not something that I think I could
do as a self employed person here in
The US, but, definitely, any of you folks
out there who are, you know, working with
your European counterparts, maybe going to SPS over
there, this may be a trip you may
wanna consider. And, of course, please check out
the ISA. They're a great organization,
(46:51):
and we love having them on the show.
I also wanna thank our sponsor,
the automationschool.com.
If you know anybody looking for PLC, HMI,
or SCADA training, whether it be in person
right here in this office
or it'd be online, please, contact me directly
at theautomationschool.com.
You'll see all my contact links up at
(47:12):
the top of the site. And with that,
I wanna wish you all good health and
happiness. And until next time, my friends,
peace.
Welcome back. My name is Sean Tierney from
Insights and Automation, and I wanna thank you
for tuning back in to this episode of
the automation podcast.
This week on the show, I have Ashley
Weckworth from ISA
to talk about the OT cybersecurity summit they
just held
over in Europe in Brussels,
and, very interesting conversation
(00:22):
about OT cybersecurity.
In addition to that, I had a couple
announcements.
First off, I wanted to let you know
that I have rebooted the automation news podcast,
and I renamed it Automation Tech Talk. And
I'm trying to do
a show at least three or four times
a week at lunchtime.
So if you're not already subscribed to the
old automation news podcast,
(00:45):
you should be able to find it now
as Automation Tech Talk. And, I'm just trying
to spend ten to twenty minutes every lunch
trying to share some knowledge that I have
with the community.
I also wanna mention that if you are
a listener,
I'm running a special 20% off,
sale on my courses over at the automationschool.com.
(01:05):
You will not see that there. It's only
for those listening.
And I know most of you are already
automation experts, so you don't need to take
these courses.
So, really, this would be something you would
pass on to the people who work for
you or people you know who need to
get up to speed on whether they need
an introductory PLC course, so they need to
get up to speed on ControlLogix,
CompactLogix,
(01:26):
s seven twelve hundred and fifteen hundred, PanelView
plus, USC, and so on. So in any
case,
to get that discount, that 20% off any
course or bundle of courses at $99
or more,
All you have to do is send me
the email address of the person who wants
the discount.
And, of course, we do do, group enrollment
with, we've done it with a lot of
(01:46):
Fortune 500 companies. Actually, I got a new
order that just came in I gotta process.
But, when we do a group enrollment, you
you enroll, like, several people at your shop,
and then I enroll them all at once,
and you get a discount a quantity discount
and all that. So in any case,
if you have any questions about that, just
go to the automationschool.com.
All my contact info is at the very
(02:07):
top, my voice mail,
my email. You can even fill in a
form there or book a meeting with me.
But, please let me know if you know
anybody who needs training. Even if you just
want me to reach out to them to
see if I can help them with their
training needs, please let me know over there.
And with that, let's go ahead and jump
into this week's episode of the automation podcast.
And, Ashley, I know this is your first
(02:28):
time on the show.
So before we jump into the summary of
what what what this OT
cybersecurity summit is and what it was all
about and the highlights and all that good
stuff,
before we even get into that, could you
tell the audience a little bit about yourself?
Yeah. Thank you, Sean. I appreciate being here.
My name is Ashley Weckworth.
(02:48):
I am located in Orlando, Florida.
I've been a volunteer for ISA for twelve
years now.
I actually have a day job, though. I'm
a volunteer with ISA, which is the International
Society of Automation. But in my day job,
I'm actually a project manager for automation
projects, so specifically
SCADA systems projects for the electric grid right
(03:10):
now. But our company also supports many other
industries, so I actually started my career out.
I was a chemical engineer. So I like
to tell people, you never know how you're
gonna find your way to automation professions.
There's so many different varying degrees and everything
that kinda lead us to this place. But
I graduated in chemical engineering, went into instrumentation
(03:31):
and controls,
for the oil and gas industry. So doing
a lot of, you know, it was PLCs
or DCS systems that we used. But essentially,
as I actually got my pro professional engineer
license in control systems. So as a chemical
engineer,
you don't know a lot about instrumentation controls
(03:51):
and automation,
at least I didn't.
And so I was actually recommended to join
ISA right out of school.
So I joined ISA in June 2012 and
became a volunteer leader at the local section
in 2013 and then just grew,
in my volunteer roles, and I am now
the ISA
president-elect
(04:12):
secretary.
So what that means
is in 2026,
I will be the, ISA president
for that calendar year. So I'm excited to
be here today,
to talk to you all about the ISA
OT
Cyber Summit.
I actually was able to attend this event
(04:32):
this year. It's the third
year that ISA has done this event.
The first year was Aberdeen,
Scotland.
The second year was in London.
And then this year, the first year I
was able to attend
was actually in Brussels, Belgium. So we've been
all over Europe in different capacities,
(04:53):
and I was really excited to attend this
event. And I wanted to come on here
today, and I'm so thankful you allowed us
to come on here today to just tell
your audience and community that are all very,
enthusiastic about automation about this summit.
So, hopefully, maybe they wanna attend in the
future or maybe just can see what ISA
is all about,
and look into it more. So I'm really
excited.
(05:14):
No. And thank you for coming on. You
know, it's we we all get so wrapped
up in our day to day that it's
great to have people on, like, from ISA
to tell us what's going on. And, you
know, maybe, you know, you're you get in
a position later in your career where you
can actually spend some time after work, you
know, meeting with, your colleagues from all kinds
of different industries.
(05:35):
ISA is a great place to check into
and and get involved with. But let me
go ahead and turn it back to you.
Yeah. No. And, Sean, you're so right in
the sense of I tell people is even
though right now I'm not really in
the day to day cybersecurity
or OT cyber space, this conference was actually
still really beneficial because of all the diverse
(05:55):
connections that I gained there.
It was actually the first time I had
been more of the minority coming from The
United States in the sense that you had
people from Spain.
You had people from,
you know, Belgium, of course. You had France,
you had Ireland, you had London in The
UK. Right? You had different perspectives that everybody's
(06:16):
trying to come together.
And ISA had this vision statement that's create
a better world through automation. Is and that's
truly what this group's trying to do is
we're trying to protect
all of our automation systems in the OT
space
against those vulnerabilities or those threats and how
it will impact us from an operational standpoint,
but also a business standpoint. So I thought
(06:37):
even though I'm not in it day to
day,
like you mentioned, is sometimes I just have
my blinders on, do my job, know what
I'm doing,
is it was very unique to talk to
these folks at the socials and in the
the meetings and listen to them to really
expand my knowledge of what automation can be
and also what we can do to protect
(06:57):
it, but also just, like, building those connections
because you never know where your career might
lead.
And I really did value that. So,
with that, I did wanna mention that ISA
OT Cyber Summit did have two unique tracks
this year. I do feel like we try
to change up the tracks based on what's
happening in today's world, what people are talking
(07:18):
about, the trends
in this area. And so this year,
we had a chain a track called threat
intelligence.
So really just identifying threats, knowing the vulnerabilities,
knowing
how to respond
and react to those, how to prepare for
those threats. So that was one track that
we had, and the other track was securing
(07:39):
the supply chain. Hey, everybody. Just wanted to
jump in there for a minute and pay
the bills and talk to you about some
of the changes coming to the courses at
theautomationschool.com.
If you're watching this video, then you will
see me standing in front of a bunch
of equipment, and that's because I am updating
actively updating all of my PLC courses
as well as filming new additions.
(08:02):
So I just wanna make it very clear.
If you buy the existing course today,
you will get the updated edition as well.
And, there are some add on courses I'm
doing that will be optional. You can buy
them or not buy them. But in any
case, I just wanted to let everybody know
that I wanna protect your investment. I know
I've been doing this for twelve plus years,
you know,
(08:22):
on my own as the automation school and
the automation blog.
And twenty five years before, I was, you
know, working as a, a specialist. But I
just wanted to let you know that, you
know, if you make an investment today, you're
not gonna miss out on what I previously
did, but you're also gonna get what I
continue to do. And that that's very important
to me. And all my courses are buy
once own forever.
(08:43):
So if you, make the investment if you
made the investment, let's say, going back to
2013, 2014,
you're still gonna get the updated,
courses. So I know a lot of people
get confused when you start looking at the
new versions of Studio 5,000. It looks different,
you know, than even version 30. Right? And
so, you know, I figured it was you
know, a lot of people too move to
a Windows 11, and, there's some new cool
(09:06):
stuff I wanna include. You know, over the
time, I've looked for different hardware sales and,
you know, I bought a lot of different
equipment, you know, just out of my own
pocket that I wanna show you guys as
well. So with that said, that's an update
on the automation school. Now let's get right
back into this week's podcast.
So making sure that
when we have disruptions to those supply chain
(09:27):
areas or what those disruptions might look like,
how are we gonna adapt to those? What
does that mean to do
to make sure that we're being dependable and
reliable in what we're trying to accomplish in
the supply chain and making sure we understand
those impacts as well. So two different tracks.
Of course, we had speakers,
that sometimes overlapped both because they do kinda
(09:48):
intertwine together. We had 40 speakers,
two
thirty attendees, and
over 20 sponsors this year. So the event
just continues to grow and grow.
But the, the real thing that I loved
about the conference and the content
was it it actually shocked me how transparent
(10:10):
and
open the conversation was, because I feel like
at some conferences, you go and you feel
like you're just sitting and being, like, preached
at.
And you're like, I don't know if I
agree with that. At this conference, I felt
like was different. It had more panel discussions.
And one that really stood out to me
is it was a panel discussion about ITOT
(10:33):
convergence. And now this has been a theme
word for years now. Right? IT, OT convergence,
that's the way to go.
It actually took a shift in the the
discussion in the panel discussion where people were
actually like, why?
Why why are we trying to do that?
It seems like IT just wants to do
(10:53):
that, and OT is being told you must
do that. And so I thought it was
and and you would think that we were
about to go, like, in a boxing ring,
but we weren't. Right? It was actually, like,
people wanted to hear
and be inclusive
of counterarguments,
which, again, I think was very unique for
this kind of conference in the sense of
(11:15):
you might think that we were trying to
push
OT, IT convergent, but it was no. Like,
let's discuss the pain points and the challenges
and where we like, what's holding us back
from converging? What are the benefits of that
convergence?
And I thought what was unique is we
had IT
backgrounded people
(11:37):
on the panel as well as OT backgrounded
people. So you kinda see
both sides where they actually had people raise
their hand
what their background was in. And it was
kinda unique to see the audience members
being like, yeah. I came from the IT
background, and I'm being told I need to
watch over this IT space or the IT
(11:58):
people raising their hand or OT people. I'm
sorry. OT people saying,
yeah. I came from the OT side, and
I want the IT side to to watch
what they're asking and be careful and stuff
like that. And so
I, again, wanna go back to it was
very cool to see the diverse connections
in this group, but also the inclusiveness
that we weren't trying to
(12:21):
push ideas. We were trying to get people
talking about the options and what's available and
why. And I so I thought it was
interesting that I feel like I've always heard,
like, we wanna push towards convergence,
with, you know, just having better data,
knowing what's happening through the whole system, and
and from a cyber aspect.
But
I thought it was unique to hear how
(12:41):
we could work together and keep them still
separate
in some certain situations and and why. And
so that was that was unique to me.
I I thought I was like, wow. This
took a it took a turn, but in
a positive way. And I think we all
left there
really challenged with
where do we want this to head,
(13:02):
why, and how do we get rid of
those pain points. So Yeah. You know, I
think a lot of controls engineers, right, they
they know their they know their IT guys.
So let's say you're an NGS er,
and they know but they know the the
cost of downtime.
Mhmm. And and in many cases, there's there's
no convergence because
Right.
(13:23):
There's there's no
tolerance for downtime.
If you're making computer chips or you're making,
well, I guess, even potato chips, you you
really downtime is such a profit killer. Right?
And Yeah. In in some cases, it can
it can take years to recover from a
day or a week of downtime.
And so
that mission critical aspect of what we do
(13:46):
in industrial automation
is not always that mentality is not always
present in IT.
In many companies, and I'm not saying all
IT people, but in many companies, IT is
a firefighter.
They're a tech who's been thrown into the,
you know, thrown to the wolves, and they're
fixing everything from smartphones to, you know, trying
to get the UPS, replaced to, you know,
(14:08):
somebody needs a better monitor to the to
the CEO, maybe needs a little hand holding
to get the PowerPoint to work. So, yeah,
different worlds and and and it's so you
every every and I'm sure you see this
in your business, but every site, every customer
seems to be
unique well, because they have unique people. Right?
But every site you go to is even
different sites in the same company. They have
(14:30):
different cultures and just I guess they all
have unique people, unique teams, so they're gonna
that's gonna happen. But, yeah, I can definitely
see where you're coming from,
with with that. That sounds like it was
a very interesting discussion.
Right. And you bring up a great point
in the sense of I I remember specifically
this,
CISO or CISO,
you know, chief information security officer from Johns
(14:51):
Mansville came in
and was talking about how he came from
an IT background and was told you're kinda
leading this. And he noticed that he had
the gap from the OT lens and that
downtime, like you're talking about, or the individual
plant to where he did a strategic
hire, essentially, or move to bring in an
OT lens
(15:13):
into his, you know, umbrella, essentially, to make
sure he wasn't, like, missing something or
speaking and not realizing that impact of downturn.
And that's that's actually Scott Reynolds who talked
here, I believe, last year about this summit,
is that's who he brought under him to
bring in that, you know, OT
thought process, and they actually do travel
(15:35):
to their different locations. Like you said, every
plant's different, every manufacturing facility is different, to
make sure they're hearing
the unique circumstances and what they can do
to support,
but also not just, like, pushing
them to do it a certain way knowing
that there are the variances. So I think
that you're exactly right. So
(15:56):
perfect.
So the other side, right, is that that's
really trending right now and especially in Europe,
which I learned, fun fact, I was like,
why is this conference in Belgium
and in Brussels? And I did not realize
that Brussels is, like, the de facto
capital of the EU, the European Union.
(16:16):
And so there's a lot of regulation
that is happening
in Brussels
and and things that, like, come down from
a compliance standpoint.
And so a lot of the other, you
know, discussions that happened was regarding the regulatory
landscape across,
all the all the world essentially and, like,
(16:36):
NIST two, which I had to write this
down because I am I'm not as familiar
with NIST two, is network and information security
directive.
There's been NIST one for a while or
just NIST,
and now they've come up with an update
that actually spans across multiple sectors.
And we can see from NIST two and
from RED, which is radio equipment directive, and
(16:57):
just other cyber initiatives and regulation coming down,
cybersecurity initiatives,
that more and more
government or state officials are seeing the vulnerabilities
that could happen or the risk
that could happen
if they don't say you shall follow this
or do something to protect your
(17:18):
OT
systems
from, you know, disruption,
from downtime, all of that, especially the those,
again, like you mentioned, mission critical
things. And and and there and I'm gonna
talk about one specifically, one session that stood
out with this.
But I do want us to all be
aware is, like, with these regulatory
and governmental
(17:39):
mandates or guidance or directives,
is there are products out there and standards
out there that a lot of people are
leaning on to make sure they are protected
and, you know, ready for an incident and
how they respond, how they react if it
happened. And I I think last time this
was also talked about is six two four
four three. I think you all had Eric
(18:00):
Cosman on Yes. Yeah. On an episode as
well.
So I would advise anybody that isn't familiar
with 62443,
go back,
look for that episode to really dive into
the meat of what that is. But
ISA
developed
the
the IEC
ISA six two four four three standard that
(18:21):
has different
different layers to it that you kinda can
pick it which layer you need to do
based on where you stand in this process.
But, essentially, is
because ISA has this as the foundation
is this is what a lot of regulators
are looking at to be like, you need
to make sure you're doing this. You need
to make sure you're being as compliant as
(18:42):
you can be with six two four four
three. So that's why ISA
continues to host this event and talk about
it because we can see from a regulatory,
you know, perspective
that it is coming. And and and it
has been coming for a while now, but
I think it's now being more enforced
than ever before in certain regions. So just
keep that in mind. Yeah. You know, I
(19:02):
think,
and and I may get this wrong, but
from a previous coverage of NIST and NIST
two, you know, it's it's, you know, from
memory, just going by memory. You know, NIST
was really about core
providers. So those people who, if they got
hacked, could really affect society in a big
way. And with NIST two, right,
it broadens that. So some industries that you
(19:24):
may think, well, you know, if that plant
goes down, it's really not gonna well, it
could affect your your community,
your city in a big way. You just
may not be have been aware of that
previously.
And
so, you know, in America, I think you're
absolutely right. You know,
not that we're gonna get those same regulations,
(19:44):
probably not word for word, but,
you know, a lot of OEMs here are
shipped there. Right? A lot of integrators work
on machines here ship there. But beyond that,
understanding
what the threats they're trying to protect from,
the six two four four three layered you
know, the different layers of standards,
You know? So you understand what when you
see a product, right, like a remote access
(20:05):
product,
and it has all these different numbers on
it, you understand
what are they protecting? What kind of what
kind of security was built in, baked into
this product? Like, this this product has this
number on it. That means they went through
all kinds of testing and and, you know,
and to to make sure that their, you
know, processes and the product itself and the
(20:26):
supply chain and all that. So I think
it's very helpful. Not that we're going to
necessarily have to meet this and this too.
We may have similar regulations, but the fact
that you're staying up to date with what's
going on in the world as far as
cybersecurity is concerned. And we've had so many
vendors on talking about zones and conduits and
Yeah. Just all kinds of all kinds of
different things, you know,
(20:46):
secure remote access, VPNs.
And all of this plays a role in
in you know, there's just so many great
products out there, but, you know, that that's
my pitch for why staying abreast of these
is important.
In worst case scenario
hey, everybody. Just wanted to break in here
and pay some bills. Did you know that
the automation school is a factory IO reseller?
(21:09):
That's right. Not only that, I have questions
on using factory IO with ControlLogix and CompactLogix,
with the MicroLogix and Slic 500,
and with the micro 800.
Now factory IO is a three d,
factory simulator that allows you
to really practice your programming skills,
not on an actual machine, but on a
(21:31):
three d simulation of a machine. And I'll
tell you what, some of these, are really
challenging. Right? The early editions are not the
early levels aren't really that hard, but as
you get them to lesson three, four, five,
six, and more, they start getting much harder.
And a lot of times, we utilize, like,
a state machine to solve them because, like,
(21:51):
if we have, merging two different conveyors
or if we're checking for the height of
packages and things like that,
or we're filling a tank, whatever we're doing,
a lot of times you wanna take a
very sequential approach to those type of applications,
whereas other applications, you know, you take more
of a batch approach. But in any case,
if you don't know anything about Factory IO,
(22:12):
go check out lesson one zero two in
any of my PLC courses, and I put
a little demo in there along with the
free utility I give away with my courses
as well as for the compact and control
logics. There's another package we sell called,
PLC Logics
that is similar to Factory IO, but it
doesn't require a PLC. It doesn't require that
you have your own license of Studio 5,000.
(22:33):
It's actually it's all self contained training,
software. So check those out over at theautomationschool.com.
And with that, let's jump right back into
this week's episode. Don't connect the plant flow
to the Internet. You know? I know you
I know you wanna be able to VPN
in and check on your PLCs, but, you
know, just make sure that connection is ultra
secure. If you're not if you're not sure
(22:54):
if it's secure,
unplug it and and do the research because,
you know, we've heard about the pipeline where
there was, you know, a cyber attack and
there was, you know, ransomware, and we've heard
about hospital hospitals and, you know, just, you
can pretty much think any place in our
society, there's been a ransomware attack. And so
we're just gonna be cognizant. We heard a
major news talking about don't even charge your
(23:16):
phone at the airport because Right. Cult I
don't know how to get in, but culprits
have been going in and hacking the physical
hardware so they can steal your information when
you're using The US. So we all have
to help each other stay up to date
on this. We gotta share these stories. That's
what people do best is share stories about
things that are important that we need to
know about.
And, you know, that's that's kind of my
(23:38):
pitch for staying. Let me turn it back.
Let me turn it back to you. Well
no. And you bring up it honestly makes
me think about a session that happened about
Wi Fi. Is it it's talking about Wi
Fi security, and I know that I'm just
as, like,
guilty of this where we'll just sign on
to what we believe is the local safe
Wi Fi, whether it's the airport.
(23:59):
Yep.
Or the use case that he gave me
even here, like, how many of us signed
into the hotel's Wi Fi? Yeah. Right? And
he talked about how and he kept saying,
hypothetically,
to make sure because he knew it was
against the law, but, like, hypothetically, I could
spoof it right now. Right? Is essentially and
he went through how he could do it.
Right? How he could use a device, hypothetically,
(24:22):
in his laptop to essentially make the Wi
Fi go out for a second, create a
new Wi Fi with a very similar name
that makes you believe that that's now the
new connection that you have to, you know,
say that you're joining
and, you know oh, there it is. My
my current hotel Wi Fi went off. There's
the other name that looks very similar Yeah.
(24:43):
And joining and not realizing you're joining,
that unsecure network. They can get in different
ways now. So you're you're very right. As
I tell people, is is really that threat
intelligence
track at OT,
cyber made me, in a good way, again,
expand my knowledge for what is possible out
there, but also, like, what
(25:05):
what I should be thinking about taking into
consideration
in my day to day home personal, you
know, career and life and what I'm doing.
But also, what am I doing in the
job
that I should be second guessing or making
sure I've thought through? Are there any loopholes
or gaps that someone could get in or
is already in? Right? Well, that's the thing
(25:26):
because you bring most people are bringing their
devices to work. So if you get hacked
at the airport or get hacked at the
hotel,
that's a vector into your company. And a
lot of companies, that's where that's where the
intrusion comes from a personal device. I mean,
today, it used to be people are a
little on and don't bring your devices. And
today, everybody brings their phone with them everywhere.
Yeah. And so that is a vector into
(25:47):
the plant.
And that's another reason why maybe your POC
and HMI and SCADA system and VFDs and
everything that you have in your network should
only talk to a list of approved IP
addresses and proved you know? You know? Maybe
there should be some digital signatures there. I'm
not saying for for certain networks, but for
other networks that are more wide open, like,
maybe you plant for a Wi Fi, maybe
(26:07):
you should be locked down a little bit
more. Maybe it shouldn't be a great place
to to stream you to. But, anyways, let
me turn it back to you. Well and
and you,
doctor,
her name was doctor Marina Krotafil, And I'm
gonna say it wrong.
She actually
shared a case study. Now I won't give
all the details of the case study, but,
essentially, is it talked through how
(26:27):
even at, like, state
sponsored
cyber operations. So when we're talking,
you know, we're talking maybe, like, everybody thinks,
like, hackers are, like, you know, the the
people that just have too much time. They
wanna do ransomware, get money. They wanna get
through
it's like, you know, you think about especially
with all the things happening in the world
today is Mhmm.
(26:48):
Countries against countries or states against states, essentially,
that want to get in and disrupt
the economy or disrupt and show their power
can do so through
cyber attacks. And she actually talked through
how attackers, especially at a state level, that
get recruited by a state,
(27:10):
maybe like a Russia, you know, at first,
like, essentially, she went through different scenarios where
is if a if a government official or
government wanted to get in and learn the
vulnerabilities
and all that for another,
entity or another country,
they know how to do that. Right? They
know how to
essentially
(27:30):
make it to where they
they're testing their limits. Right? How long does
it take them to get caught?
How long does it take them to to
make you notice that they're in your system?
How what do you do about it? Like,
they're essentially, she gave examples in this case
study where
everything certain state
sponsored cyber operations do is strategic. Right? They're
(27:53):
testing their limits. They're testing their capabilities. They're
testing
and training up folks for when they actually
want to do something. And I think you
mentioned this in other,
podcasts too that I listen to is, like,
we gotta be cautious that people could be
lurking. They could be in. They could be
just not making themselves known
in our
(28:13):
critical infrastructure. And and, again, she she spun
it in such a way that I'm not
here to scare anybody on this podcast, but,
essentially, just being aware
that people are very smart,
and we need to be smart and ahead
of that as well.
And that's what I think this conference allows
us to do is it shares best practices.
It shares that knowledge. It builds those connections.
(28:35):
So now, like, you kinda mentioned, there's so
much equipment
that you can buy and vendors selling different
things that have different security settings. Like, all
those sponsors make great products. And and understanding
what they can do, what they can't do
helps us
be able to protect ourselves, get ahead of
these risks, get ahead of these potentials, and
not be afraid. Right? It's kinda like you
(28:57):
put a lock on your door
to make sure you're not just welcoming anybody
in, not that you're gonna plan for someone
just to walk in your house that's not
welcome. Right? Is we wanna make sure we're
doing what we can, and I think that's
what this conference really allowed
is to know the risk out there, to
be aware of the situations, the cyberattacks that
have happened in in recent history,
but also, like, what can I do as
(29:19):
an end user, as a consultant, as an
integrator,
as a product, you know,
manufacturer? What can I do to make a
difference to help safeguard our OT systems
and make a difference and and protect them?
You know, I I I restore to the
people. They're like, well, why would they hack
us? And it's like, you know, take a
step back. You know, the first of all,
(29:40):
these people who are working for their governments,
whether it's The US, whether it's EU, any
country in the world, you name it. Right.
They all they all think that they're doing
a patriotic thing working for their com their
country.
In every country, every almost virtually every country
in the world, virtually every one of them
have been hacked by almost every other one
of them. Yeah. And we don't know who
(30:01):
hacked for us. Right? This is the eye
for the eye thing. Like, it's been going
on for so long. You know, did the
French start it? Did the Americans start it?
Did the Russians start it? Did no. Every
country in the world's been hacking every other
country. There there's no tracing back to who
started this this roller coaster of hacking,
but everybody's perceived like the other people are
hacking me, so I have to hack back.
(30:21):
So you just have to be cognizant of
that
and and and understand that it may not
be you. It may not be your company.
It may not even be what you make
that's the target. You may just be the
punch back for the punches they received last
month, and you're just the only target they
can hit. And so we we, you know,
let's stop all the punching. Let's secure our
(30:42):
facilities. So so we frustrate all of these,
including our own, all these people who are
trying to illegally hack into different companies and
and cause problems like the ransomware. And, you
know, I and and it's real.
And, you know, it came years ago, it
came to me. I put a SCADA server
as a demo for my customers. I put
it on the Internet. I was just like,
hey, boss. Give me a cable modem. I'm
(31:03):
gonna put my server on. I'm gonna demo,
you know, web based SCADA to all my,
to all my great customers in the area.
And the thing was hacked within a day.
I mean and I'm going back twenty years
now. This is twenty years. It was hacked
in a day. And every week, I would
spend a couple hours trying to make it
hack proof.
You know? And, you know, this was before
I even you know, firewalls were even, like,
(31:24):
consideration for a small business. Right? And so,
yes, the people are being hacked all the
time.
Yep. We we you know? And and we
have to be vigilant
against those hacks.
And we gotta
people are tired of me saying this. Also,
please back up your PLC HMI SCADA systems
and all those VFPs.
Just in case. Stuff up just in case.
(31:46):
It'll there there's so much room on your
hard drive now. You could back it all
up a thousand times, and you would still
have room left over. So I like to
Can you imagine how much money you would
save having that backup
ready to go instead of like you mentioned,
downtime earlier, right, is
Yeah. Essentially, if if something were to happen,
right, say, ransom
ransomware hap whatever. Right? Is is you you
(32:08):
end up saying, no. We're not paying it,
and you lose everything.
Is now if you had to rebuild
all of that code and all of your
systems and get everything back talking to each
other is I mean, I don't even wanna
do the math. I mean, you're talking you're
you're not you're losing revenue, just whatever you're
producing or making with that system,
(32:29):
but you're also now
spending money to get it back to whereas
if you had the backups
already ready. Yes. You're still gonna have downtime.
You're still gonna have to get everything back
up, but you're saving all that developmental time
to, like, redo it all, essentially. Sometimes you
can't. There are some machines that are so
complicated.
Right.
And they, you know, they may have had
changeover. Nobody may have that file anymore. So
(32:50):
take your take your own future in your
own hands,
back up everything,
back it up more at once.
Right. You know, and take it like Microsoft
will tell you if you go to any
type of server type of training
or certifications, you're gonna have a copy of
that off-site. They all cannot be on your
site because if there's a fire where you
store all that stuff, you don't have any
backups anymore. So very interesting stuff and, you
(33:12):
know, I hate to preach. I know the
the I know the audience is used to
me saying this stuff, but, but it's so
important. I I I've had multiple customers
well, former customers, colleagues, audience members tell me
about their horror stories where they had ransomware,
and it's just it truly is devastating to
the companies. Right.
And it really, like, I mean, it hurts
people's paychecks because, you know, there's no raises
(33:34):
that year, no bonuses that year,
sometimes layoffs. So Oh, yes. It kills the
culture. I mean, truly. And
and that's where I
and I I think sometimes we take for
granted, kinda like you mentioned at the beginning.
We put our blinders on.
We just do our job. We think we're
doing our job, and you don't think about
all these things. And I think that's the
(33:54):
the benefit of groups like this. Right? Your
podcast, bringing a community together to talk about
things like this, lessons learned,
things that I've learned in my career, my
product. Like, you're getting knowledge out there, and
that's exactly what ISA is trying to do
as well. It's like, why do we all
have to learn by the the hard way
or learn by things happening when you have
all these resources? That's what I think frustrates
(34:16):
me the most sometimes is people will be
like, well, I didn't know that.
Hey, buddy. I just wanted to jump in
here and pay some bills and tell you
about my training at the Automation School, my
in person training
that I do right here in my offices
in the beautiful Berkshires.
So many great things to do out here
in Western Massachusetts. We're about an hour away
from Albany, New York. And one of the
(34:38):
things you're gonna find with my training that
you're not gonna find with, the big vendors
is, you know, I can kinda customize it
for you. Right? So, you know, if you
wanna do, like, a day of, Allen Bradley
PLCs and a day of Siemens PLCs, I
can do that for you.
Also,
you know, we teach not just using the
the trainer trainer boxes, but we also teach
using factory
(34:59):
IO so that even the most advanced students
should have a full day's worth of work
or two or three full days depending on
what you wanna do.
And you're gonna see over the coming weeks,
I'm adding even more hardware to the training
room. I'm, creating all of these one by
one demo boards that I'll be showing you
guys in on the, the lunchtime show that
I'm doing,
(35:20):
where,
I'm bringing in things like Flex IO, Point
IO,
you know, seventeen sixty nine distributed IO, fifty
sixty nine distributed IO. All these things that,
you know, if you go to some of
the place where they just bought, you know,
APLCs and APCs and say, here's a manual,
you're not gonna get the same experience.
So in any case, if you have any
(35:41):
needs for in person training, maybe you don't
wanna send your folks off to the factory
for $5,000
a pop and have them gone for a
week, get in touch with me, and you
can see all these details about what I'm
doing over at the automationschool.com
forward slash live.
That is where I have
not only information about my in person training,
(36:01):
I have pictures of the training room, I
got pictures of the building. I also have
all the local hotels. Within three miles, we
have all of the big hotels
as well as all of the kind of
fun stuff you can do in the Berkshires
when you come out here, like visit the
Norman Rockwell Museum,
climb Mount Greylock,
and there's so many other things to do
as well out here. And a lot of
historical places too, like Susan b Anthony's home
(36:24):
or Herman Melville's home and so on. So
with that, I just wanted to tell you
about my in person training that I'm offering
here in my office. And now let's jump
right back into this week's show.
And I'm like, but you gotta, like, you
gotta go find that out. Right? You gotta
ingrain yourself in a community
that knows more than you do and admit
you're not the smartest person in the room.
(36:45):
Right? And and learn from the group. Right?
Learn from the greater good that is really
trying to help make make the world a
better place. I know it's a a tagline,
but, essentially, that's true. Right? Like, you're trying
to get the automation community
more knowledge, more information, and that's what ISA
is trying to do. And I think it's
nice to know that you don't have to
do it alone
(37:05):
in the sense of whether you're starting out
in automation and you have no clue what
you just signed up for,
or you're in it. You're now charged with
making sure the OT system's safe
is knowing that there's
conferences out there that specialize
in OT cybersecurity
as well as, like, standards that tell you
how to make sure that you're protecting your
(37:27):
OT cyber, you know, security assets and all
that stuff, but also training courses. So I
think Scott mentioned this last year, but we
did the same thing this year where we
hosted two training courses with this conference that
you could sign up for. One of them
even sold out, and that was using the
IEC ISA six two four four three standard,
(37:48):
like how to use it to secure your
control systems.
Literally a two day course sold out. Full
house packed room.
Marco
Aiola?
I can't ever say his last name. Sorry,
Marco, if you're listening.
He is great if you've never met him,
but he has tons of knowledge. He he
trained that or taught that course this during
(38:08):
this conference in Belgium. So if you're not
sure where to
start and you're just like, I just need
to, like, wrap my head around what this
standard is, maybe reading,
you know, a standard is not what you
love to do, maybe you want someone to
teach you what's in there and how to
use it, that's the place to start, as
well as, Steve Mustard taught, assessing the cybersecurity
(38:29):
of new and existing
systems. So industrial con industrial automation control systems.
So Steve Mustard's also been on an episode.
He taught a a class
as well at Brussels. And so I just
wanted to encourage everyone that is listening,
is you don't have to be an automation
professional alone. You don't have to do
figure out how to just make sure you're
(38:50):
safe and secure alone. Get involved in communities
like this podcast, like ISA. Find those people
that have walked it, have learned from mistakes,
have done things
because there's resources out there that you can
find
and get involved in, whether that's discussion boards,
conferences, standards,
training,
all of the above, podcasts.
(39:12):
I just I think that's where I truly
people are like, why are you involved in
ICA? I'm like, why wouldn't I be? Like,
it's like you just it's so much knowledge.
It's so
take it take it with what I I
say as I just ask people to get
involved. That that's what I'm saying in in
any automation community. Yeah. And if you're an
engineering manager out there, consider, you know, be
in the first take the first step. Get
(39:33):
yourself involved with your local chapter. Right? And
maybe it is an ISA. Right?
If you don't have an ISA local, there's
probably another another similar organization,
and get involved. And if you find it
valuable, right, that whatever it is, an hour
or a week, an hour a month, then,
you know, encourage the people who work for
you to also get involved. It's it's yes.
(39:54):
Some of them may find
may network a little bit and find a
new job, but then again, you may find
people to fill positions you're open. So but
it did just,
you know, this this this industrial automation,
industry is so tiny.
Right? To tip to, like, health and fitness,
right, or or all those type of things
that that, you know, we're we're at a
(40:15):
disadvantage as far as, you know, just be
able to have, you know, everybody on the
corner. Had there's a gym on every corner
or there's Yes. You know, a a maker
shop on every corner. Well, with industrial automation,
you know, a lot of times, we can't
visit each other's facilities just because of intellectual
property. So so consider that, and there's some
great places online, plcs.net,
misterplc.com,
(40:36):
and other forms online. We get the ISA
and other organizations. So, yeah, I definitely,
confirm that too. We wanna we wanna encourage
people to get involved. And I know a
lot of folks are like me. You got
family, you got kids, grandkids. You're just busy
all the time. But if you're able to,
and and I live in the boonies, but
if you're able to, get involved.
So I I definitely encourage that. Yeah. Exactly.
(40:58):
And I have I have two boys on
my own, two and six. And the the
joke around ISA is that they're the youngest
members because they are going to be I
literally have bought merch with ISA on it
for them because it's just one of those
things that the it it it does take
a village to be part of something like
this and and try to really make a
difference.
So I do wanna go back a step.
(41:19):
You mentioned this too, and I think it's
so valuable.
I joined ISA because my manager
found the value and said,
you should join ISA
because it will skyrocket your career. You'll learn
from other professionals. You'll network. You'll get up
to speed faster
in this type of industry
(41:39):
with if you didn't. Right? And I can
tell you as as working for the same
company now for thirteen years,
that that hasn't been a true statement. Is
is it truly
enabled me to, one, get involved in this
industry, grow from an I and c engineer,
you know, putting in big EPC projects, engineer
(41:59):
procurement construction projects, you know, midstream refineries to
now managing automation
projects
for my clients. And it I I I
truly credit getting involved in the automation community
because, again, it's a small world. I've literally
met people across The United States that are
like, I feel like I've gotten an I
like, an email from you. Like, are you
part of ISA? Like, it's truly, like, you
(42:22):
don't realize how that, like, comes full circle.
You're like, yes, I am. And, like, what
how do you and how are you involved?
So I'll just say, I totally agree.
And I do want to say, if you
go to events,
is you might start you might be the
first to hear something that's in the works
or that's starting. So I did wanna mention
in here, because I think it's it's a
(42:42):
really cool, initiative that's rolling out,
is our group ISA Secure,
which, again, focuses on six two four four
three,
is they're rolling out the industrial
automation control system security
assurance program
this fall. So there was a session on
it at the conference to announce it, and
(43:02):
there's a whole,
flyer on it. You can find it at
isasecure.org.
What it's doing is it's kinda coming full
circle. Right? Is ISA developed a standard.
They then made training for the standard.
They then, you know, essentially said, okay. What
else can we do? Okay. Let's do ISA
secure and really, like, certify
(43:23):
devices and and things that that fall as
ISA secure. They're doing what they should be
doing.
And now it's saying, now let's
offer a site assessment
program
to where we will validate or essentially
not prove, but essentially, they're gonna say, yes.
You are following what you can do for
six 2443.
(43:43):
And so it's gonna roll out this fall,
so more details to come. Like I said,
there's a two page flyer on it. It
goes through different stakeholder benefits depending on, are
you an asset owner? Are you an insurance
underwriter?
Are you, you know, an end you you
know, I said end user, but you know
what I mean. It essentially
is it kinda lays out that they're going
to come in and say, yes. You are
(44:04):
being compliant with 62443
as the person that, you know, wrote 62443
is essentially kind of validating that through this
new, it's called
ACSSA.
We love acronyms in ISA,
and control systems love acronyms. So we had
to fit the the part there.
So all to say, I think it's good
to join events because they're the first ones
(44:25):
to know.
I learned that at the conference. So it's
essentially it's like you're always finding out what's
coming ahead
that you can be on the lookout for,
what can help you instead of going down
a rabbit hole that you didn't even realize
this was coming into play. So That's awesome.
That's awesome. Was there anything else you wanted
to share with us about the event? I
know we covered a lot of ground already.
(44:46):
Yeah. But were there other things that you
wanted to talk about? The only thing I
wanted to say was, I know I mentioned
this before, but I would say get involved
at a conference that maybe is overseas if
you ever get the opportunity. Next year, it's
going to be in Prague,
Czech Republic, also in the month of June.
You'll find all the details coming out, on
our website,
(45:07):
o t c s, for OT cybersecurity,
summit,
.isa.org.
And I I want to just reiterate that
you really do
build that diverse connections. You build confidence if
you're doing it the right way. You get
the knowledge if you essentially,
you know,
needed more knowledge on what to do to
secure your OT assets. So I I just
(45:28):
think going to a conference like this really
builds that community, that network, and that confidence.
And so I encourage you all to join,
but, essentially, I think you should look at
our pictures on our website. It makes it
look like you missed out. I will say
it was a lot of fun. I was
so glad to join.
But I do thank you, Sean, for letting
me be here today. No. And it's great
to hear what, ISA is doing. You guys
(45:48):
do so much. And I know this, this
security summit, OT security summit, or cyber summit
is a big part and and and touches
on a very important aspect of what, the
audience the people in the audience do on
a regular basis. And, we love getting updates
from you guys. Maybe we can get you
back in a few months to talk about,
some maybe something else you guys are working
(46:09):
on. But, in any case, we should that.
Yeah. I really appreciate you coming on today
and, bringing us up to speed on the
the summit.
Well, thank you, Sean. I really appreciate you
and your community. Well, I hope you enjoyed
that episode, and I wanna thank Ashley for
coming on the show and talking
OT cybersecurity
with us. It sounds like a great opportunity
to go to this, event if you especially
(46:30):
if your company has, offices in Europe.
It's not something that I think I could
do as a self employed person here in
The US, but, definitely, any of you folks
out there who are, you know, working with
your European counterparts, maybe going to SPS over
there, this may be a trip you may
wanna consider. And, of course, please check out
the ISA. They're a great organization,
(46:51):
and we love having them on the show.
I also wanna thank our sponsor,
the automationschool.com.
If you know anybody looking for PLC, HMI,
or SCADA training, whether it be in person
right here in this office
or it'd be online, please, contact me directly
at theautomationschool.com.
You'll see all my contact links up at
(47:12):
the top of the site. And with that,
I wanna wish you all good health and
happiness. And until next time, my friends,
peace.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
NFL Daily with Gregg Rosenthal
Gregg Rosenthal and a rotating crew of elite NFL Media co-hosts, including Patrick Claybon, Colleen Wolfe, Steve Wyche, Nick Shook and Jourdan Rodrigue of The Athletic get you caught up daily on all the NFL news and analysis you need to be smarter and funnier than your friends.