Ep. 010 - AI on the Menu: Cybersecurity Innovations with Dr. Ryan Heartfield in the Food Industry

00:12 - Kristin (Host)

Welcome to the Bites to Bytes podcast, where the realms of food technology and cybersecurity converge in fascinating ways. Today, we're navigating the critical intersection of artificial intelligence, cybersecurity and the food industry. I'm your host, Kristin Demoranville, and today we're joined by special guest Dr Ryan Heartfield, a pioneer in the field of AI and cybersecurity. Today, we'll unravel the innovations and challenges at this unique crossroads, so let's get started. Hey Ryan, thanks for coming on the show. I really appreciate it, especially since we have an ocean in between us and time zones are fun.

00:51 - Ryan (Guest)

Well, thank you very much for the invite. We're glad to be able to broadcast.

00:54 - Kristin (Host)

Great. So let's get introductions first, and then we'll start the fun stuff up.

00:58 - Ryan (Guest)

Awesome, yeah, so I'll give you a little bit of my background or where I've been and what I've done. So, ryan Heartfield, I've been in cybersecurity industry across a few sectors now for around 14, 15 years, started off actually working for the Olympics actually the Olympics.

01:13

Yeah, the London Olympics was called Low Cog at the time, so London 2012,. I mean, that was the first real job I had actually apart from working at academia or just all of that, and moved from there to work for government for around eight years, national security in particular. So a whole bunch of interesting, weird and wonderful things there, focusing on network security, security architecture. And then moved into working in a public sector, or a public sector, rather, work, at Splunk. So they're the all aware of Splunk, they're the columns updated to everything platform, but they focus heavily on cybersecurity and using machine data for cybersecurity. So there I led in a mia, the security architecture for what we refer to as security or security orchestration, automation, response really a fancy term for automating into response programmatically in the instance of cybersecurity. And then, after Splunk, I co-founded a startup which I'm sure I took that a little bit today over the context of food security.

02:06

But I had a weird they were weird side life, I guess in parallel to this kind of career, which is I worked in academia as well kind of mixture of full and part time, if you can say that. I did in the full time hours, but I was technically part time in enroll. So I worked in the best team or Renich, and across universities as a research fellow, focusing on AI but practically in its use in cybersecurity and cyber detection response for cyber physical systems, which is a really. It was originally a kind of scientific term, we used academia but find itself now in a marketing space with, with you know, ot security. So focus heavily on how do we use AI to help support some physical systems, text response, threats and issues. So that's my life in a nutshell really, but I've been over a quite a few different industries, from IT to OT and all the mixture in between.

02:52 - Kristin (Host)

That's fantastic. I love that you started with the Olympics. That's really. I don't think I've ever anybody say that like. That's great. I mean, I knew the people who toured with like you two in the Rolling Stones for a bit, but they were doing their tech support and their Wi-Fi setup for the actual band. Oh really, so they're roadies. That's like the only other like really cool thing I've ever heard anybody ever really do like that. So that's awesome.

03:13 - Ryan (Guest)

That's really cool and you get to probably go to the Olympics too.

03:17 - Kristin (Host)

I mean, you were there. Yeah, it was it was also.

03:19 - Ryan (Guest)

I mean, the thing about it was it was actually quite a technological masterpiece really, because if you imagine and I'm sure we'll talk about this one point later in the podcast it's a mixture of lots of IOT systems and flat back buildings and communications, mechanical, electrical systems, you know, running the entire show really. So I mean I wasn't involved in that kind of building and fabrication of the event. I was involved in more of the support side as my third job in the engineering side, but it was really a fantastic environment being the atmosphere there's a working environment, super fun to be in and see the events and stuff like that. So really good style, I guess. Yeah, down the open, then oh, stop.

03:57 - Kristin (Host)

Oh, I like it because you're you're working on something like a common goal, right, everybody knows that the outcome is a really great show at the Olympics. Right, that is a show. It's besides the competition. It's a show, and that's probably why you really enjoyed it, because everybody was working towards that same goal, whereas, you know, cyber security as a whole and even food professionals would probably agree with this it's a little bit convoluted sometimes. I mean, ultimately, we're trying to secure something, but what is that data? Yes, people, hopefully. And then for the food teams, it's obviously securing for safety and security of our food that we ingest.

04:29

So, that's again. Ryan. You've kind of nailed why this podcast exists is because we're trying to create the space where we're all realizing we're doing the same thing, and that's making sure we have healthy food is accessible for others, and that goes back down to water and to soil, so it's super important. So I love that you you've had that offhand experience. You get it. You get what we're trying to do here. Absolutely. That's awesome and thank you for that. I love when I talk to guests because everybody's so accomplished and it makes me feel like really happy that, like you've had this really full life. That's awesome. Okay, so let's go on to the ever popular questions of favorite food and favorite food memory. They do not need to be the same thing.

05:06 - Ryan (Guest)

I think it's going to sound really remarkable if you, I don't know, cliche, but I just really I love pizza. I think for me it's not so much like. Of course, I go to restaurants et cetera and I have really fantastic meals. You know, my wife and my kids, what have you that? I've been built beautifully, but sometimes I'm just sitting there in the evening and you're hungry, you're like smash a pizza right now, and for me, pepper on your piece just hits the job. It's not good for you, I know it. Afterwards I feel guilty, I hate myself. I'm fine between getting it and eating it. It's just like. Me favorite food is pizza because just of the of the situations in which I usually consume it.

05:41 - Kristin (Host)

No, I think that's great. It's funny because you're the second guest who said that actually so far. And yeah, and he was mentioning that when he was on a diet he used to make his gluten free. So you can't go really healthy Pizza, I mean, you could do that like cauliflower across now I'm feeling really wild. Which is really good as long as it's super crispy, like if it's doughy, it's not. No, it's not a vibe. But yeah, no, pizza is great. I am. I am a pineapple on pizza person. I don't know.

06:05 - Ryan (Guest)

I'm from Italy and start speak to us.

06:08 - Kristin (Host)

I know, right, I know it's a salty sweet thing like get whatever can over it, it's not your body. People, I do it, I want it. But it's funny because I recently said it on another podcast that I was on no pass for required and they actually they put it up on like their social media and they're like Chris, it has no fear and saying this and I'm like, oh God, maybe I have a little fear now. I don't know.

06:32

Well, it's interesting to me now, you know so the question, though, becomes there's so many different types of pizza, like the style in the US we have, midwest style was just cut into squares, and then styles cut into you know, the actual triangle pizza, and I this is again not very much popular opinion I prefer the squares. I think it's a whole crust ends right Like it's great. And so now everybody, now the New Yorkers, are like that's it, we hate this girl, it's over. And all the Italians are also arming up. It's fine.

07:04 - Ryan (Guest)

Well, the most place I've seen that done in the like where I'm in the UK is when you're at a party and basically someone's creating a big tray of pizza and they're trying to make sure that we're in the Bible feeding the 5000, you know, trying to make as many pizzas, slices of pizza, as possible. Right, in this case. That's where I see it, but I never see anywhere else.

07:23 - Kristin (Host)

The next time you fly through Chicago, make sure you get an actual proper pie there and not just a deep dish. You want to get the thin crust, like that's amazing. And so now your favorite food memory.

07:35 - Ryan (Guest)

Wow, this is hard. I think again it's going to be another, another cliche and it'll probably at Christmas time, having just Christmas dinner with my kids.

07:44 - Kristin (Host)

So what is the cliche about that?

07:46 - Ryan (Guest)

So it's all feet.

07:47 - Kristin (Host)

No, it always doesn't. So you're going to have to explain for the non UK listeners what Christmas dinner looks like.

07:53 - Ryan (Guest)

Oh, okay, I mean it's not much different anywhere that you would see in the US. I guess maybe some of the trimming is different. So obviously, for the most part, though, it can be a turkey. You know, you could turkey. I mean, we tend to go, okay, we'll chicken, sometimes because turkey so dry, so chicken duck, or turkey that's the same. But we would have, you know, roast potatoes, cooking duck, fat Yorkshire puddings.

08:13 - Kristin (Host)

You know, I don't know if you their popovers here, people, if you don't know what they are, so big Yorkshire, I'll translate for you. Ryan, I will be your UK to US translator.

08:23 - Ryan (Guest)

We have pigs in blankets, so that's basically many. You know, the meat. Sausage is basically different, and then like cauliflower cheese, which is a fantastic, of course, and obviously carrots, broccoli, peas. What else is there that's unique about the Christmas dinner? I mean, you have Swedes, right, swede? I don't really like them. Brussels sprouts I like Brussels sprouts. Now I hate them.

08:44 - Kristin (Host)

When I was younger, right, we didn't know how to cook them, and we're younger now. They're better. Yeah, I love the sprouts.

08:50 - Ryan (Guest)

Yeah, and then obviously I basically finish that off with a massive slab of gravy on top and that's that's. That's practically Christmas dinner, but yeah, that's it. It's just basically, it's just so, standing with, being around people that you love and have a great time atmosphere. So that's, that's my favorite.

09:02 - Kristin (Host)

You said duck, that's not usually a thing here and probably most Americans really didn't have goose, because they're thinking of tiny Tim and that's. You guys don't have goose, I mean you can't, we don't relax. I was thinking yeah, actually it's funny how many stereotypes I have to break. I mean, if there's no secret, I'm engaged to a British man, so like it's quite funny, like I have to translate a lot I'm trying to think of like stuffing Do you do the balls and stuffing? Or just like.

09:26 - Ryan (Guest)

Yeah, I mean you're right, I missed like a quintessential British thing, right, which is you could have to read your odd time. I've never liked giblets, right. Yeah, in the odd weird on turn back. That's where you put the stuff. You put the stuffling tie inside the turkey or chicken or what have you, but usually you're stuffing a sausage, stuffing, stuffing balls. Make yourself a sausage arena, otherwise people you've got the cheap ones have been a bit more cross here.

09:48 - Kristin (Host)

Out of the packet. Don't look at the packet man. We still use the packets here.

09:53 - Ryan (Guest)

It's just not sausage, right. It's another weird ingredient. I don't know what it is for those guys, but yeah, it's definitely stuffing as well. But you know, go back to the duck. Really quickly, I'm going to the whole podcast, like Chris did now, but the duck, you know, tends to be small, right, and it's really fatty. So I think people just choose out when it's better for Turkey, or they have it the group around them, that they have a bit of turkey and a bit of duck because it's really tasty, but just lining up feeding on with it. Of course, if you've got a ghost in store, it's like bigger, but yeah, that's how we go.

10:21 - Kristin (Host)

I love duck. I love duck. It's the thing I go to when I go overseas immediately. I love it. It's great. Yeah, and actually there's a couple of restaurants here in the DC area where I live that had do it really well and I've had Chris start talking to the chefs at some of these restaurants to find out who does it better so I could go and have that. It was just probably the most like bougie thing I could ever say out loud. But I do, I look for a good duck but, um, that's amazing. Yeah, because you're right, you get bored of chicken and turkey and and you know, cornish hen, like I don't want all that. And then when I went to the UK I think that was my first trip in, I think it was my first trip in ever Somebody ordered pigeon and I was like how do you eat pigeon?

10:58

And they're like, oh, they're like, oh, we have wood pigeons here. I'm like what's a wood pigeon? And I saw one for the first time on like the grass, the grass area out front of that famous spot of bath. I saw these ginormous, dinosaur sized pigeons and I lost it. I'm going to get back in the car. I couldn't be around these birds. They're too big. They look like a house cat, like I can't even. They're so big. And then my in-laws have them in their backyard at the theater and they are right by the door and every time they fly in I jump a mile on the couch and I'm like 50 feet away from these things.

11:28 - Ryan (Guest)

So I think I've seen these wood pigeons. I don't think I've seen I mean freaking pigeon.

11:31 - Kristin (Host)

It's nothing older than most Well if you eat the wood pigeons they're fat. They have actually have a proper like breast.

11:36 - Ryan (Guest)

You can really, you know, pigeons, little bastards, there is a chicken as well. Is the thing of the chickens? We have chicken like every Sunday? Oh yeah, it's very, you know, very common thing to do. The chicken gets a bit old, so the problem with turkey is dry and she can really well, so I'm sure a good cook can just choose to muck it up. It's pretty high, oh yeah.

11:57 - Kristin (Host)

And who is time for basting? I know I'm not going to do all that Like we usually have like a lamb, so we do get kids like lamb, so we like it's great, and she's I mean men's sauces works out, you know, yeah. So, and then everything else you said for trimming goes perfect with that. So precisely yeah, I am. I eat way more lamb than I ever have in my life, since I'm not with Americans as much, which is totally fine. Now I want a lamb kebab. So here we are.

12:26 - Ryan (Guest)

Just don't eat the ones that come off the spit in the UK, because that is like you know the whole carcass throw it in right and something else come out of the other end. It's not like nice, nice, fresh, lousy. I've been there for a long time.

12:38 - Kristin (Host)

I feel like Ryan, if you were drunk and you wouldn't even care. You just wanted to go. I mean that's different and when you go in those, yeah, that's when you go in those.

12:48 - Ryan (Guest)

You throw chili sauce on it and you can you.

12:50 - Kristin (Host)

Sauce. You have like the worst breath in the world, trying to kill everybody, on top of the fact you're trying to get over your hangover, like, yeah, absolutely, and these are fun tips with Ryan and Kristin. Yeah, oh, my goodness. And anyways, let's get to the main potatoes of the podcast. That's it. So you mentioned that you did some AI driven research. Yeah, can you, can you give us a little bit more about what that was like and how you feel like that particular research could directly be applied to, like, the new cyber security challenges with the food industry? Yeah, of course.

13:22 - Ryan (Guest)

I think I'll take you on a sort of mini journey back in time to 2012.

13:28 - Kristin (Host)

I feel like we need to have music.

13:29 - Ryan (Guest)

Yeah, yeah, the sad Christmas Carol. Now, you know, go back in time Still the same way. No, so you know back in. It started 2012, but there's really around 2014 that we started to publish the work, as working with a number of colleagues in the United States, greenwich, collaborating on what we call physical intrusion detection, and this was our time where the emerging problem of where tax could call physical impact on a machine, whether that's a robotic system or a dusting system or any system that combines cyber and physical activity and automation in the system we started looking at problem more helistically from a cyber physical perspective.

14:04

So how can you improve the way that you perform intrusion detection, or even an only detection of a cyber physical system? What's unique about that system that allows you to do a number of things, namely for which is kind of detect some of the abnormal or something malicious faster? You know number one can I do it faster? Can I do it more accurately and can I detect more by doing by one, watching a cyber physical system in new ways? Can I understand what the root cause is by by looking at that holistic system? I think the fourth one was trying to read up to my head now. The fourth one was. We'll come back to it, but let's read this for you there's a fourth one there, the fourth one there, but faster, more accurately, and the root and the root cause, at least for the make the make.

14:42 - Kristin (Host)

the make Was, it was an availability, it was it was availability was more around.

14:46 - Ryan (Guest)

I think it was root cause. I'll come back. I'll come back as I talk about it. I'll remember.

14:49

But the make, the make three that I mentioned were the most important ones. So, looking at this is your cyber physical system. How can we detect faster, more accurately and understand the root cause of what, what, what an anomaly or a situation is? So when we look at that problem, we, what we identify, was OK. You know, we need to be able to both look at what's happening for a computational perspective or a sub physical system and we can take one step back.

15:07

Actually, when we talk about a sub physical system, what we really mean is any system where it's an embedded system at the edge, so it could be a program or logic controller, could be a semi autonomous robotic system, could be an entire factory, right, food manufacturing plant, production lines, a sub physical system. How you describe that, let's say a high level, would be that you have some computational component that controls a physical actuation or sensing and such that there is a computational component that is executing some program. Maybe it's connected to a network. Where that computational aspect of that system does have that control, it will create some physical phenomena or receive data from that physical phenomena and perform some function as a result. And so of course I can manifest at the very small level, control level, program logic system, or it can be extrapolated to the high level, so multiple different systems with automation and connectivity between them in a production line. And so when we looked at that cyber physical problem and how attacks can create impact, so by attack a self physical system I may be able to create or cause a physical impact as a result of that.

16:09

What was really clear was that when you want to identify intrusions or anomalies in their systems, you should be looking at the system from a cyber physical perspective. And it kind of sounds like common sense, right, ok, some physical system even going to monitor problems and anomalies and threats. I should not trade, for some of the stuff is. And what that meant was he's not only looking at network traffic or taking data from the computational aspects you know, log data from CPU and the program processes etc. If they're even available in the first place, of course but also taking all the physical telemetry. You know temperature, vibration, speed and the current and pressure and fridge, like you know, let all the physical properties and metrics you can, and understanding that they could be important from the monitoring point of view. And so what we did was lots of experimentation.

16:52

We was focusing on actually a robotic system in a in an operational scenario at the time, and we moved on to smart homes eight, which perhaps, when I talk about some point when we collected the physical data as well as the cyber data, I'm just going to branch into cyber. I'm not going to talk about specific physical data, cyber data and obviously that's very complex. And writing rules around detection. That's basically quite complicated, right. So that's why we bring AI.

17:17

How can we leverage AI to use that data together in a meaningful way that allows us to do detection across a large amount of data at high speed and see if that proves the way that we can detect. So we detect more, ie, we can detect physical long list, we can detect cyber long list and, by the way, now the fourth one, so it's detecting more. Can we detect it more accurately? Ok, can I detect more or more accurately because of that? Can I detect it faster and can I know the records?

17:40

And what we realized is that you know again, it's also not quite a sense, christine, but the first signs of something going wrong are physical indicators. So physical indicators are not all that normal, but hey, it can be the first signs of the cyber related instance, or not, as a case may be. So firstly we identified that if you're measuring physical, you can identify things faster because that might emerge in the physical properties faster than it will in the network, for example, or computational state. And then we realized that we can detect more. So we can detect, for example, physical anomalies at the same time as detecting cyber anomalies or threats using AI in this data.

18:14

And then we realized, actually we can make it more accurately because we can see OK, when we detect these anomalies, by including the physical data in the process, we can actually detect more accurately the anomaly than otherwise. Because we say, ok, the combination of the cyber data network process will have you physical data, temperature pressure, et cetera actually allows us to filter out more false positives of noise. It just occurs in both those types of data types. And then, finally, do we know what the root cause is? Is it cyber related or not? And of course, by having that full view we could really discriminate whether an anomaly or behaviour in the machine was cyber related or not. And so that scientific research, let's say, was really early for the market, right, because market started even looking in terms of like deploying traditional detection. You know, we hadn't even thought about network monitoring in OT to a large extent ten years ago. Practitioner level.

19:03 - Kristin (Host)

Those of us who were in the field doing that work that that is what we were trying to do. Yeah, we had so much data. We didn't have that AI component yet to do all that work, because to do all that work would have meant pulling over logs and bread sheets, and nobody likes doing that when you're supposed to be putting out fire somewhere else in the building or making sure there isn't a fire, for example. So the fact that this is why I tell people don't be afraid of AI.

19:30

It is a tool to help you do your job better. And if you don't embrace it early, especially in the food industry, is very embrace about it. I mean they automate everything they can automate it. They're happy Because automation of processes in the food industry keeps food safer, because humans aren't touching it. As I continue to say this on every episode, humans are a risk. They are the biggest risk.

19:49 - Ryan (Guest)

I think the biggest problem though there is, or at least the thing that we don't like from the scientific space when you do the research you don't have, you don't consider the challenge of how do I get the data, because you've got the data right. So you're focusing on the sharp end of the problem from a scientific perspective. You know, back in 2014, we got the data because we got it right we didn't think about the fact that kind of getting the data. We weren't working the plant that you got an Excel spreadsheet or a paper spreadsheet you know, a paper clipboard taking readings of a HMI. So in this case, the data acquisition wasn't even considered. But I believe one of the biggest challenges is data acquisition. So we just found you know, this is a really great approach using AI to facilitate this kind of detection capability.

20:25

Of course, there was another outcome from that, which is OK the explainability piece. How do you actually make that information useful to the engineer If I'm just going to produce an out that that is anomaly? No, anomaly, right, that is useful as a chocolate to you, but you know, for honest, right, yeah, and it is right because, because obviously you're an engineer is like OK, that's what I'm going to do with the information. You know if anything is going to make them annoyed or you know this security more, even the professional engineer. They need something that's going to provide clear aspect of behaviour and give indication of where that's happening, why you know what's happening where and so they can go and inspect and respond.

20:58 - Kristin (Host)

Yeah, Basically, they just want to know do I need to care or not care right now, because it's something I need to deal with at this moment, or can it wait? That's what they want to know, and if you could give them that certainty of shifting data through the research, like that's huge for them. Yeah.

21:13 - Ryan (Guest)

So I would speed ahead on that. But basically that was what we, the state we got to, I mean. And then I mean I moved on for that research a couple of years after that we did we move to the smart home, basically extended to smart home to some extent covers the entire blanket of production systems in a way, because the smart home we were looking at then was you've got everything, you've got trades, you've got sensors. Of course it's not the safety related aspects that you would see in a factory, in a food manufacturing plant, for example, but it was just the complexity of the problem, which is I've got all these different systems doing loads of stuff and automation. Can we move it to there and see the same problem? And there we basically extended the premise and again proved it further, its efficacy and fidelity.

21:50

But the same problem remain, which is how do you make this practical? And so the research proved the the hypotheses right, proved the value of it. The next stage really was OK, who's going to commercialize this and bring it into a product capability, to the market so that it can be used in the real world? Also, we'll have a discussion about what excellence do later. That's what we do, but that's where we stop, till we can approve the premise and the value of it. So I driven some of the school intrusion detection.

22:18 - Kristin (Host)

OK, listeners, let's take a quick detour and go back to class for a moment. We know Ryan can get a bit technical, but fear not, here's a bite-sized glossary to keep you in the loop. First on our list is PLC Programmable Logic Controller. Think of it like the brain of R2-D2 or BB-8 from Star Wars controlling their movements and actions, but for industrial machines, it's the genius behind the scenes making sure your coffee brews perfectly every morning. Now let's get to SCADA. It stands for Supervisory, control and Data Acquisition.

22:52

Pitcher Tony Stark monitoring Stark Industries operations from his Ironman suit. Scada systems provide a bird's-eye view of industrial processes, similar to how you would use a smart home app to control your lights and thermostats from your phone. Continuing with the Ironman suit for ICS or Industrial Control Systems, it's not just a piece of armor. It's a complex system where every sensor, actuator and piece of software works in perfect sync to fly, navigate and battle. Ics and the industrial world are like the components of the Ironman suit, working together to ensure everything from power plants to water treatment facilities operates smoothly and efficiently. Just as Tony Stark relies on his suit systems to respond instantly to threats, industries rely on ICS for seamless operations and to respond to any challenges that arise. Lastly, we have OT, or Operational Technology. This is essentially the technology that controls and monitors physical devices. Think of a smart thermostat for your home. Ot is similar but on a much larger scale. For example, the systems that control the temperature and humidity in a large grocery store to keep fruits and vegetables fresh. Ot ensures the physical aspects of our world operate smoothly, from manufacturing plants to heating and cooling buildings. Thanks for coming to class.

24:10

Now back to the episode. You know I talk a lot with the food protection folks, obviously, and we keep talking about how we probably have data that could help each other. Yeah, so there's a big traceability thing is happening right now within the food industry. I really want to be able to trace down the food all the way down to the plant, to be able to determine if there's any type of illness that came from that particular field or whatever. I think that the tools that we use in cybersecurity can definitely be leverage to help understand the cyber, physical aspects of when in a contamination might have happened in a facility. We can't exactly do it in the field yet. I mean, I'm sure we're going to get there eventually.

24:49

I would love to see cybersecurity for a farm field, like that would be really cool because everything is going automated, right. I mean, there's autonomous tractors that are running. You've got drones that are autonomous running around checking for things. You have fire suppression. It's just a smart home. It's just a smart feel, right? Yeah, exactly, so, ultimately, there's that to design as well.

25:07

So, but, like I said, we've we talked about how we need to share more data, because we're doing the same assessments, basically, but just in a different angle. One's looking at it from a quality, one's looking at it from a food defense, one's looking at from cybersecurity, but there's like all this data that needs to be pulled together to have a full and complete food safety culture. Yeah, like that needs to happen, and I think I think using AI is going to be the way we eventually get there, and I obviously this is all infancy kind of conversations where nobody's really doing this yet, but there needs to be more of a click in somewhere where that data is shared, whether it's a sock monitoring or exactly like that.

25:44 - Ryan (Guest)

One of the things that we've realized at least the X and I've also from talking to the industry is that, you know, we don't have to talk about tax or cyber attacks. We talk about cybersecurity from a again a more holistic point of view, which is, you know when something goes wrong at any point in the supply chain, but let's just focus on the production line for a moment when it's because, well, do we know if it was a, whether it's a physical fault like electrical, mechanical value or some other component in the process that was causing that issue, or is it cyber related? And just knowing if something is cyber related or not is a very important first step in understanding how to respond appropriately. When we say cyber related, we don't necessarily mean you know that there's a bad guy or, via the internet, attacking you. It could be simply that one of the systems are responsible for helping call make, the automation in the process has failed. Or you know the network has changed and caused a disruption or is a misconfiguration, and you know that's really still cybersecurity from an availability and integrity point of view, not confidentiality, of course, but certainly it's cybersecurity because the computational system that's responsible for helps executing that process, you know, let's say, moving the conveyor belt with the twixes, for example, and dripping the chocolate over them has has failed for some reason.

26:48

And so surely the process automation engineers or the supervisory team looking at a process scholar terms would want to know. Oh, by the way, the process has been disrupted, but it wasn't the fact the motor broke on the conveyor belt, it was because someone just happened to fat finger a button, you know, or misconfiguration or whatever that might be. And so for them, you ask them do you care? They're like, yeah, I can obviously care about that. Right, I want to know. But if you say I get you care of cyber security attacks, I think it's disconnecting some of the cultural thinking of these people, because that's not what they're worried about. They say they worry about downtime, disruption to the process. So if you can actually say cyber physical helps enfranchise, then monitoring, then the data sharing becomes easier because they want their data into themselves. But it's equally useful for them and the IT team.

27:29 - Kristin (Host)

Exactly, and I think and you just really nailed it right here there's so much disinformation and misinformation specifically in the food industry, but even within cybersecurity we don't even know what people do. Have the time it's it's very confusing. So I read a blog recently from a food professional, food safety professional, and the comment was made that a cyber attack isn't something to worry about in the food industry because it has to be cyber, physically assisted. And I'm like it's still a cyber attack, no matter what happens. Whether someone got the password or flipped a switch on the physical side and allowed the cyber attack to come in, it's still a cyber attack and it's still worrying regardless, because insider threat is huge. People don't realize that because we innately want to believe that we're all going to do the right thing and that we're all going to, you know, be good people, because that's what we were trained to do.

28:19

Yeah, and ultimately this social engineering has become really difficult to deal with because it's basically like having to think like a villain when you're thinking about it. And this is why I say to people nothing surprises me anymore. It's very few things that surprise me in the security world anymore, unless it's just blatantly a dumb behavior. I suppose that would sort of go why? But how does your technology help with social engineering? So say, like you said, somebody backfingered something. Would the detection help that?

28:49 - Ryan (Guest)

Yeah, I think it does, I mean. So one of the things is, ultimately, you know you could have, let's say, you're a, you're a I've actually got this out of there from speaking to a manufacturer where you might be acquiring. I have a manufacturer speaking through the industry. Maybe you're acquiring another food company that has a product you want to buy, right. So you acquire that company and you inherit you know, all their operations and all their staff and all the way they do different things differently to you. So you might, let's say, you have a really sweet security operation cybersecurity, monitoring, safety, et cetera and you inherit that organization.

29:18

Obviously there's a transition period. There might be a news word, bob, that I pick on. Bob, this make believe long and toothed eye of soft who has worked at a factory for 20 years who just decides to manually change some parameters on the process, right. Maybe it's for a HMI human machine to face that plugs into changing maybe the recipe on a production line, whatever that might be. But they do that because that's what they've always done, right. And maybe that's completely contrary to the change management process that the organization who acquired and passed. Now there's not to be a position process, but this is a real life example.

29:48 - Kristin (Host)

No, you're speaking truth. I've heard these, I've experienced and heard these. So yeah, exactly.

29:54 - Ryan (Guest)

So I think it's a real well problem people seeing, and so when you think about that, the organization wants to know. Okay, well, I want to know when Bob's doing that, because that can create a problem right, particularly if that is affecting the process in some way, whether it breaks anything or not. I want to know about that behavior. So that's going to direct inside the fret in a way, because the person's not aiming to do damage, maybe intentionally, but at the same time you know you want to be able to identify that behavior Absolutely. I think that sub physical monitoring and using AI to do the data analysis at scale and bring out those aspects is going to support that, for instance, pretty much. And so we're identified that that's just going to be identifying posts in the production line that might break in three months time. So you replace quickly Additional monitoring.

30:36

Traditional traditional monitoring isn't designed to take that because that's designed to say, okay, tell me whether there's a dangerous value going to be able to refresh holding the temperature so that I can I know it act to safety instrumentation system or, you know, take some physical response to that process. But those behaviors happening between are going to go under the radar and they're sure to be monitoring how the computational systems are side by side and a physical process is changing, maybe even subtly, and so you can spot that and identify those cases and report them. Or you know and maybe it's not a person, maybe it's, you know, it could be just someone deployed a new recipe and it just didn't work as well as they fall in the real world as it did in the test bed. You can spot those behaviors as well, and I think that's what's really important here is that side of physical watching, that AI can spot those subtle cases with complex formations between the system and the process. They can spot those behaviors and tell you without you having to sit there and write all those cases down by yourself and spend six months to a year trying to do that and never getting an outcome.

31:28

But for sure that was. That Bob case was one they can't. This organization could not identify it and they needed more to inform that we can do that is by taking that holistic view. Yeah.

31:37 - Kristin (Host)

And I think it's also a holistic view to your staff as well, your employees. I've met Bob's that have purposely withheld information to keep their jobs run because they it makes them important, or at least in their mind important, and they've missed the opportunity of learning new things, to become even more important, if you will, and that's really frustrating. I think in this day and age you can't just be a one trick pony. I really do think you have to be a jack of all trades in a lot of areas Inside of production and basically within manufacturing and food production in a way. Not everybody wears one hat, you wear like 15. And I think that education piece alongside of the detection is so important. Not necessarily education on the detection software, because then everybody needs to know that. That's there just the people who need to know kind of thing, but having people understand that you can't make changes in isolation, that whole change management process. This just feeds into that more, because now you're going to actually have to sit down and look at people process. With this detection and that ability to be able to see what's going on or what isn't going on, I suppose as well. That's huge, because now you can actually create a holistic cybersecurity plan, whereas before you had to kind of like wing it, like based on tribal knowledge and what was happening which I'm not saying is a bad thing either, because if you've been there entrenched long enough you would know. But I think, people, we need the additional help. How can we actually start putting in parameters to correct behavior and fix things, moving forward and even thinking about offense, if we can't even deal with what we've got in front of us? So that's great. I love that. I wish I had this job like five years ago.

33:08

To be honest, what you're talking about, Anzen Sage proudly introduces Anzen OT, our innovative AI-powered software, as a service designed to simplify operational technology risk management. Anzen OT streamlines how organizations assess and manage cybersecurity risks in their OT environments. By leveraging AI insights, Anzen OT empowers businesses to conduct comprehensive risk assessments efficiently and ensuring compliance and security without costly third-party evaluations. Ready to transform your OT risk management approach? For more details and to join our beta waitlist, visit anzenotcom. That's A-N-Z-E-N-O-Tcom. Anzen OT simplifying risk management where empathy meets innovation. But anyways, let's talk a little bit about your product, Ryan, how you became a co-founder. You could talk about your other co-founders if you want. I'd love to hear about the birth of the organization along. You've been around and then I really want you to relate it back to how is this product, what makes it special and why the food industry would even want to bring it in, especially since they're already digitizing in a very fast rate. Budgets are tight, Like why? Why Just I?

34:40 - Ryan (Guest)

went on Absolutely so. Excellens have existed for a little while, but not in its current manifestation. The company started off as an R&D company in 2015 actually, and it was no surprise that it was working in cyber physical systems, ai, the evolution detection, just talking.

34:57 - Kristin (Host)

This is the information.

35:00 - Ryan (Guest)

But I wasn't working at the company at the time. It was one of my colleagues who co-founded the R&D organization and who had worked in the past with me on some of that research and friendship In any. In essence, the R&D company was doing this approach, typing work with European. So we see UK and European company was working in European projects and doing this for some emerging sectors. So we're up to talk about manufacturing and food, but also maritime right, smart group. So, seeing it across the board, this digital transformation.

35:24

And then three years ago which doesn't feel like three years ago at all, it was like yesterday I was invited to basically to help take over the company and spin out an actual product from the company, because obviously I'd be involved in the past and all that work and brought together that industry experience. So I was looking for opportunities and create a startup, but then this was not the vehicle to do so. So I joined as a co-founder with one of my other co-founders who CTO, called Sadeande Ramados, who's a really incredible software program engineer and architect. And what we did is we basically walked together where we was as a company and we said look, these are the. We're seeing the value proposition here of building a psychophysical monitoring technology, but now we need to build a product out of that. We need to bring what we've learned, both in the R&D space from this company see backgrounds that we had. He was working automotive actually before and, you know, three years ago we then decided, okay, good, we've got some bootstrapping, we're going to build this psychophysical technology. And we spent a long time right, three years, maybe two and a half, because it's been out about half a year now that long time really building this technology, getting the feedback from the industry, solving the really difficult problem, if I'm honest, of how do you utilize AI, get the data you need the physical data from the production lines, the cyber data from the networks and the end, these industrial endpoints.

36:36

And I want to answer all those questions I mentioned before. Right, which is, when something's going wrong, what's the root cause? Is it cyber, related to all of them? Okay, fine, can we answer that one? We can use AI to answer that. Can we detect fast stuff? Can we automatically establish how we should monitor temperature, how we should monitor the network, without requiring a data scientist in a food manufacturing environment? Right, Because what we saw was that they're big organizations in the market.

36:58

I won't name names, but they're bringing data scientists right. They're spending millions on their own custom way of trying to get this data from and I talk about food manufacturing companies as well. Get this data from the production lines, from the shop floor, and then somehow do this monitoring and identify problems and forecast them and be more optimal in their process and prevent downtime. Well, that's a lot of money, right? That's millions of pounds. These are the apex predators in the industry. They can afford to do that and they bring on data scientists to spend a year doing. Well, I know you shouldn't have to do that, right? You should be able to have your own cyber physical AI list, right? This is our thesis and your cyber physical AI list that can collect that data from existing systems without any changes to them, that can understand this is normal in the physical, this is normal in the cyber and this is normal between both, and then tell you this is what's going on, this is a root cause. This is how you respond. I mean, I had a background in AI and people in the company had that as well, so we spent a lot of time doing that and that's what we really built.

37:47

We brought a technology that effectively we call it cyber, physical AI, which is again a fancy term and sounds very marketing. But the idea is that we are able to plug into your existing systems in your industrial networks, your OT networks, collect data from your industrial endpoints, so your program, all logic controllers, your road terminal units, actuators and sensors but exactly the same way you're already collecting it for SCADA. So if you're doing some notional monitoring, okay good, we just go up, cycle that data already and it just can connect those systems. Exactly the same way, but use that data for something more than you're already using it for. And we're going to collect the data from the networks that you may or may not be collecting already and then from that, have the system identify known threat behaviors, but also the stuff that's unknowing, that's right, the thing that's unknown. And by doing that we realize, okay, cool, we've got this level of capability in the technology, which is good, it's great, right, but then again it might not be available for those more medium-sized you know, food benefactors, where they haven't got a massive sock. So how do we help them?

38:41

And what we realized is we could build a layer on top which acts like an analyst, an AI analyst, in a way that says I can take this only from the physical, but I can take this only from the network and cyber and I can determine how this is set of behavior and what it means. It's like a human would. We do a number of analysis and so we did that and we and we able to build a technology like that basically allows you to say, okay, it's going to all happen, with physical or not, so we will tap them in cyber or not, network for example, and it's a, it's a process of our function, this is a root cause. It's not a cyber security threat. So you know, seeing nothing to know but to suggest that and here's the way it's happening, and this is what's happening and the process happening on how you can respond. But conversely, the analyst can say, okay, it's a cyber security threat and you know this is why a cyber security threat and what we realized is, with that technology we built, except to a long time, this was also equally useful for the engineers on the shop floor as it is for the existing or neuro emerging IT slash, ot security analyst socks, whereby the engineers who would, you know, we talk to a lot of them directly they shouldn't don't fall outside of serious case is integrating that monitoring. Visibility in the environment allows them to spot things they can never spot before.

39:47

Like I said before twisting, is it cyber related or not? You know it is a abnormal activity which is not reaching any condition monitoring thresholds. It's not a pretty good Mason's problem. All we could do as well is it's a normally. Do I care about it? Like you said? I think you said before we discussed this do I care about this now or should I look at it later?

40:02

And yeah, that was some really big breakthrough for us, which is we've got a technology that provides holistic benefit and we found this was the way of breaking down barriers to get better monitoring for everyone in the, particularly in food. We're a factory where you mentioned. Why is it relevant? Because it's running at speed, reduces high amounts of output, for the most part cross industry and when something goes down, you know that's a significant impact on the business, but also on the supply chain. You know things don't turn up in the supermarket right. There's a really good story where a manufacturer, a just a company called back logistic in Netherlands. The company got a compromise ransomware and go figure out what happens everywhere.

40:36 - Kristin (Host)

I was going to say current theme.

40:39 - Ryan (Guest)

unfortunately, but they shut things down out there, bumms, bums of caution, because they didn't know what was affected. They couldn't answer the question has this affected the process or has this affected the water? Of course, and what happened then was, you know, funny enough, that's what they do. Cheese right, there's a cheese manufacturer. The supermarket shelves were empty of cheese. There's a really like I mean people like, oh, no, no cheese, no, the world's going to end.

41:00

The point is is like you just extrapolate that to important foods. Right, you know the staple foods that everyone needs. Maybe it could be rice tricks. Right, it could be breads. It could be really, you know, could be baby formula, baby for exactly, right, yeah, that is a nightmare for people that can't actually see. You know, naturally, or whatever, what, what are reason? Right, yeah, that's super important, and and so therefore, spotting issues very fast and knowing how to respond to appropriately is super important to the manufacturer, and that fast, we consume good superman. You all know this much better now, but the unit is super important. So, when we are speaking to organizations, we're asked the question was it goes wrong? Do you know if it's cyber related or not? They say no, or it can take days or weeks to find out after the investigative process. And the thing is, you know, you speak to some manufacturer and they'll be like Well, we don't see the issue right Because we're air gap and we've got our concerns and that's a whole lot of discussion.

41:49 - Kristin (Host)

Oh God and talk about air gap, but what we've done, you know what we?

41:53 - Ryan (Guest)

we kind of play back to them when we were showcasing technologies, or can? They don't even think about cyber attacks right now. Just think about if something rings wrong and you couldn't find the answer, if it's cyber related or not, because you don't have some physical visibility and you're monitoring detection, what do you do? And they kind of come unstuck. But is it an element of not trying to put people's nose out of joint, right, because it's like, oh well, we're perfect, we're fine, and the short answer is work?

42:15

At some point you're going to want to just transform, connect and also make more because you need, if you've got, a fast moving consumer goods process, that's going to need to be optimized. Yeah, why is your competition you know I think you mentioned this before to be Christine before we started the call where quality, right, you've got quality. That is a measurement. That's a quality measurement. How much of this batch of food is bad, for whatever reason, or good as you've got output? How much am I producing based on the supply chain demand? When am I going to have to change things in my process and what I'm going to introduce into the downtime? So these are things that they should care about, regardless of cybersecurity attack factors or threat actors.

42:47

Right, it's kind of a day to day business, and so, as they connect and automate, more naturally they're going to want cyber physical visibility and analysis, and so that unpicked that, that barrier, christine, that of the list is that without technology? What we build so I'm going to be a real answer to a question is what we built is a solution that allows to both serve the needs of the people on the shop floor, process automation engineers, the engineers in the factory, as well as providing the same telemetry for security teams that desperately need it to understand when is actually a real security threat to be considered. And that's where I think is a breakthrough for the industry. Actually, I think that through a factor is, in particular, should be going okay, I can see how this can help me now and perhaps we'll even care a bit more about cyber security.

43:28 - Kristin (Host)

Yeah, and it goes back to that traceability role. You'll be able to actually see the timeline of if there is an issue, or food defense teams will be able to come up with a plan of attack or a plan of defense, if you will a little bit better if they can see the data. How many times I've talked to food, to talk to food defense, and they said we just don't know what. We don't know because we don't have it. You know and of course that's very much a security vibe as well, and I've said this before on the podcast and I will probably continue to say it these midsize companies and these smaller companies won't actually be able to produce the volume and that they're going to be requested to at some point. Because these smaller houses are getting bigger, because people want more of that experience, that boutique experience is really popular. They're going to have to use AI, otherwise they're going to have a huge labor force which they won't be able to afford.

44:12

I was also thinking too, ryan, when you're talking that IoT type refrigerators are becoming really popular, so like grab them, go sandwich in the airport or a college campus or a train station, anything like that. Food in general is going IoT, wouldn't you want to know if one of those sensors failed or if it was under temperature, because you wouldn't want to buy the sandwich if it was underneath? You know specs to be eat. That's really has to stop. And then you've got a whole PR issue because you're killing people with your you know gross sandwich.

44:40

I think that that type of like software will be embraced more by those type of companies because that's just one headache gone, but again it goes back to that ability to be able to trace it and that's going to be huge. So I think this is this is really good to hear like the people are actually starting to come up with these ideas and put them into practice and it's getting good practical traction. Like good for you. Like it's nice to hear that it's not just like another security tool that blah, blah, blah, blah or all those buzzy words and or marketing to all fill. I applaud, like those techniques, because I think you were also a Black Hat this year, which is a security conference. You were a DEF CON, but yes, a black hat, and it's a security conference.

45:22

We call it hacker summer camp for those who are in security industry. It's just this gathering of all of us basically, and it's a lot of like flash and and pump and circumstance in a lot of ways, and a lot of these vendors that come through there's just it's still going to be wrong. I appreciate the swag, I appreciate like the candor, but you're like, wow, you're going to be bought or you're going to fizzle out in a year, I won't know. You, you know and I think that you've got longevity because you're attaching to critical infrastructure in a way that we need. We haven't had that yet.

45:51

I mean, I know there's other tools out there. I'm not beating up on anybody and I have my own opinions of that anyways, but this definitely seems like something especially for the food industry can be utilized in different aspects, both on the quality front, the protection front and anything to go within supply chain. You'll actually be able to start seeing things. Rather than I suppose it happened on an idle Tuesday, a three o'clock in the afternoon, rather than like now, you're going to have actual data that's going to show when this all went down. I think that's amazing.

46:16

So thank you, ryan for sharing that and for the work you're doing, team. I'm excited to see where you're going to take this, because I'm sure there's plenty of expansion ideas. On a final note, before we go, I want to make sure you give everybody the information they need to find you In terms of the way you can find us.

46:34 - Ryan (Guest)

So Exalenscom is our website. We're quite active on LinkedIn. Under Exalens we post a lot, and not just about what we do as a product, but we have, you know, we try to share as much content and nurture the industry as possible. The last thing is we have a community edition for our tool. So you know what we don't want to do is pick on our vendors, but you know, sometimes really hard to get access to these technologies and just see what they can do and how they can benefit you. Exalens community edition is free for anyone small, medium, large. You can download it, you can try it out and see how it can help you get that visibility picture, just to start with. So people are interested in getting their hands on. Just come to our website.

47:10 - Kristin (Host)

And they can also find you on LinkedIn.

47:12 - Ryan (Guest)

Yeah, find me on LinkedIn and I'm more than happy to talk about big benefit battering, cybersecurity. And, of course, thank you very much for inviting me to have a conversation on here with you as well. I really appreciate it.

47:22 - Kristin (Host)

You know I'm really selective about what vendors I allow on this podcast. Generally speaking, I'm very careful because I want my podcast to be a benefit to people. I want people to gain knowledge and, ryan, you just share a whole like, but load of knowledge, like that was a lot. I mean, I'm sitting here going yep, yep, I'm resonating. You can't see me, but I'm shaking my head and definitely was a. It's just. It's so good that we're finally getting here that OT and ICS and Scott and all that are starting to get it. They're due. I know so many people that are in the process side engineers that have just been begging for things like this for a very long time because they can't do their job in isolation and that's definitely why I think it's as well they don't.

47:59 - Ryan (Guest)

they don't want to be sold a job, a need for cybersecurity they don't think they have a role in if you give them a technology that helps them with their day job but extends it to the extra digitalization they're experiencing. You know that's the hearts and minds, that kind of breaks on the cultural barriers, and I think that's the key here is that any technology adoption, whatever it might be, needs to benefit people. They need to feel a benefit from it. Other life, it's someone else's job's most problem and I think that's the one thing to get and hopefully we can be a flexible part in that, in solving that.

48:27 - Kristin (Host)

Yeah, and I think you're going to. So congratulations on that. I'm looking forward to watching you grow and thank you very much for your time again, ryan. Thanks so much. All right, thanks, ryan, cheers. And that wraps up another enlightening Bites and Bites podcast episode. A huge thank you to Dr Ryan Harfield for joining us today and sharing his invaluable expertise on the critical role of AI and cybersecurity in the food industry. It's clear that, as our world becomes more connected, the need of innovation and these types of solutions has never been more important, especially when it comes to keeping the food supply chain safe and secure. To all of you, thank you for tuning in and I hope you enjoyed today's episode. As a parting thought, all of Ryan's info and the community demo he mentioned will be in the show notes. I'm Kristin Demoranville and it's been an absolute pleasure having you with us. Stay safe, stay curious and we'll see you on the next episode. Bye for now.