Ep. 041 - Realities in the Systems That Produce Our Food with James Slaby

00:00:21 Kristin King

‍ ‍

Welcome back to the Bites and Bites podcast.

‍ ‍

00:00:23 Kristin King

‍ ‍

I'm your host, Kristen King.

‍ ‍

00:00:25 Kristin King

‍ ‍

This is the show where we explore the systems, technology, and human realities behind food and agriculture.

‍ ‍

00:00:31 Kristin King

‍ ‍

and sometimes the risks that we don't see until they hit us hard.

‍ ‍

00:00:34 Kristin King

‍ ‍

Today, we're joined by James Slaby, Director of OT Solutions, Go-to-Market at Acronis.

‍ ‍

00:00:41 Kristin King

‍ ‍

James has spent more than two decades analyzing and working in cybersecurity networking and industrial technologies.

‍ ‍

00:00:47 Kristin King

‍ ‍

In this conversation, we're going to dig into the systems that quietly produce our food, legacy equipment, air gap networks, ancient operating systems still controlling real-world machinery.

‍ ‍

00:00:58 Kristin King

‍ ‍

And what happens when modern cyber threats collide with outdated infrastructure?

‍ ‍

00:01:02 Kristin King

‍ ‍

We also talk about deepfakes, social engineering, recovery planning, and how everyday people, not just IT teams, are becoming part of the threat landscape.

‍ ‍

00:01:11 Kristin King

‍ ‍

So let's get into it.

‍ ‍

00:01:12 Kristin King

‍ ‍

Enjoy.

‍ ‍

00:01:15 Kristin King

‍ ‍

Well, as always, before anybody introduces themselves, we're going to go into favorite food and favorite food memory.

‍ ‍

00:01:20 Kristin King

‍ ‍

James, they do not need to be the same thing.

‍ ‍

00:01:22 Kristin King

‍ ‍

Go for it.

‍ ‍

00:01:23 James Slaby

‍ ‍

Sure.

‍ ‍

00:01:23 James Slaby

‍ ‍

So I'm originally a native of Buffalo, New York, and like the rest of my extended family, many of whom are still in that area, I'm kind of obsessed with buffalo wings.

‍ ‍

00:01:33 James Slaby

‍ ‍

Of course.

‍ ‍

00:01:34 James Slaby

‍ ‍

But something I discovered, which really surprised me, is that there's a superior gloss on the fried chicken wing, and that is Korean-style fried chicken.

‍ ‍

00:01:44 James Slaby

‍ ‍

What they did

‍ ‍

00:01:45 James Slaby

‍ ‍

I've concluded that makes it even better than my beloved original buffalo wings is that they do a two-step fry.

‍ ‍

00:01:52 James Slaby

‍ ‍

They first fry the wings in low temperature oil to cook them all the way through, and then they do a second fry in a higher temperature oil to crisp the skin.

‍ ‍

00:02:01 James Slaby

‍ ‍

And then they'll hand paint on, there's many sauces, but the two most popular ones are gochujang, which is the Korean version of hot sauce.

‍ ‍

00:02:08 James Slaby

‍ ‍

It's slightly funky, slightly sweet flavor in addition to the capsaicin heat, and then-- Delicious.

‍ ‍

00:02:15 James Slaby

‍ ‍

Foley garlic.

‍ ‍

00:02:16 James Slaby

‍ ‍

And this is now my go-to.

‍ ‍

00:02:18 James Slaby

‍ ‍

If I show up for like a Super Bowl party or BBQ or something, I'll bring a big bucket of these.

‍ ‍

00:02:22 James Slaby

‍ ‍

And in particular, my friend's kids are absolutely crazy for the KOFC, I call it.

‍ ‍

00:02:29 James Slaby

‍ ‍

So that's it.

‍ ‍

00:02:30 James Slaby

‍ ‍

So I'm always down for traditional buffalo wings.

‍ ‍

00:02:34 James Slaby

‍ ‍

My local watering hole in downtown Boston is a hundred year old Irish pub.

‍ ‍

00:02:39 James Slaby

‍ ‍

Same family has run it the whole time.

‍ ‍

00:02:40 James Slaby

‍ ‍

They do beautiful chicken wings.

‍ ‍

00:02:42 James Slaby

‍ ‍

Shout out to JJ Foley's Cafe in Boston South End.

‍ ‍

00:02:45 James Slaby

‍ ‍

Koreans have figured out a modest improvement that I think is really worth checking out if you get the chance.

‍ ‍

00:02:50 Kristin King

‍ ‍

Yes, I definitely would agree.

‍ ‍

00:02:52 Kristin King

‍ ‍

There is a superior level of fried chicken in that area of the world.

‍ ‍

00:02:57 Kristin King

‍ ‍

The Japanese are also quite good at it.

‍ ‍

00:02:59 James Slaby

‍ ‍

Karaage is, I'm really digging karaage chicken these days too.

‍ ‍

00:03:02 Kristin King

‍ ‍

Yeah, it really is.

‍ ‍

00:03:03 Kristin King

‍ ‍

I feel like a little side of that with your ramen is just like the perfect meal, like super comforting at the whole thing.

‍ ‍

00:03:09 Kristin King

‍ ‍

I haven't had that in a minute.

‍ ‍

00:03:10 Kristin King

‍ ‍

I should probably get that.

‍ ‍

00:03:11 Kristin King

‍ ‍

Yeah, I totally understand this.

‍ ‍

00:03:12 Kristin King

‍ ‍

My stepsons are connoisseurs of fried

‍ ‍

00:03:15 Kristin King

‍ ‍

chicken and chicken sandwiches and anything to do with chicken that's breaded in general.

‍ ‍

00:03:19 Kristin King

‍ ‍

And they even have said something similar, like it's just the best chicken, like how it's fried the way it is.

‍ ‍

00:03:24 Kristin King

‍ ‍

It's kind of like a triple cooked chips or fries for us Americans in the UK.

‍ ‍

00:03:29 Kristin King

‍ ‍

There's just something about it.

‍ ‍

00:03:30 James Slaby

‍ ‍

Absolutely.

‍ ‍

00:03:31 James Slaby

‍ ‍

My own kind of home cooking efforts always run up against that.

‍ ‍

00:03:34 James Slaby

‍ ‍

It's either not cooked all the way through or it's overdone.

‍ ‍

00:03:37 James Slaby

‍ ‍

And I think that two-step process kind of solves all problems there.

‍ ‍

00:03:40 Kristin King

‍ ‍

Yes, for sure.

‍ ‍

00:03:41 Kristin King

‍ ‍

And so your favorite food memory then?

‍ ‍

00:03:43 James Slaby

‍ ‍

I fought long and hard.

‍ ‍

00:03:45 James Slaby

‍ ‍

about this.

‍ ‍

00:03:46 James Slaby

‍ ‍

I wasn't a super adventurous eater as a child.

‍ ‍

00:03:49 James Slaby

‍ ‍

I was kind of scared of most things, but I really trusted my dad and he was a kind of a 3 a.m.

‍ ‍

00:03:57 James Slaby

‍ ‍

snacker and I was a light sleeper.

‍ ‍

00:03:59 James Slaby

‍ ‍

So I would sometimes hear him stirring in the kitchen in the middle of the night and I would go down and, you know, this is a me four or five years old in my jammies.

‍ ‍

00:04:07 James Slaby

‍ ‍

And he'd be up making some kind of snack that was clearly evocative of the nostalgia of his youth.

‍ ‍

00:04:14 James Slaby

‍ ‍

And

‍ ‍

00:04:15 James Slaby

‍ ‍

My one sort of fondest memory of those late night meetings with my dad was he would make a sandwich of tinned sardines, raw onions, and yellow mustard on white bread.

‍ ‍

00:04:26 James Slaby

‍ ‍

Wow, that's intense.

‍ ‍

00:04:28 James Slaby

‍ ‍

So, you know, those were some beautiful moments along with my dad.

‍ ‍

00:04:32 James Slaby

‍ ‍

I'm from a big family.

‍ ‍

00:04:33 James Slaby

‍ ‍

There were eight of us all together.

‍ ‍

00:04:34 James Slaby

‍ ‍

And so the, you know, 10 minutes of time to himself without just sitting there quietly in the kitchen with nothing on, but the fluorescent light coming from the stove top are really cherished.

‍ ‍

00:04:45 James Slaby

‍ ‍

memories for me.

‍ ‍

00:04:46 James Slaby

‍ ‍

And I've since concluded that while I got braver about food as I got older, particularly as I started traveling internationally for work, that all my dad's favorites were very umami packed.

‍ ‍

00:04:58 James Slaby

‍ ‍

So things like sardines and pickled herring and calves liver.

‍ ‍

00:05:03 James Slaby

‍ ‍

Like I was the only one of my five brothers and sisters that liked the liver.

‍ ‍

00:05:06 James Slaby

‍ ‍

And I've since realized like, oh, I was like an umami hound.

‍ ‍

00:05:10 James Slaby

‍ ‍

And traveling abroad for work, particularly places like China where

‍ ‍

00:05:15 James Slaby

‍ ‍

A foreign guest would get the red carpet rolled out for them and served an elaborate banquet meal with all the delicious delicacies.

‍ ‍

00:05:22 James Slaby

‍ ‍

And, you know, the locals would say, look, you got to eat everything.

‍ ‍

00:05:24 James Slaby

‍ ‍

You don't want to insult our host's hospitality.

‍ ‍

00:05:27 James Slaby

‍ ‍

And the rule I learned was, don't tell me what it is.

‍ ‍

00:05:30 James Slaby

‍ ‍

And then you won't run up against any of my cultural prejudices against, I don't know, sea snake or a deer pizzle, stag pizzle soup.

‍ ‍

00:05:39 James Slaby

‍ ‍

Or if I didn't know what it was, then I'd go, oh, this is delicious.

‍ ‍

00:05:41 James Slaby

‍ ‍

And then I found out afterwards what it was.

‍ ‍

00:05:43 James Slaby

‍ ‍

I'd be like, oh, I would have had a really

‍ ‍

00:05:45 James Slaby

‍ ‍

hard time eating that if I'd known what it was beforehand.

‍ ‍

00:05:48 James Slaby

‍ ‍

So that travel really broke all my old inhibitions about trying new things that I had as a little kid.

‍ ‍

00:05:55 James Slaby

‍ ‍

But I often, you know, I will still occasionally make that sardine onion mustard sandwich and not think of my dad who's gone some years now.

‍ ‍

00:06:03 Kristin King

‍ ‍

It's amazing how food can transport you memory wise.

‍ ‍

00:06:06 Kristin King

‍ ‍

I just recently asked my grandfather and a cup of coffee makes me think of him.

‍ ‍

00:06:10 Kristin King

‍ ‍

So every morning I sit with grandpa and I have a cup of coffee essentially.

‍ ‍

00:06:13 Kristin King

‍ ‍

And I love that.

‍ ‍

00:06:14 Kristin King

‍ ‍

I sit

‍ ‍

00:06:15 Kristin King

‍ ‍

It used to be really sad and now I love it because it's something nobody can take away from me.

‍ ‍

00:06:18 Kristin King

‍ ‍

It's like a complete memory, just like the sardine mustard sandwich and onion.

‍ ‍

00:06:21 Kristin King

‍ ‍

Sorry, I forgot about the onion, the pungency of all that.

‍ ‍

00:06:24 Kristin King

‍ ‍

Yeah, it's really beautiful.

‍ ‍

00:06:25 Kristin King

‍ ‍

And you're so right about traveling abroad.

‍ ‍

00:06:27 Kristin King

‍ ‍

I think that's when my palate really opened up.

‍ ‍

00:06:29 Kristin King

‍ ‍

I think a lot of people probably say the same thing.

‍ ‍

00:06:31 Kristin King

‍ ‍

When I went to China for the first time, I actually decided to do myself a real good service and I went to a food St.

‍ ‍

00:06:36 Kristin King

‍ ‍

tour my first night in.

‍ ‍

00:06:37 Kristin King

‍ ‍

So I got used to the textures and the flavorings and understood where things were coming from.

‍ ‍

00:06:42 Kristin King

‍ ‍

Ended up being a really fun group.

‍ ‍

00:06:44 Kristin King

‍ ‍

I remember thinking if

‍ ‍

00:06:45 Kristin King

‍ ‍

If I didn't do this, I wouldn't have survived the trip at all.

‍ ‍

00:06:48 Kristin King

‍ ‍

Also, pro tip, if you don't want to eat anything you don't know, just tell people you're a vegetarian.

‍ ‍

00:06:51 Kristin King

‍ ‍

It actually covers almost everything anyways.

‍ ‍

00:06:53 Kristin King

‍ ‍

So yeah, that's what I ended up doing a couple times when I was like, I don't know about this.

‍ ‍

00:06:58 Kristin King

‍ ‍

Just like, you know, I'm a vegetarian.

‍ ‍

00:06:59 Kristin King

‍ ‍

And they're like, oh, no problem.

‍ ‍

00:07:00 Kristin King

‍ ‍

And actually, the vegetables are amazing anyway, so it was totally fine.

‍ ‍

00:07:04 Kristin King

‍ ‍

And also the rice and all the things.

‍ ‍

00:07:06 Kristin King

‍ ‍

And also, I'm really grateful that I learned how to use chopsticks before I went as well, because that level made-up quite a bit in the eyes of my hosts and was able to.

‍ ‍

00:07:15 Kristin King

‍ ‍

navigate through things successfully, except I had to ask questions like, how do you eat a fried egg with chopsticks?

‍ ‍

00:07:20 Kristin King

‍ ‍

That was kind of wild.

‍ ‍

00:07:21 Kristin King

‍ ‍

And I learned they taught me how to tear it with the chopsticks and things like that.

‍ ‍

00:07:24 Kristin King

‍ ‍

And they later served on when I was in Japan quite frequently.

‍ ‍

00:07:27 Kristin King

‍ ‍

I could just survive.

‍ ‍

00:07:28 Kristin King

‍ ‍

So yeah, there's like these little things that you kind of pick up as you go and fix your palate and learn how to eat the food properly.

‍ ‍

00:07:34 Kristin King

‍ ‍

Because there's such an etiquette in how you eat as well in these places that can be really offensive if you do it wrong too.

‍ ‍

00:07:40 Kristin King

‍ ‍

But yeah, China definitely opened up my horizons with food.

‍ ‍

00:07:44 Kristin King

‍ ‍

And to this day,

‍ ‍

00:07:45 Kristin King

‍ ‍

I don't think I've had food that even rivals it in some ways, because we don't really make it in the States the same, obviously.

‍ ‍

00:07:51 Kristin King

‍ ‍

Maybe a few places, but nothing really formal.

‍ ‍

00:07:53 Kristin King

‍ ‍

Yeah, I do miss a couple things for sure, but that's fantastic.

‍ ‍

00:07:57 Kristin King

‍ ‍

Thank you for sharing that memory, and that's really beautiful.

‍ ‍

00:07:59 Kristin King

‍ ‍

Thanks, James.

‍ ‍

00:08:00 Kristin King

‍ ‍

Why don't you go ahead and introduce yourself to everyone that's listening, because now they've already heard that we're foodies, so that's clear.

‍ ‍

00:08:05 James Slaby

‍ ‍

Yeah, so food nerds is my preferred term.

‍ ‍

00:08:08 James Slaby

‍ ‍

Use that to remind myself that, like any nerd of any stripe, we're useful to know when you have a problem.

‍ ‍

00:08:15 James Slaby

‍ ‍

problem to solve, like, okay, I've got vegetarian halal and meat and potatoes eaters.

‍ ‍

00:08:20 James Slaby

‍ ‍

What's one place that can serve all their needs?

‍ ‍

00:08:22 James Slaby

‍ ‍

It's like, oh, I've got several suggestions for you there.

‍ ‍

00:08:25 James Slaby

‍ ‍

But also like nerds, we can be painful to get cornered at a cocktail party and droning on and on about our latest cooking excursions or restaurant experiences.

‍ ‍

00:08:36 James Slaby

‍ ‍

So I'm James Flavey.

‍ ‍

00:08:37 James Slaby

‍ ‍

I'm the Director of Cyber Protection at Acronis.

‍ ‍

00:08:40 James Slaby

‍ ‍

My core responsibilities these days are around our operational

‍ ‍

00:08:45 James Slaby

‍ ‍

technology solution.

‍ ‍

00:08:46 James Slaby

‍ ‍

So Acronis is in the business of endpoint security, backup disaster recovery, and remote endpoint management.

‍ ‍

00:08:55 James Slaby

‍ ‍

And that gets used by our customers around the world in a bunch of different ways.

‍ ‍

00:09:01 James Slaby

‍ ‍

So one example is managed service providers.

‍ ‍

00:09:03 James Slaby

‍ ‍

We're basically IT outsourcers for small businesses, use our platform to serve as the IT and cybersecurity department for small businesses.

‍ ‍

00:09:11 James Slaby

‍ ‍

A large chunk of our business goes out that way.

‍ ‍

00:09:14 James Slaby

‍ ‍

And then there's our OT business, which is quietly kind of our big success story in the enterprise.

‍ ‍

00:09:20 James Slaby

‍ ‍

And what we do is provide cyber resilience for PC-based platforms,

‍ ‍

00:09:25 James Slaby

‍ ‍

In OT environments, so data systems, HMIs, data historians, any Windows or Linux-based system that's used to control lower-level technology like sensors, actuators, programmable logic controllers, IoT devices, on and on and on like that.

‍ ‍

00:09:46 James Slaby

‍ ‍

Our other kind of great strength there is our partnerships.

‍ ‍

00:09:49 James Slaby

‍ ‍

Most of the major automation vendors in the world use Acronis as their OT resilience solution for, so they are either reference selling us, white labeling us, or co-branding our solution to their customers saying, Look, if you want to keep our automation equipment, minimize downtime, you want to tick this box on your order, and then they get Acronis.

‍ ‍

00:10:10 James Slaby

‍ ‍

Having their kind of endorsement, having tested and field tested our technology

‍ ‍

00:10:16 James Slaby

‍ ‍

in referring to it is probably our biggest strength.

‍ ‍

00:10:19 James Slaby

‍ ‍

You know, there's a challenge being a company that's whose much of their business is in IT going into operational technology environments.

‍ ‍

00:10:26 James Slaby

‍ ‍

Like what do you know about agriculture?

‍ ‍

00:10:28 James Slaby

‍ ‍

What do you know about mining?

‍ ‍

00:10:30 James Slaby

‍ ‍

What do you know about robotic logistics warehouses?

‍ ‍

00:10:35 James Slaby

‍ ‍

You're in IT in those kind of office environments or home office environments.

‍ ‍

00:10:40 James Slaby

‍ ‍

And that's a legitimate criticism of a lot of vendors in our space, but we've been

‍ ‍

00:10:46 James Slaby

‍ ‍

been around for over 20 years and working in industrial environments for that long.

‍ ‍

00:10:51 James Slaby

‍ ‍

But the best endorsement of that is the kind of people who use us and that reference us.

‍ ‍

00:10:58 James Slaby

‍ ‍

You know, think of like Emerson and Rockwell and Yokogawa and ABB.

‍ ‍

00:11:04 James Slaby

‍ ‍

These are all among the kind of giants of industrial automation worldwide.

‍ ‍

00:11:08 James Slaby

‍ ‍

And having their endorsement, their armor on this really gives us a lot of credibility up in that space.

‍ ‍

00:11:14 Kristin King

‍ ‍

That's great.

‍ ‍

00:11:15 Kristin King

‍ ‍

Thank you for this reference.

‍ ‍

00:11:16 Kristin King

‍ ‍

How did you get into this company?

‍ ‍

00:11:18 Kristin King

‍ ‍

Where'd you come from before?

‍ ‍

00:11:19 Kristin King

‍ ‍

Give me a little bit of your background so we can lead the listeners to why we're talking.

‍ ‍

00:11:23 James Slaby

‍ ‍

So my career has kind of two halves.

‍ ‍

00:11:25 James Slaby

‍ ‍

I started as a systems engineer in the networking business in the early days of the build-out of internet infrastructure worldwide.

‍ ‍

00:11:33 James Slaby

‍ ‍

So I worked for one of the two big router companies, and I went from systems engineer to...

‍ ‍

00:11:39 James Slaby

‍ ‍

product manager to product marketing person, and from product marketing into solutions and vertical marketing.

‍ ‍

00:11:45 James Slaby

‍ ‍

And doing that for a number of networking vendors and later cybersecurity vendors, that's probably half my career.

‍ ‍

00:11:51 James Slaby

‍ ‍

The other half I've spent as an industry analyst at companies like Forrester Research, the Bygone, Yankee Group, and some smaller boutique kind of research companies, initially covering networking and the later cybersecurity.

‍ ‍

00:12:07 James Slaby

‍ ‍

That's what I was doing before

‍ ‍

00:12:09 James Slaby

‍ ‍

When I joined Acronis, I was at a boutique house called HFS Research and writing about cloud security.

‍ ‍

00:12:16 James Slaby

‍ ‍

This was a little over 10 years ago.

‍ ‍

00:12:18 James Slaby

‍ ‍

And the challenge there was convincing enterprise buyers that the cloud was a safe place to play, that there was still resistance at that time to moving your sensitive data into the cloud.

‍ ‍

00:12:28 James Slaby

‍ ‍

And my research basically showed that like, well, they're actually better at cybersecurity than you are.

‍ ‍

00:12:33 James Slaby

‍ ‍

So you're probably okay to start taking advantages of the scale and cost economies of SaaS.

‍ ‍

00:12:39 James Slaby

‍ ‍

and cloud computing.

‍ ‍

00:12:41 James Slaby

‍ ‍

Acronis hired me originally to help them with some demand Gen.

‍ ‍

00:12:46 James Slaby

‍ ‍

problems, but then they took their first splash in the cybersecurity pool, and I was one of a handful of people in the company who had a cybersecurity background, so they moved me into a product marketing role.

‍ ‍

00:12:58 James Slaby

‍ ‍

That evolved into a solutions marketing role.

‍ ‍

00:13:00 James Slaby

‍ ‍

After some years of being far too quiet about our OT story, they decided that we should really tell the world more about that, and that's the kind of role that I

‍ ‍

00:13:09 James Slaby

‍ ‍

and now is kind of educating our customers, our prospects about what we're doing in OT.

‍ ‍

00:13:15 James Slaby

‍ ‍

Historically, we're famous for backup and security, but on the IT side of the house.

‍ ‍

00:13:20 Kristin King

‍ ‍

And it's interesting that you spent time talking about moving to the cloud for enterprise, and now the conversation of moving to the cloud for OT is happening, and everybody is anti it for the moment, and that's okay.

‍ ‍

00:13:33 Kristin King

‍ ‍

I understand the on-prem bit and how important that is.

‍ ‍

00:13:37 Kristin King

‍ ‍

So in a way, you've kind of recycled your

‍ ‍

00:13:39 Kristin King

‍ ‍

career a bit, because here we go, we're into this whole new section of cloud-based OT and ICS.

‍ ‍

00:13:46 Kristin King

‍ ‍

And I don't mean everybody needs to switch there, and that's a big debate for another show, but it is definitely something that's on the horizon, and especially when it comes to different critical infrastructure that's mobile and moving, logistics, transportation, agriculture, Bing, seafood, fleets, you name it.

‍ ‍

00:14:03 Kristin King

‍ ‍

Those are going to require cloud for quite a bit of things, especially when you

‍ ‍

00:14:09 Kristin King

‍ ‍

take into account the ability to have more real-time data and make better decisions.

‍ ‍

00:14:15 Kristin King

‍ ‍

That's going to be an interesting moment.

‍ ‍

00:14:17 Kristin King

‍ ‍

And at the moment I'm proceeding and I'm cautiously optimistic about it, but also I completely understand the on-prem moment because it's much easier to go unplug something if something goes wrong than it is to shut down the cloud.

‍ ‍

00:14:28 Kristin King

‍ ‍

I mean, we really can't shut down the cloud.

‍ ‍

00:14:31 Kristin King

‍ ‍

Yeah, adopting is going to be really interesting in these different sectors, I think, coming up James.

‍ ‍

00:14:34 Kristin King

‍ ‍

That's a really, you just made me go very curious in my mind.

‍ ‍

00:14:37 Kristin King

‍ ‍

I was like, yeah, that's really interesting because I just had this conversation

‍ ‍

00:14:39 Kristin King

‍ ‍

a couple of days ago with the utility company and how they're really anti-cloud because they can't control it.

‍ ‍

00:14:45 Kristin King

‍ ‍

They feel as much as they can with on-prem.

‍ ‍

00:14:47 Kristin King

‍ ‍

The physical, cyber-physical aspects are very much a real thing, even for the practitioners who manage and run.

‍ ‍

00:14:54 Kristin King

‍ ‍

It's not just what you do in the digital world has an impact on the physical world.

‍ ‍

00:14:57 Kristin King

‍ ‍

We need to be able to impact the physical world if we have something that we feel is going to cause a problem as well.

‍ ‍

00:15:02 Kristin King

‍ ‍

So thank you for making me go down that rabbit hole in my mind while you were talking, because that's exactly what I was like.

‍ ‍

00:15:07 James Slaby

‍ ‍

I think it's a really trenchant point rate.

‍ ‍

00:15:09 James Slaby

‍ ‍

now in that we really have to meet our customers wherever they are on that adoption curve.

‍ ‍

00:15:16 Kristin King

‍ ‍

Okay, quick pause because James just mentioned a couple things that people in operational technology or OT say casually, but everyone else hears it like someone suddenly switched the podcast into Klingon.

‍ ‍

00:15:28 Kristin King

‍ ‍

Let me translate.

‍ ‍

00:15:30 Kristin King

‍ ‍

First up, the Purdue model.

‍ ‍

00:15:32 Kristin King

‍ ‍

Think of

‍ ‍

00:15:32 Kristin King

‍ ‍

like a very structured, layered cake.

‍ ‍

00:15:35 Kristin King

‍ ‍

At the top, you've got your business systems, so your e-mail, billing, accounting, all the non-glamorous things that make up a company.

‍ ‍

00:15:41 Kristin King

‍ ‍

At the bottom layer are the systems that directly interact with the physical world.

‍ ‍

00:15:46 Kristin King

‍ ‍

The machines, the sensors, and controls that actually move product, keep temperature stable, grind feed, pump water, and run a packaging line.

‍ ‍

00:15:54 Kristin King

‍ ‍

And the pull point is everything has its place, and those layers aren't supposed to mix freely.

‍ ‍

00:15:59 Kristin King

‍ ‍

You don't want someone in the office accidentally interacting with the same

‍ ‍

00:16:02 Kristin King

‍ ‍

network that controls your refrigeration system.

‍ ‍

00:16:04 Kristin King

‍ ‍

Just like you don't mix raw chicken juice with cake frosting.

‍ ‍

00:16:08 Kristin King

‍ ‍

Same energy.

‍ ‍

00:16:09 Kristin King

‍ ‍

Next term, air-gapped.

‍ ‍

00:16:11 Kristin King

‍ ‍

This one is literal.

‍ ‍

00:16:12 Kristin King

‍ ‍

The system is physically isolated from the internet.

‍ ‍

00:16:15 Kristin King

‍ ‍

No Wi-Fi, no cloud, no remote connection, nothing.

‍ ‍

00:16:19 Kristin King

‍ ‍

It's like a walk-in cooler with no outside door.

‍ ‍

00:16:21 Kristin King

‍ ‍

If you want access, you have to already be inside the building.

‍ ‍

00:16:25 Kristin King

‍ ‍

Great for reducing cyber risk, terrible when you need urgent help, and your IT person is 3 states away.

‍ ‍

00:16:30 Kristin King

‍ ‍

And then we get into the big one.

‍ ‍

00:16:32 Kristin King

‍ ‍

Why OT systems don't patch like your phone or your laptop?

‍ ‍

00:16:36 Kristin King

‍ ‍

In OT, patching can break things, not metaphorically, but physically.

‍ ‍

00:16:40 Kristin King

‍ ‍

A control system might be running on a 15 to 20 year old operating system because...

‍ ‍

00:16:46 Kristin King

‍ ‍

It controls a mixer or an evaporator or a bottle line, and the vendor-qualified software hasn't been updated in a decade.

‍ ‍

00:16:54 Kristin King

‍ ‍

Updating it might introduce a glitch, remove support for a driver, or change timing, and in OT, timing matters.

‍ ‍

00:17:01 Kristin King

‍ ‍

It's not negligence, it's just reality.

‍ ‍

00:17:04 Kristin King

‍ ‍

If you patch something that's been quietly running a pasteurizer since 2005, you might not just break the software, you might break the pasteurizer, and the cheese, and the day everyone's working there.

‍ ‍

00:17:15 Kristin King

‍ ‍

So when James talks about

‍ ‍

00:17:16 Kristin King

‍ ‍

stability, long life cycles, and not poking things until you're absolutely needing to.

‍ ‍

00:17:22 Kristin King

‍ ‍

That's why.

‍ ‍

00:17:22 Kristin King

‍ ‍

OT lives firmly in the category of, please don't touch that unless something is actually on fire.

‍ ‍

00:17:28 Kristin King

‍ ‍

Because in food and agriculture, touching the wrong system at the wrong time can cause downtime, spoilage, food safety issues, employee safety issues, and a very awkward call explaining why your cold storage suddenly isn't cold.

‍ ‍

00:17:41 Kristin King

‍ ‍

All right, back to James.

‍ ‍

00:17:45 James Slaby

‍ ‍

For instance, one thing that we do that is allow for a completely premise-based solution.

‍ ‍

00:17:50 James Slaby

‍ ‍

So if you're doing Purdue model segmentation or air gapping, that's not a problem for us.

‍ ‍

00:17:56 James Slaby

‍ ‍

You find that many tech solutions now require management from a cloud-based console.

‍ ‍

00:18:02 James Slaby

‍ ‍

And that's not going to fly in an air-gapped environment.

‍ ‍

00:18:04 James Slaby

‍ ‍

It's going to be very difficult if you're Purdue-based.

‍ ‍

00:18:07 James Slaby

‍ ‍

But we also have customers who have started opening up those environments.

‍ ‍

00:18:11 James Slaby

‍ ‍

So for instance, we're able to feed into a kind of

‍ ‍

00:18:14 James Slaby

‍ ‍

a corporate central console with information about OT environments at factories, say, that are scattered around the world.

‍ ‍

00:18:22 James Slaby

‍ ‍

And it kind of, it's a one-way feed for a lot of these folks.

‍ ‍

00:18:26 James Slaby

‍ ‍

They don't want to break Purdue in doing it, but we can help them do that.

‍ ‍

00:18:30 James Slaby

‍ ‍

And because we integrate data protection backup with cybersecurity, we can pull them along into better endpoint protection as they open things up more and open up attack surfaces to things like ransomware.

‍ ‍

00:18:44 James Slaby

‍ ‍

that they didn't have to really worry about when they had the kind of the castle with the moat kind of approach to security.

‍ ‍

00:18:51 Kristin King

‍ ‍

Yes, I completely get that.

‍ ‍

00:18:53 Kristin King

‍ ‍

I feel like sometimes that's the good old days and we all wish for that again.

‍ ‍

00:18:56 Kristin King

‍ ‍

But here we are in a new digital world where anybody can pretty much touch you at any time, which is terrifying in itself.

‍ ‍

00:19:02 Kristin King

‍ ‍

And I can't take those rose tinted glasses off.

‍ ‍

00:19:05 Kristin King

‍ ‍

We all see it for what it is now.

‍ ‍

00:19:06 Kristin King

‍ ‍

So, and this is just a swing back just a tad.

‍ ‍

00:19:08 Kristin King

‍ ‍

I have so many thoughts here.

‍ ‍

00:19:10 Kristin King

‍ ‍

How do you like being in the OTICS space?

‍ ‍

00:19:12 Kristin King

‍ ‍

Because you came originally, you didn't come originally from there.

‍ ‍

00:19:14 Kristin King

‍ ‍

I think a lot of us who are in OTICS, generally speaking, came out of IT back in the day.

‍ ‍

00:19:19 Kristin King

‍ ‍

But how do you like being on the OTICS side a little bit more than you?

‍ ‍

00:19:22 Kristin King

‍ ‍

you were before.

‍ ‍

00:19:23 Kristin King

‍ ‍

Do you feel welcomed?

‍ ‍

00:19:24 Kristin King

‍ ‍

Are you enjoying it?

‍ ‍

00:19:25 Kristin King

‍ ‍

I have lots of opinions, obviously, but I would love to hear yours.

‍ ‍

00:19:28 James Slaby

‍ ‍

Well, it's completely fascinating to me because, you know, who wants to kind of shunt along in the same lane in technology forever?

‍ ‍

00:19:36 James Slaby

‍ ‍

It's kind of one of the great things about being in tech is that there's some kind of transformative wave that comes along every few years and you've got to kind of constantly be learning, right?

‍ ‍

00:19:48 James Slaby

‍ ‍

You know, we're all sharks, right?

‍ ‍

00:19:50 James Slaby

‍ ‍

If we slow down, we

‍ ‍

00:19:52 James Slaby

‍ ‍

will die.

‍ ‍

00:19:53 James Slaby

‍ ‍

But I particularly love digging into the industrial side of things.

‍ ‍

00:19:57 James Slaby

‍ ‍

I think about kind of my roots.

‍ ‍

00:19:59 James Slaby

‍ ‍

I have a family who are farmers.

‍ ‍

00:20:02 James Slaby

‍ ‍

So this is cousins and second cousins and uncles and great uncles in Broome County and Shenango County, New York.

‍ ‍

00:20:10 James Slaby

‍ ‍

This is kind of upstate New York near the Pennsylvania line.

‍ ‍

00:20:15 James Slaby

‍ ‍

And, you know, getting together with that family in those days meant paying horseback riding one uncle

‍ ‍

00:20:22 James Slaby

‍ ‍

was cattle breeder.

‍ ‍

00:20:24 James Slaby

‍ ‍

So when you went to get the adults a beer, you had to make sure to go to the right refrigerator in the kitchen because the other one was full with stuff that wasn't for human use.

‍ ‍

00:20:37 James Slaby

‍ ‍

Yeah, I got you.

‍ ‍

00:20:38 James Slaby

‍ ‍

You know, I've kind of grown away from that.

‍ ‍

00:20:41 James Slaby

‍ ‍

You know, my folks moved to New England and I became, you know, the city kid with the job in networking and cybersecurity, which, you know, was a little better understood nowadays, but

‍ ‍

00:20:52 James Slaby

‍ ‍

in my career, it was sort of impossible to explain to people who weren't in tech what the heck it was that we did.

‍ ‍

00:20:58 James Slaby

‍ ‍

And so, but again, you have, there's also some reuse of challenges.

‍ ‍

00:21:03 James Slaby

‍ ‍

You alluded to this transition from a kind of premise-based computing to the cloud, and there is a similar kind of transition going on here and similar difficulties.

‍ ‍

00:21:14 James Slaby

‍ ‍

Absolutely understand the resistance.

‍ ‍

00:21:16 James Slaby

‍ ‍

Like you spent your whole career making sure that nothing messes with this great automation set of

‍ ‍

00:21:22 James Slaby

‍ ‍

that you have where downtime is extremely expensive, tinkering is really discouraged, right?

‍ ‍

00:21:28 James Slaby

‍ ‍

Let alone opening up the environment to potential new threats.

‍ ‍

00:21:32 James Slaby

‍ ‍

So these are concerns that I understand and have heard before.

‍ ‍

00:21:37 James Slaby

‍ ‍

And frankly, we're in a period where we haven't figured out all the issues yet.

‍ ‍

00:21:42 James Slaby

‍ ‍

And we're starting to see really ominous shifts in the threat environment where critical infrastructure, which ag is now considered a part of by

‍ ‍

00:21:52 James Slaby

‍ ‍

cybersecurity standards bodies and national governments is really increasingly becoming targeted.

‍ ‍

00:21:58 James Slaby

‍ ‍

I don't know how much you talk about attacks on the show, but I just look at there's been a bunch of them over the in recent years and they seem to be growing.

‍ ‍

00:22:06 James Slaby

‍ ‍

Probably the JBS attack, I think is the one that probably most people who aren't in tech are probably aware of.

‍ ‍

00:22:13 James Slaby

‍ ‍

But you know, I don't want to I can reiterate a bunch of them.

‍ ‍

00:22:16 James Slaby

‍ ‍

I imagine this is something that your audience is well familiar with.

‍ ‍

00:22:19 Kristin King

‍ ‍

We do talk about it quite frequently.

‍ ‍

00:22:20 Kristin King

‍ ‍

And I think that they're great

‍ ‍

00:22:22 Kristin King

‍ ‍

great examples, but I always say they're the known ones.

‍ ‍

00:22:25 Kristin King

‍ ‍

It's the unknown that scare me half to death because those big corporations had to, because they're publicly traded, because the SEC regulations, so of course we're going to find out about them.

‍ ‍

00:22:34 Kristin King

‍ ‍

But we don't know always what the issues are.

‍ ‍

00:22:38 Kristin King

‍ ‍

Like the Amazon distribution one, that one that supplied for Whole Foods, we don't know what happened, but it reads like ransomware.

‍ ‍

00:22:44 Kristin King

‍ ‍

We can speculate based on knowledge of the industry, but they have not disclosed what it was.

‍ ‍

00:22:49 Kristin King

‍ ‍

And I feel like there should be some type of disclosure within these

‍ ‍

00:22:52 Kristin King

‍ ‍

particular rules that tells you what it is.

‍ ‍

00:22:55 Kristin King

‍ ‍

How are you going to prepare an industry for something if we don't know what it is?

‍ ‍

00:22:58 Kristin King

‍ ‍

Just an attack doesn't, I mean, that's like saying Godzilla attacked and you're just going to, that's it.

‍ ‍

00:23:03 Kristin King

‍ ‍

You don't know how he attacked, where he came from.

‍ ‍

00:23:05 Kristin King

‍ ‍

Was it another creature involved?

‍ ‍

00:23:07 Kristin King

‍ ‍

We don't know.

‍ ‍

00:23:08 Kristin King

‍ ‍

We just know that it happened.

‍ ‍

00:23:09 Kristin King

‍ ‍

So I think we're doing a bit of a disservice to the food and ag industry by not having more disclosure.

‍ ‍

00:23:14 Kristin King

‍ ‍

And then you, on top of it, if there's a small, medium-sized farms or different CPGs or small businesses and things like that, we don't know.

‍ ‍

00:23:22 Kristin King

‍ ‍

if they got hit.

‍ ‍

00:23:23 Kristin King

‍ ‍

It's kind of word of mouth, it's community.

‍ ‍

00:23:24 Kristin King

‍ ‍

And as you know, James, there's a lot of shame that comes with being in an attack, so people don't want to talk about it.

‍ ‍

00:23:30 Kristin King

‍ ‍

And then if you are in food and ag, it's an OT issue as well as an IT issue, generally speaking, because everything intersects with the physical world.

‍ ‍

00:23:37 Kristin King

‍ ‍

The incidents that are happening are becoming more frequent, yes.

‍ ‍

00:23:40 Kristin King

‍ ‍

I think that it's an iceberg issue.

‍ ‍

00:23:42 Kristin King

‍ ‍

I think that we see just the small tip of what's actually going on.

‍ ‍

00:23:46 Kristin King

‍ ‍

Also, we have nation states that are involved.

‍ ‍

00:23:49 Kristin King

‍ ‍

The dairy industry's been getting punched in the face, literally, lately.

‍ ‍

00:23:52 Kristin King

‍ ‍

And now we've have loss of life.

‍ ‍

00:23:54 Kristin King

‍ ‍

Cows are passing because they don't have access to real-time data when they're distressed.

‍ ‍

00:23:58 Kristin King

‍ ‍

So there's a lot of things going on here.

‍ ‍

00:24:00 Kristin King

‍ ‍

And also we have the ag tech community that's innovative and excited and pushing forward and all this great investment.

‍ ‍

00:24:08 Kristin King

‍ ‍

And they're not doing it securely.

‍ ‍

00:24:10 Kristin King

‍ ‍

It's not secure by design.

‍ ‍

00:24:11 Kristin King

‍ ‍

So we've got these other things that are being added where different considerations for security have to be put into place.

‍ ‍

00:24:17 Kristin King

‍ ‍

But again, this falls back onto places that don't have teams, don't have OT, don't have a SIEM, don't have a

‍ ‍

00:24:22 Kristin King

‍ ‍

a sock, don't have a knock, don't have any of this stuff.

‍ ‍

00:24:24 Kristin King

‍ ‍

And it's just, you know, Mr.

‍ ‍

00:24:26 Kristin King

‍ ‍

and Mrs.

‍ ‍

00:24:26 Kristin King

‍ ‍

Farmers that are standing there going, I need to put this wearable on my cow so I know when it's going to drop a calf.

‍ ‍

00:24:33 Kristin King

‍ ‍

And I mean, is it secure?

‍ ‍

00:24:35 Kristin King

‍ ‍

I don't know.

‍ ‍

00:24:35 Kristin King

‍ ‍

It connects to my phone.

‍ ‍

00:24:36 Kristin King

‍ ‍

Is my phone secure?

‍ ‍

00:24:37 Kristin King

‍ ‍

I assume.

‍ ‍

00:24:38 Kristin King

‍ ‍

And there's all these questions around that.

‍ ‍

00:24:40 Kristin King

‍ ‍

And I don't want people in food and agriculture, this is my biggest fear, to just put their heads in the sand like an ostrich.

‍ ‍

00:24:45 Kristin King

‍ ‍

I want people to be informed on risk and blended into their safety practices as much as possible.

‍ ‍

00:24:50 Kristin King

‍ ‍

Have their stop-drop-roll type moments.

‍ ‍

00:24:52 Kristin King

‍ ‍

because these are the people that feed us.

‍ ‍

00:24:54 Kristin King

‍ ‍

This is what creates our memories of our childhood and various other aspects of our lives.

‍ ‍

00:24:59 Kristin King

‍ ‍

The idea of that being attacked is so disturbing to me and viscerally disturbing.

‍ ‍

00:25:05 Kristin King

‍ ‍

Like I am horrified by it every day.

‍ ‍

00:25:08 Kristin King

‍ ‍

And these people that have to be resilient in a different capacity than already they're doing, because being a farmer is very complicated and hard nowadays.

‍ ‍

00:25:16 Kristin King

‍ ‍

And it's not an easy path.

‍ ‍

00:25:18 Kristin King

‍ ‍

And we need more first-gen farmers.

‍ ‍

00:25:19 Kristin King

‍ ‍

And it's really hard to get in.

‍ ‍

00:25:20 Kristin King

‍ ‍

And there's all these different parts of the ag business that are just a lot.

‍ ‍

00:25:24 Kristin King

‍ ‍

It's A lot.

‍ ‍

00:25:24 Kristin King

‍ ‍

And then you want to add a cybersecurity level onto it.

‍ ‍

00:25:27 Kristin King

‍ ‍

I know I understand in a lot of ways why mental health is such a huge issue in that particular industry and why I continually talk about this and why I advocate and why I have this show and why I work with the industry the way I do.

‍ ‍

00:25:39 Kristin King

‍ ‍

because we need more people to come along and make it normal.

‍ ‍

00:25:41 Kristin King

‍ ‍

Like it's normal to talk about an attack.

‍ ‍

00:25:43 Kristin King

‍ ‍

It's normal to talk about what we got to do to fix it.

‍ ‍

00:25:45 Kristin King

‍ ‍

Or it's normal to have a resilience conversation so, you know, you can bypass you and you could survive whatever happens.

‍ ‍

00:25:50 Kristin King

‍ ‍

And that's...

‍ ‍

00:25:52 Kristin King

‍ ‍

That's the real trick of it.

‍ ‍

00:25:54 Kristin King

‍ ‍

And again, like I said, going back to your original statement, we're just seeing the tip of the iceberg.

‍ ‍

00:25:58 Kristin King

‍ ‍

There's so much more going on and it's scary.

‍ ‍

00:26:01 Kristin King

‍ ‍

There's so many like little nuances to this and it's, and I'm glad that people are waking up that agriculture is part of critical infrastructure, even though the US didn't add it to the list until 2020.

‍ ‍

00:26:13 Kristin King

‍ ‍

Like I still don't know why they didn't add it sooner.

‍ ‍

00:26:15 Kristin King

‍ ‍

Everybody else had it on there.

‍ ‍

00:26:16 Kristin King

‍ ‍

But I think that the more people who get educated in what agriculture is and what the business is,

‍ ‍

00:26:22 Kristin King

‍ ‍

It's not as simple as people think it is.

‍ ‍

00:26:24 Kristin King

‍ ‍

It looks simple for the most part.

‍ ‍

00:26:26 Kristin King

‍ ‍

People make it look easy, but it's not.

‍ ‍

00:26:28 Kristin King

‍ ‍

And also, it's such a big industry.

‍ ‍

00:26:30 Kristin King

‍ ‍

It's an industry-wide big thing.

‍ ‍

00:26:31 Kristin King

‍ ‍

It's not just the small farms.

‍ ‍

00:26:33 Kristin King

‍ ‍

It's also the grain silos and it's the distribution networks and it's the transportation that goes around it.

‍ ‍

00:26:39 Kristin King

‍ ‍

It's the cold storage.

‍ ‍

00:26:41 Kristin King

‍ ‍

The cold storage is like a whole thing.

‍ ‍

00:26:43 Kristin King

‍ ‍

Like that's getting attacked too.

‍ ‍

00:26:44 Kristin King

‍ ‍

And it's wild to me that as OT, we are very much system thinkers.

‍ ‍

00:26:49 Kristin King

‍ ‍

You know, when something happens over here, it happens over here.

‍ ‍

00:26:52 Kristin King

‍ ‍

And yet we're the weirdos because nobody actually thinks like that.

‍ ‍

00:26:55 Kristin King

‍ ‍

Apparently that's not common as people remind me all the time, because I'm like, well, why didn't people realize that if they'd have this, it's cause and effect?

‍ ‍

00:27:01 Kristin King

‍ ‍

Why wouldn't they?

‍ ‍

00:27:02 Kristin King

‍ ‍

They're like, oh, well, you're a nerd, basically back at me.

‍ ‍

00:27:05 Kristin King

‍ ‍

And I'm like, I didn't realize that's what it was.

‍ ‍

00:27:07 Kristin King

‍ ‍

And I'm sure, and you already strike me as a systems thinker, James.

‍ ‍

00:27:10 Kristin King

‍ ‍

So I think that you completely get what I'm saying.

‍ ‍

00:27:12 Kristin King

‍ ‍

And maybe that's why you've taken to OT quite well, like a fish and water.

‍ ‍

00:27:18 Kristin King

‍ ‍

It's definitely something that you're enjoying.

‍ ‍

00:27:20 Kristin King

‍ ‍

I can tell you're enjoying because the way you talk about it.

‍ ‍

00:27:22 Kristin King

‍ ‍

So that's great.

‍ ‍

00:27:24 Kristin King

‍ ‍

I'm glad that you can pull from your roots.

‍ ‍

00:27:26 Kristin King

‍ ‍

You understand what farming looks like.

‍ ‍

00:27:28 Kristin King

‍ ‍

How else are we going to have great food stories and culture and tradition if we don't have people doing that and keep doing it securely?

‍ ‍

00:27:36 Kristin King

‍ ‍

And I don't think that every farmer needs to go out and take a cybersecurity course necessarily.

‍ ‍

00:27:40 Kristin King

‍ ‍

I don't know if we're quite there yet.

‍ ‍

00:27:41 Kristin King

‍ ‍

We might be at that tipping point, but I don't know.

‍ ‍

00:27:44 Kristin King

‍ ‍

It's going to be hard because we're going to have to adapt tech that we have for them in that regard.

‍ ‍

00:27:49 Kristin King

‍ ‍

I mean, yeah, sure.

‍ ‍

00:27:50 Kristin King

‍ ‍

Food manufacturing, absolutely.

‍ ‍

00:27:51 Kristin King

‍ ‍

You can have all the bells and whistles and all the things.

‍ ‍

00:27:53 Kristin King

‍ ‍

The CPG is the same thing.

‍ ‍

00:27:54 Kristin King

‍ ‍

To have it on a farm level is going to be complicated and really take some real ingenuity to create something that can give a better monitoring experience.

‍ ‍

00:28:03 Kristin King

‍ ‍

I don't think we're quite there yet.

‍ ‍

00:28:05 Kristin King

‍ ‍

I think we're getting there.

‍ ‍

00:28:06 Kristin King

‍ ‍

I just wish that AgTech would start creating things more securely.

‍ ‍

00:28:08 Kristin King

‍ ‍

That would be my one wish.

‍ ‍

00:28:10 Kristin King

‍ ‍

If people asked me what my wish was for the world, AgTech creates things securely so farmers don't have to worry.

‍ ‍

00:28:19 Kristin King

‍ ‍

And thank you for listening.

‍ ‍

00:28:20 Kristin King

‍ ‍

If you're enjoying the show, please take a moment to like, comment, follow, and share it with someone who'd appreciate it.

‍ ‍

00:28:26 Kristin King

‍ ‍

Every bit of support helps more people find these conversations, and I'm so grateful for all the messages.

‍ ‍

00:28:32 Kristin King

‍ ‍

all the feedback and all the stories you've been sending.

‍ ‍

00:28:35 Kristin King

‍ ‍

Thank you for reaching out and letting me know how much the show has resonated with you.

‍ ‍

00:28:38 Kristin King

‍ ‍

And because we're heading into the holiday season, I want to encourage you to help where you can.

‍ ‍

00:28:43 Kristin King

‍ ‍

Donate to a local food pantry.

‍ ‍

00:28:45 Kristin King

‍ ‍

You could find one at findhelp.org.

‍ ‍

00:28:48 Kristin King

‍ ‍

Call a local farm and ask if you can sponsor a farm share for a family in need.

‍ ‍

00:28:51 Kristin King

‍ ‍

It's easy to find a place to start by going to localharvest.org.

‍ ‍

00:28:55 Kristin King

‍ ‍

Reach out to a local school and see if you could support them for breakfast or lunch, or just be a grocery buddy for someone nearby who could use the help.

‍ ‍

00:29:03 Kristin King

‍ ‍

Food insecurity isn't just an American issue, it's worldwide.

‍ ‍

00:29:06 Kristin King

‍ ‍

And while I'm not sponsored by any of these organizations, I believe if we have tools or resources, we can use them to make sure people have access to food.

‍ ‍

00:29:15 Kristin King

‍ ‍

Thank you for caring, and back to the episode.

‍ ‍

00:29:20 James Slaby

‍ ‍

It's funny, when you talk about the psychological aspect of it, that really plays to something important that I've seen going on in recent years.

‍ ‍

00:29:29 James Slaby

‍ ‍

Again, Acronis started as a backup company and then we got into the cybersecurity business and coined this term cyber protection, which was the idea that defense and recovery should be integrated.

‍ ‍

00:29:39 James Slaby

‍ ‍

I've kind of seen the world come around to that.

‍ ‍

00:29:42 James Slaby

‍ ‍

If you look at recent additions of cybersecurity regulations or recent

‍ ‍

00:29:48 James Slaby

‍ ‍

revs of cybersecurity standards, or you look at the requirements that you're getting from your insurance company, if you want a cyber insurance policy to help mitigate the cost of recovering from a ransomware attack, for instance, they have all placed this new emphasis on recovery.

‍ ‍

00:30:06 James Slaby

‍ ‍

So if you look at NIST CSF 2.0, the NIS2 regulations in the EU, or you've talked to your insurer recently, a few years ago, they were all about make sure you're using multifactor

‍ ‍

00:30:18 James Slaby

‍ ‍

authentication and that you're encrypting your data and that you have antivirus protection.

‍ ‍

00:30:23 James Slaby

‍ ‍

Now there are new planks in those standards and those regulations in those insurance requirements that say, make sure you're following industry best practices for backup.

‍ ‍

00:30:33 James Slaby

‍ ‍

Have an incident response plan in place.

‍ ‍

00:30:35 James Slaby

‍ ‍

Think about disaster recovery.

‍ ‍

00:30:38 James Slaby

‍ ‍

And this kind of recovery capability in OT takes on new dimensions.

‍ ‍

00:30:44 James Slaby

‍ ‍

The downtime costs tend to be much, much greater, right?

‍ ‍

00:30:48 James Slaby

‍ ‍

So the idea of being able to recover very quickly is important.

‍ ‍

00:30:52 James Slaby

‍ ‍

Another issue that you have is you don't have trained IT people around in many of these environments.

‍ ‍

00:30:58 James Slaby

‍ ‍

You're out on an oil rig, or you're in a mine at the edge of the jungle, or a remote distribution facility, or you're in a farm in the heartland.

‍ ‍

00:31:09 James Slaby

‍ ‍

You don't have IT people who are, you know, at your beck and call.

‍ ‍

00:31:13 James Slaby

‍ ‍

And if you are air gapped for security reasons, people that might

‍ ‍

00:31:18 James Slaby

‍ ‍

be able to help you with the remote tools, say try to come up RDP into your desktop, they can't do that, right?

‍ ‍

00:31:24 James Slaby

‍ ‍

Another issue that you've got is the equipment life cycles involved in OT.

‍ ‍

00:31:29 James Slaby

‍ ‍

This technology is designed to last 10, 20, even 30 years, whereas IT people are used to cycling through stuff every three to five years, doing constant updates.

‍ ‍

00:31:39 James Slaby

‍ ‍

In many OT environments, we see Windows XP PCs being used to control the environment or really ancient builds of Linux.

‍ ‍

00:31:48 James Slaby

‍ ‍

You don't want to update those or patch them if you can help it, because you might lose some functionality or break your ability to monitor or control or configure the lower level operational technology.

‍ ‍

00:32:01 James Slaby

‍ ‍

So stability is super, super important in these environments.

‍ ‍

00:32:05 James Slaby

‍ ‍

So one of the ways that we address this is that we never walked away from those old operating systems.

‍ ‍

00:32:12 James Slaby

‍ ‍

Another big issue is how do you recover if IT is hours or days away?

‍ ‍

00:32:18 James Slaby

‍ ‍

We've made it simple enough that you can basically do a recovery from a local backup and the ability to restore from a known working image uncorrupted by ransomware or without the update that you just did that broke something.

‍ ‍

00:32:33 James Slaby

‍ ‍

And to do that in a matter of minutes, that's super, super valuable, right?

‍ ‍

00:32:37 James Slaby

‍ ‍

When the clock is ticking on that.

‍ ‍

00:32:41 James Slaby

‍ ‍

Kind of grappling with those realities of operational technology environments has really to deal with these kind of

‍ ‍

00:32:48 James Slaby

‍ ‍

requirements where it's like, what's your story for backup?

‍ ‍

00:32:51 James Slaby

‍ ‍

How quickly can you recover?

‍ ‍

00:32:53 James Slaby

‍ ‍

What is your plan in the event of a cyber attack or a hardware failure or somebody plugging something into the machine like a USB stick that they shouldn't?

‍ ‍

00:33:03 James Slaby

‍ ‍

And this gets more important as these environments open up and as just in general, the threat environment has gotten more dire.

‍ ‍

00:33:10 James Slaby

‍ ‍

I know you're well familiar with the kind of the ongoing industrialization of cybercrime and how that's meant that it's cheaper,

‍ ‍

00:33:18 James Slaby

‍ ‍

to mount more and more frequent attacks.

‍ ‍

00:33:21 James Slaby

‍ ‍

The sophistication is getting higher.

‍ ‍

00:33:23 James Slaby

‍ ‍

Now we've got Gen.

‍ ‍

00:33:25 James Slaby

‍ ‍

AI tools being used by the bad guys so that phishing attacks are getting more effective, right?

‍ ‍

00:33:31 James Slaby

‍ ‍

The phishing emails are perfect and the calls to action are more compelling and they can mount them at greater scale.

‍ ‍

00:33:38 James Slaby

‍ ‍

So all these things, these pressures are starting to come to bear on OT environments.

‍ ‍

00:33:44 James Slaby

‍ ‍

So you need to start thinking about improving your cyber defenses

‍ ‍

00:33:48 James Slaby

‍ ‍

But your last line of defense always is the ability to quickly recover, right?

‍ ‍

00:33:53 James Slaby

‍ ‍

So you want to do as much as you can to reduce the risk of cyber threats with defensive measures.

‍ ‍

00:34:00 James Slaby

‍ ‍

But our adversaries are generally a step ahead of us and, again, can enlist armies of not very bright people to do most of the dirty work for them in ways that we can't possibly keep up with the frequency and the growing sophistication of the attacks.

‍ ‍

00:34:15 James Slaby

‍ ‍

So you really need that break

‍ ‍

00:34:18 James Slaby

‍ ‍

in case of emergency recovery mechanism.

‍ ‍

00:34:21 Kristin King

‍ ‍

Yeah, I think it's super important to note the backup aspect, like in JBS's example, if they were able to come back up faster and they couldn't because that was broken as well.

‍ ‍

00:34:30 Kristin King

‍ ‍

So there was a lot of aspects about it.

‍ ‍

00:34:32 Kristin King

‍ ‍

I think the thing about food and agriculture that I've noticed more and more is the social engineering component.

‍ ‍

00:34:37 Kristin King

‍ ‍

You already mentioned fishing as a great example.

‍ ‍

00:34:40 Kristin King

‍ ‍

Doxing is super popular now too.

‍ ‍

00:34:42 Kristin King

‍ ‍

Deep fakes are heavy in the industry as well.

‍ ‍

00:34:45 Kristin King

‍ ‍

And AI is driving that.

‍ ‍

00:34:46 Kristin King

‍ ‍

It's learned behavior.

‍ ‍

00:34:48 Kristin King

‍ ‍

For everything that is good, it's also equally evil.

‍ ‍

00:34:50 Kristin King

‍ ‍

It's really just there.

‍ ‍

00:34:52 Kristin King

‍ ‍

And I think the social engineering aspects around OT are going to hit a breaking point at some point, I think.

‍ ‍

00:34:58 Kristin King

‍ ‍

We are definitely at a place now where educating people on how to behave and how to be defensive as well as responsive is becoming, I think, more of the norm.

‍ ‍

00:35:08 Kristin King

‍ ‍

We're not quite there yet, but I think people are getting it.

‍ ‍

00:35:10 Kristin King

‍ ‍

And that makes me really happy because when we go to things like backups and being more proactive, it's going to be a lot more easy to adopt.

‍ ‍

00:35:18 Kristin King

‍ ‍

stopped moving forward.

‍ ‍

00:35:19 Kristin King

‍ ‍

And yeah, there's some really nasty people out there doing really horrible things, obviously.

‍ ‍

00:35:22 Kristin King

‍ ‍

And it's so scary that you could just dial it up as a service now.

‍ ‍

00:35:27 Kristin King

‍ ‍

Just hacking as a service, ransomware as a service, whatever you want to call it, is terrifying.

‍ ‍

00:35:31 Kristin King

‍ ‍

And you're right, they're ahead of us in a lot of ways, because we're still playing catch up.

‍ ‍

00:35:35 Kristin King

‍ ‍

You know, we don't know what's in our systems.

‍ ‍

00:35:38 Kristin King

‍ ‍

We don't have asset control.

‍ ‍

00:35:39 Kristin King

‍ ‍

We don't understand who's accessing when.

‍ ‍

00:35:41 Kristin King

‍ ‍

There's all these different aspects.

‍ ‍

00:35:42 Kristin King

‍ ‍

Or you don't have any people.

‍ ‍

00:35:44 Kristin King

‍ ‍

You mentioned that earlier.

‍ ‍

00:35:44 Kristin King

‍ ‍

There's no people to do the work.

‍ ‍

00:35:46 Kristin King

‍ ‍

So it's left up to people

‍ ‍

00:35:48 Kristin King

‍ ‍

who aren't technical to deal with it.

‍ ‍

00:35:49 Kristin King

‍ ‍

And they're just trying to get by.

‍ ‍

00:35:51 Kristin King

‍ ‍

And that's really the heart of the matter, especially in food and ag.

‍ ‍

00:35:54 James Slaby

‍ ‍

I recently had the family password conversation with my extended family.

‍ ‍

00:35:58 James Slaby

‍ ‍

We were all together for a kind of a reunion.

‍ ‍

00:36:01 James Slaby

‍ ‍

And the concern I had was around deep fake technology, particularly around voice, which is extremely easy to do.

‍ ‍

00:36:08 James Slaby

‍ ‍

And the scenario I painted was, grandma gets a phone call from someone who sounds exactly like one of her grandchildren, who's saying, oh, I was in a car accident.

‍ ‍

00:36:18 James Slaby

‍ ‍

and they put me in jail and I need money to bail me out.

‍ ‍

00:36:22 James Slaby

‍ ‍

I don't want to spend the weekend in jail, grandma.

‍ ‍

00:36:24 James Slaby

‍ ‍

Can you help me out?

‍ ‍

00:36:26 James Slaby

‍ ‍

And of course, that's not my nephew.

‍ ‍

00:36:29 James Slaby

‍ ‍

That is a deepfake of his voice, which you only need about a 30-second audio sample to do a convincing deepfake.

‍ ‍

00:36:36 James Slaby

‍ ‍

So not everyone in my family knows a passphrase that they can challenge a caller in a dire situation like this and say, What's the family passphrase?

‍ ‍

00:36:44 James Slaby

‍ ‍

And if they don't know it, then they know it's a fake.

‍ ‍

00:36:46 James Slaby

‍ ‍

So I'm

‍ ‍

00:36:48 James Slaby

‍ ‍

and spreading that stratagem around or around my extended family and friends is too.

‍ ‍

00:36:54 Kristin King

‍ ‍

It's an excellent strategy.

‍ ‍

00:36:56 Kristin King

‍ ‍

It's an excellent strategy and it should be updated annually as well.

‍ ‍

00:36:59 Kristin King

‍ ‍

You don't want to, you should have a different one every time.

‍ ‍

00:37:01 Kristin King

‍ ‍

Basic human behavior one-on-one based, and it's such an easy thing to do and such a simple thing.

‍ ‍

00:37:07 Kristin King

‍ ‍

And that doesn't necessarily imply just for those phone calls and those scams.

‍ ‍

00:37:11 Kristin King

‍ ‍

It could be if you're out and about and you have an emergency, you could just say the password and people will know that you're in trouble.

‍ ‍

00:37:16 Kristin King

‍ ‍

Those kind of things.

‍ ‍

00:37:16 Kristin King

‍ ‍

It also goes into those places.

‍ ‍

00:37:18 Kristin King

‍ ‍

places.

‍ ‍

00:37:18 Kristin King

‍ ‍

Sadly, I think we live in a world where we're going to all need those for various reasons at some point, and it's a good thing.

‍ ‍

00:37:23 Kristin King

‍ ‍

So that's an excellent thing to do with your family.

‍ ‍

00:37:26 Kristin King

‍ ‍

James, this has been a great conversation, and I have really enjoyed your wisdom because you're speaking truth to a lot of things that are happening, and you have a really good vision of what's going on and what needs to be done.

‍ ‍

00:37:36 Kristin King

‍ ‍

So thank you so much for that.

‍ ‍

00:37:37 Kristin King

‍ ‍

As we're leaving, any final words?

‍ ‍

00:37:39 James Slaby

‍ ‍

Sure, Kristen.

‍ ‍

00:37:40 James Slaby

‍ ‍

I just want to say, likewise, what a great pleasure it's been to be part of your podcast.

‍ ‍

00:37:45 Kristin King

‍ ‍

Thanks so much, James.

‍ ‍

00:37:46 James Slaby

‍ ‍

Thanks again, Kristen.

‍ ‍

00:37:55 Kristin King

‍ ‍

And that's a wrap up today's episode.

‍ ‍

00:37:57 Kristin King

‍ ‍

A big thanks to James for joining me and sharing his perspectives on the realities of inside the systems and critical infrastructure.

‍ ‍

00:38:02 Kristin King

‍ ‍

And to you, thank you for listening, for sharing, and for being a part of the community.

‍ ‍

00:38:07 Kristin King

‍ ‍

If you enjoyed today's episode, remember to like, comment, follow, and share.

‍ ‍

00:38:10 Kristin King

‍ ‍

It really helps others find the show and keep these conversations growing.

‍ ‍

00:38:14 Kristin King

‍ ‍

You can also check out my Substack and the Bytes and Bytes podcast website for

‍ ‍

00:38:18 Kristin King

‍ ‍

additional content, behind the scenes updates, and reflections on the various episodes.

‍ ‍

00:38:22 Kristin King

‍ ‍

The link is in the show notes.

‍ ‍

00:38:23 Kristin King

‍ ‍

Until next time, stay safe, stay curious, and I'll see you on the next one.

‍ ‍

00:38:28 Kristin King

‍ ‍

Bye for now.

‍ ‍

‍ ‍

Audio file

James Slaby_mixdown.mp3

Transcript

00:00:21 Kristin King

Welcome back to the Bites and Bites podcast.

00:00:23 Kristin King

I'm your host, Kristen King.

00:00:25 Kristin King

This is the show where we explore the systems, technology, and human realities behind food and agriculture.

00:00:31 Kristin King

and sometimes the risks that we don't see until they hit us hard.

00:00:34 Kristin King

Today, we're joined by James Slaby, Director of OT Solutions, Go-to-Market at Acronis.

00:00:41 Kristin King

James has spent more than two decades analyzing and working in cybersecurity networking and industrial technologies.

00:00:47 Kristin King

In this conversation, we're going to dig into the systems that quietly produce our food, legacy equipment, air gap networks, ancient operating systems still controlling real-world machinery.

00:00:58 Kristin King

And what happens when modern cyber threats collide with outdated infrastructure?

00:01:02 Kristin King

We also talk about deepfakes, social engineering, recovery planning, and how everyday people, not just IT teams, are becoming part of the threat landscape.

00:01:11 Kristin King

So let's get into it.

00:01:12 Kristin King

Enjoy.

00:01:15 Kristin King

Well, as always, before anybody introduces themselves, we're going to go into favorite food and favorite food memory.

00:01:20 Kristin King

James, they do not need to be the same thing.

00:01:22 Kristin King

Go for it.

00:01:23 James Slaby

Sure.

00:01:23 James Slaby

So I'm originally a native of Buffalo, New York, and like the rest of my extended family, many of whom are still in that area, I'm kind of obsessed with buffalo wings.

00:01:33 James Slaby

Of course.

00:01:34 James Slaby

But something I discovered, which really surprised me, is that there's a superior gloss on the fried chicken wing, and that is Korean-style fried chicken.

00:01:44 James Slaby

What they did

00:01:45 James Slaby

I've concluded that makes it even better than my beloved original buffalo wings is that they do a two-step fry.

00:01:52 James Slaby

They first fry the wings in low temperature oil to cook them all the way through, and then they do a second fry in a higher temperature oil to crisp the skin.

00:02:01 James Slaby

And then they'll hand paint on, there's many sauces, but the two most popular ones are gochujang, which is the Korean version of hot sauce.

00:02:08 James Slaby

It's slightly funky, slightly sweet flavor in addition to the capsaicin heat, and then-- Delicious.

00:02:15 James Slaby

Foley garlic.

00:02:16 James Slaby

And this is now my go-to.

00:02:18 James Slaby

If I show up for like a Super Bowl party or BBQ or something, I'll bring a big bucket of these.

00:02:22 James Slaby

And in particular, my friend's kids are absolutely crazy for the KOFC, I call it.

00:02:29 James Slaby

So that's it.

00:02:30 James Slaby

So I'm always down for traditional buffalo wings.

00:02:34 James Slaby

My local watering hole in downtown Boston is a hundred year old Irish pub.

00:02:39 James Slaby

Same family has run it the whole time.

00:02:40 James Slaby

They do beautiful chicken wings.

00:02:42 James Slaby

Shout out to JJ Foley's Cafe in Boston South End.

00:02:45 James Slaby

Koreans have figured out a modest improvement that I think is really worth checking out if you get the chance.

00:02:50 Kristin King

Yes, I definitely would agree.

00:02:52 Kristin King

There is a superior level of fried chicken in that area of the world.

00:02:57 Kristin King

The Japanese are also quite good at it.

00:02:59 James Slaby

Karaage is, I'm really digging karaage chicken these days too.

00:03:02 Kristin King

Yeah, it really is.

00:03:03 Kristin King

I feel like a little side of that with your ramen is just like the perfect meal, like super comforting at the whole thing.

00:03:09 Kristin King

I haven't had that in a minute.

00:03:10 Kristin King

I should probably get that.

00:03:11 Kristin King

Yeah, I totally understand this.

00:03:12 Kristin King

My stepsons are connoisseurs of fried

00:03:15 Kristin King

chicken and chicken sandwiches and anything to do with chicken that's breaded in general.

00:03:19 Kristin King

And they even have said something similar, like it's just the best chicken, like how it's fried the way it is.

00:03:24 Kristin King

It's kind of like a triple cooked chips or fries for us Americans in the UK.

00:03:29 Kristin King

There's just something about it.

00:03:30 James Slaby

Absolutely.

00:03:31 James Slaby

My own kind of home cooking efforts always run up against that.

00:03:34 James Slaby

It's either not cooked all the way through or it's overdone.

00:03:37 James Slaby

And I think that two-step process kind of solves all problems there.

00:03:40 Kristin King

Yes, for sure.

00:03:41 Kristin King

And so your favorite food memory then?

00:03:43 James Slaby

I fought long and hard.

00:03:45 James Slaby

about this.

00:03:46 James Slaby

I wasn't a super adventurous eater as a child.

00:03:49 James Slaby

I was kind of scared of most things, but I really trusted my dad and he was a kind of a 3 a.m.

00:03:57 James Slaby

snacker and I was a light sleeper.

00:03:59 James Slaby

So I would sometimes hear him stirring in the kitchen in the middle of the night and I would go down and, you know, this is a me four or five years old in my jammies.

00:04:07 James Slaby

And he'd be up making some kind of snack that was clearly evocative of the nostalgia of his youth.

00:04:14 James Slaby

And

00:04:15 James Slaby

My one sort of fondest memory of those late night meetings with my dad was he would make a sandwich of tinned sardines, raw onions, and yellow mustard on white bread.

00:04:26 James Slaby

Wow, that's intense.

00:04:28 James Slaby

So, you know, those were some beautiful moments along with my dad.

00:04:32 James Slaby

I'm from a big family.

00:04:33 James Slaby

There were eight of us all together.

00:04:34 James Slaby

And so the, you know, 10 minutes of time to himself without just sitting there quietly in the kitchen with nothing on, but the fluorescent light coming from the stove top are really cherished.

00:04:45 James Slaby

memories for me.

00:04:46 James Slaby

And I've since concluded that while I got braver about food as I got older, particularly as I started traveling internationally for work, that all my dad's favorites were very umami packed.

00:04:58 James Slaby

So things like sardines and pickled herring and calves liver.

00:05:03 James Slaby

Like I was the only one of my five brothers and sisters that liked the liver.

00:05:06 James Slaby

And I've since realized like, oh, I was like an umami hound.

00:05:10 James Slaby

And traveling abroad for work, particularly places like China where

00:05:15 James Slaby

A foreign guest would get the red carpet rolled out for them and served an elaborate banquet meal with all the delicious delicacies.

00:05:22 James Slaby

And, you know, the locals would say, look, you got to eat everything.

00:05:24 James Slaby

You don't want to insult our host's hospitality.

00:05:27 James Slaby

And the rule I learned was, don't tell me what it is.

00:05:30 James Slaby

And then you won't run up against any of my cultural prejudices against, I don't know, sea snake or a deer pizzle, stag pizzle soup.

00:05:39 James Slaby

Or if I didn't know what it was, then I'd go, oh, this is delicious.

00:05:41 James Slaby

And then I found out afterwards what it was.

00:05:43 James Slaby

I'd be like, oh, I would have had a really

00:05:45 James Slaby

hard time eating that if I'd known what it was beforehand.

00:05:48 James Slaby

So that travel really broke all my old inhibitions about trying new things that I had as a little kid.

00:05:55 James Slaby

But I often, you know, I will still occasionally make that sardine onion mustard sandwich and not think of my dad who's gone some years now.

00:06:03 Kristin King

It's amazing how food can transport you memory wise.

00:06:06 Kristin King

I just recently asked my grandfather and a cup of coffee makes me think of him.

00:06:10 Kristin King

So every morning I sit with grandpa and I have a cup of coffee essentially.

00:06:13 Kristin King

And I love that.

00:06:14 Kristin King

I sit

00:06:15 Kristin King

It used to be really sad and now I love it because it's something nobody can take away from me.

00:06:18 Kristin King

It's like a complete memory, just like the sardine mustard sandwich and onion.

00:06:21 Kristin King

Sorry, I forgot about the onion, the pungency of all that.

00:06:24 Kristin King

Yeah, it's really beautiful.

00:06:25 Kristin King

And you're so right about traveling abroad.

00:06:27 Kristin King

I think that's when my palate really opened up.

00:06:29 Kristin King

I think a lot of people probably say the same thing.

00:06:31 Kristin King

When I went to China for the first time, I actually decided to do myself a real good service and I went to a food St.

00:06:36 Kristin King

tour my first night in.

00:06:37 Kristin King

So I got used to the textures and the flavorings and understood where things were coming from.

00:06:42 Kristin King

Ended up being a really fun group.

00:06:44 Kristin King

I remember thinking if

00:06:45 Kristin King

If I didn't do this, I wouldn't have survived the trip at all.

00:06:48 Kristin King

Also, pro tip, if you don't want to eat anything you don't know, just tell people you're a vegetarian.

00:06:51 Kristin King

It actually covers almost everything anyways.

00:06:53 Kristin King

So yeah, that's what I ended up doing a couple times when I was like, I don't know about this.

00:06:58 Kristin King

Just like, you know, I'm a vegetarian.

00:06:59 Kristin King

And they're like, oh, no problem.

00:07:00 Kristin King

And actually, the vegetables are amazing anyway, so it was totally fine.

00:07:04 Kristin King

And also the rice and all the things.

00:07:06 Kristin King

And also, I'm really grateful that I learned how to use chopsticks before I went as well, because that level made-up quite a bit in the eyes of my hosts and was able to.

00:07:15 Kristin King

navigate through things successfully, except I had to ask questions like, how do you eat a fried egg with chopsticks?

00:07:20 Kristin King

That was kind of wild.

00:07:21 Kristin King

And I learned they taught me how to tear it with the chopsticks and things like that.

00:07:24 Kristin King

And they later served on when I was in Japan quite frequently.

00:07:27 Kristin King

I could just survive.

00:07:28 Kristin King

So yeah, there's like these little things that you kind of pick up as you go and fix your palate and learn how to eat the food properly.

00:07:34 Kristin King

Because there's such an etiquette in how you eat as well in these places that can be really offensive if you do it wrong too.

00:07:40 Kristin King

But yeah, China definitely opened up my horizons with food.

00:07:44 Kristin King

And to this day,

00:07:45 Kristin King

I don't think I've had food that even rivals it in some ways, because we don't really make it in the States the same, obviously.

00:07:51 Kristin King

Maybe a few places, but nothing really formal.

00:07:53 Kristin King

Yeah, I do miss a couple things for sure, but that's fantastic.

00:07:57 Kristin King

Thank you for sharing that memory, and that's really beautiful.

00:07:59 Kristin King

Thanks, James.

00:08:00 Kristin King

Why don't you go ahead and introduce yourself to everyone that's listening, because now they've already heard that we're foodies, so that's clear.

00:08:05 James Slaby

Yeah, so food nerds is my preferred term.

00:08:08 James Slaby

Use that to remind myself that, like any nerd of any stripe, we're useful to know when you have a problem.

00:08:15 James Slaby

problem to solve, like, okay, I've got vegetarian halal and meat and potatoes eaters.

00:08:20 James Slaby

What's one place that can serve all their needs?

00:08:22 James Slaby

It's like, oh, I've got several suggestions for you there.

00:08:25 James Slaby

But also like nerds, we can be painful to get cornered at a cocktail party and droning on and on about our latest cooking excursions or restaurant experiences.

00:08:36 James Slaby

So I'm James Flavey.

00:08:37 James Slaby

I'm the Director of Cyber Protection at Acronis.

00:08:40 James Slaby

My core responsibilities these days are around our operational

00:08:45 James Slaby

technology solution.

00:08:46 James Slaby

So Acronis is in the business of endpoint security, backup disaster recovery, and remote endpoint management.

00:08:55 James Slaby

And that gets used by our customers around the world in a bunch of different ways.

00:09:01 James Slaby

So one example is managed service providers.

00:09:03 James Slaby

We're basically IT outsourcers for small businesses, use our platform to serve as the IT and cybersecurity department for small businesses.

00:09:11 James Slaby

A large chunk of our business goes out that way.

00:09:14 James Slaby

And then there's our OT business, which is quietly kind of our big success story in the enterprise.

00:09:20 James Slaby

And what we do is provide cyber resilience for PC-based platforms,

00:09:25 James Slaby

In OT environments, so data systems, HMIs, data historians, any Windows or Linux-based system that's used to control lower-level technology like sensors, actuators, programmable logic controllers, IoT devices, on and on and on like that.

00:09:46 James Slaby

Our other kind of great strength there is our partnerships.

00:09:49 James Slaby

Most of the major automation vendors in the world use Acronis as their OT resilience solution for, so they are either reference selling us, white labeling us, or co-branding our solution to their customers saying, Look, if you want to keep our automation equipment, minimize downtime, you want to tick this box on your order, and then they get Acronis.

00:10:10 James Slaby

Having their kind of endorsement, having tested and field tested our technology

00:10:16 James Slaby

in referring to it is probably our biggest strength.

00:10:19 James Slaby

You know, there's a challenge being a company that's whose much of their business is in IT going into operational technology environments.

00:10:26 James Slaby

Like what do you know about agriculture?

00:10:28 James Slaby

What do you know about mining?

00:10:30 James Slaby

What do you know about robotic logistics warehouses?

00:10:35 James Slaby

You're in IT in those kind of office environments or home office environments.

00:10:40 James Slaby

And that's a legitimate criticism of a lot of vendors in our space, but we've been

00:10:46 James Slaby

been around for over 20 years and working in industrial environments for that long.

00:10:51 James Slaby

But the best endorsement of that is the kind of people who use us and that reference us.

00:10:58 James Slaby

You know, think of like Emerson and Rockwell and Yokogawa and ABB.

00:11:04 James Slaby

These are all among the kind of giants of industrial automation worldwide.

00:11:08 James Slaby

And having their endorsement, their armor on this really gives us a lot of credibility up in that space.

00:11:14 Kristin King

That's great.

00:11:15 Kristin King

Thank you for this reference.

00:11:16 Kristin King

How did you get into this company?

00:11:18 Kristin King

Where'd you come from before?

00:11:19 Kristin King

Give me a little bit of your background so we can lead the listeners to why we're talking.

00:11:23 James Slaby

So my career has kind of two halves.

00:11:25 James Slaby

I started as a systems engineer in the networking business in the early days of the build-out of internet infrastructure worldwide.

00:11:33 James Slaby

So I worked for one of the two big router companies, and I went from systems engineer to...

00:11:39 James Slaby

product manager to product marketing person, and from product marketing into solutions and vertical marketing.

00:11:45 James Slaby

And doing that for a number of networking vendors and later cybersecurity vendors, that's probably half my career.

00:11:51 James Slaby

The other half I've spent as an industry analyst at companies like Forrester Research, the Bygone, Yankee Group, and some smaller boutique kind of research companies, initially covering networking and the later cybersecurity.

00:12:07 James Slaby

That's what I was doing before

00:12:09 James Slaby

When I joined Acronis, I was at a boutique house called HFS Research and writing about cloud security.

00:12:16 James Slaby

This was a little over 10 years ago.

00:12:18 James Slaby

And the challenge there was convincing enterprise buyers that the cloud was a safe place to play, that there was still resistance at that time to moving your sensitive data into the cloud.

00:12:28 James Slaby

And my research basically showed that like, well, they're actually better at cybersecurity than you are.

00:12:33 James Slaby

So you're probably okay to start taking advantages of the scale and cost economies of SaaS.

00:12:39 James Slaby

and cloud computing.

00:12:41 James Slaby

Acronis hired me originally to help them with some demand Gen.

00:12:46 James Slaby

problems, but then they took their first splash in the cybersecurity pool, and I was one of a handful of people in the company who had a cybersecurity background, so they moved me into a product marketing role.

00:12:58 James Slaby

That evolved into a solutions marketing role.

00:13:00 James Slaby

After some years of being far too quiet about our OT story, they decided that we should really tell the world more about that, and that's the kind of role that I

00:13:09 James Slaby

and now is kind of educating our customers, our prospects about what we're doing in OT.

00:13:15 James Slaby

Historically, we're famous for backup and security, but on the IT side of the house.

00:13:20 Kristin King

And it's interesting that you spent time talking about moving to the cloud for enterprise, and now the conversation of moving to the cloud for OT is happening, and everybody is anti it for the moment, and that's okay.

00:13:33 Kristin King

I understand the on-prem bit and how important that is.

00:13:37 Kristin King

So in a way, you've kind of recycled your

00:13:39 Kristin King

career a bit, because here we go, we're into this whole new section of cloud-based OT and ICS.

00:13:46 Kristin King

And I don't mean everybody needs to switch there, and that's a big debate for another show, but it is definitely something that's on the horizon, and especially when it comes to different critical infrastructure that's mobile and moving, logistics, transportation, agriculture, Bing, seafood, fleets, you name it.

00:14:03 Kristin King

Those are going to require cloud for quite a bit of things, especially when you

00:14:09 Kristin King

take into account the ability to have more real-time data and make better decisions.

00:14:15 Kristin King

That's going to be an interesting moment.

00:14:17 Kristin King

And at the moment I'm proceeding and I'm cautiously optimistic about it, but also I completely understand the on-prem moment because it's much easier to go unplug something if something goes wrong than it is to shut down the cloud.

00:14:28 Kristin King

I mean, we really can't shut down the cloud.

00:14:31 Kristin King

Yeah, adopting is going to be really interesting in these different sectors, I think, coming up James.

00:14:34 Kristin King

That's a really, you just made me go very curious in my mind.

00:14:37 Kristin King

I was like, yeah, that's really interesting because I just had this conversation

00:14:39 Kristin King

a couple of days ago with the utility company and how they're really anti-cloud because they can't control it.

00:14:45 Kristin King

They feel as much as they can with on-prem.

00:14:47 Kristin King

The physical, cyber-physical aspects are very much a real thing, even for the practitioners who manage and run.

00:14:54 Kristin King

It's not just what you do in the digital world has an impact on the physical world.

00:14:57 Kristin King

We need to be able to impact the physical world if we have something that we feel is going to cause a problem as well.

00:15:02 Kristin King

So thank you for making me go down that rabbit hole in my mind while you were talking, because that's exactly what I was like.

00:15:07 James Slaby

I think it's a really trenchant point rate.

00:15:09 James Slaby

now in that we really have to meet our customers wherever they are on that adoption curve.

00:15:16 Kristin King

Okay, quick pause because James just mentioned a couple things that people in operational technology or OT say casually, but everyone else hears it like someone suddenly switched the podcast into Klingon.

00:15:28 Kristin King

Let me translate.

00:15:30 Kristin King

First up, the Purdue model.

00:15:32 Kristin King

Think of

00:15:32 Kristin King

like a very structured, layered cake.

00:15:35 Kristin King

At the top, you've got your business systems, so your e-mail, billing, accounting, all the non-glamorous things that make up a company.

00:15:41 Kristin King

At the bottom layer are the systems that directly interact with the physical world.

00:15:46 Kristin King

The machines, the sensors, and controls that actually move product, keep temperature stable, grind feed, pump water, and run a packaging line.

00:15:54 Kristin King

And the pull point is everything has its place, and those layers aren't supposed to mix freely.

00:15:59 Kristin King

You don't want someone in the office accidentally interacting with the same

00:16:02 Kristin King

network that controls your refrigeration system.

00:16:04 Kristin King

Just like you don't mix raw chicken juice with cake frosting.

00:16:08 Kristin King

Same energy.

00:16:09 Kristin King

Next term, air-gapped.

00:16:11 Kristin King

This one is literal.

00:16:12 Kristin King

The system is physically isolated from the internet.

00:16:15 Kristin King

No Wi-Fi, no cloud, no remote connection, nothing.

00:16:19 Kristin King

It's like a walk-in cooler with no outside door.

00:16:21 Kristin King

If you want access, you have to already be inside the building.

00:16:25 Kristin King

Great for reducing cyber risk, terrible when you need urgent help, and your IT person is 3 states away.

00:16:30 Kristin King

And then we get into the big one.

00:16:32 Kristin King

Why OT systems don't patch like your phone or your laptop?

00:16:36 Kristin King

In OT, patching can break things, not metaphorically, but physically.

00:16:40 Kristin King

A control system might be running on a 15 to 20 year old operating system because...

00:16:46 Kristin King

It controls a mixer or an evaporator or a bottle line, and the vendor-qualified software hasn't been updated in a decade.

00:16:54 Kristin King

Updating it might introduce a glitch, remove support for a driver, or change timing, and in OT, timing matters.

00:17:01 Kristin King

It's not negligence, it's just reality.

00:17:04 Kristin King

If you patch something that's been quietly running a pasteurizer since 2005, you might not just break the software, you might break the pasteurizer, and the cheese, and the day everyone's working there.

00:17:15 Kristin King

So when James talks about

00:17:16 Kristin King

stability, long life cycles, and not poking things until you're absolutely needing to.

00:17:22 Kristin King

That's why.

00:17:22 Kristin King

OT lives firmly in the category of, please don't touch that unless something is actually on fire.

00:17:28 Kristin King

Because in food and agriculture, touching the wrong system at the wrong time can cause downtime, spoilage, food safety issues, employee safety issues, and a very awkward call explaining why your cold storage suddenly isn't cold.

00:17:41 Kristin King

All right, back to James.

00:17:45 James Slaby

For instance, one thing that we do that is allow for a completely premise-based solution.

00:17:50 James Slaby

So if you're doing Purdue model segmentation or air gapping, that's not a problem for us.

00:17:56 James Slaby

You find that many tech solutions now require management from a cloud-based console.

00:18:02 James Slaby

And that's not going to fly in an air-gapped environment.

00:18:04 James Slaby

It's going to be very difficult if you're Purdue-based.

00:18:07 James Slaby

But we also have customers who have started opening up those environments.

00:18:11 James Slaby

So for instance, we're able to feed into a kind of

00:18:14 James Slaby

a corporate central console with information about OT environments at factories, say, that are scattered around the world.

00:18:22 James Slaby

And it kind of, it's a one-way feed for a lot of these folks.

00:18:26 James Slaby

They don't want to break Purdue in doing it, but we can help them do that.

00:18:30 James Slaby

And because we integrate data protection backup with cybersecurity, we can pull them along into better endpoint protection as they open things up more and open up attack surfaces to things like ransomware.

00:18:44 James Slaby

that they didn't have to really worry about when they had the kind of the castle with the moat kind of approach to security.

00:18:51 Kristin King

Yes, I completely get that.

00:18:53 Kristin King

I feel like sometimes that's the good old days and we all wish for that again.

00:18:56 Kristin King

But here we are in a new digital world where anybody can pretty much touch you at any time, which is terrifying in itself.

00:19:02 Kristin King

And I can't take those rose tinted glasses off.

00:19:05 Kristin King

We all see it for what it is now.

00:19:06 Kristin King

So, and this is just a swing back just a tad.

00:19:08 Kristin King

I have so many thoughts here.

00:19:10 Kristin King

How do you like being in the OTICS space?

00:19:12 Kristin King

Because you came originally, you didn't come originally from there.

00:19:14 Kristin King

I think a lot of us who are in OTICS, generally speaking, came out of IT back in the day.

00:19:19 Kristin King

But how do you like being on the OTICS side a little bit more than you?

00:19:22 Kristin King

you were before.

00:19:23 Kristin King

Do you feel welcomed?

00:19:24 Kristin King

Are you enjoying it?

00:19:25 Kristin King

I have lots of opinions, obviously, but I would love to hear yours.

00:19:28 James Slaby

Well, it's completely fascinating to me because, you know, who wants to kind of shunt along in the same lane in technology forever?

00:19:36 James Slaby

It's kind of one of the great things about being in tech is that there's some kind of transformative wave that comes along every few years and you've got to kind of constantly be learning, right?

00:19:48 James Slaby

You know, we're all sharks, right?

00:19:50 James Slaby

If we slow down, we

00:19:52 James Slaby

will die.

00:19:53 James Slaby

But I particularly love digging into the industrial side of things.

00:19:57 James Slaby

I think about kind of my roots.

00:19:59 James Slaby

I have a family who are farmers.

00:20:02 James Slaby

So this is cousins and second cousins and uncles and great uncles in Broome County and Shenango County, New York.

00:20:10 James Slaby

This is kind of upstate New York near the Pennsylvania line.

00:20:15 James Slaby

And, you know, getting together with that family in those days meant paying horseback riding one uncle

00:20:22 James Slaby

was cattle breeder.

00:20:24 James Slaby

So when you went to get the adults a beer, you had to make sure to go to the right refrigerator in the kitchen because the other one was full with stuff that wasn't for human use.

00:20:37 James Slaby

Yeah, I got you.

00:20:38 James Slaby

You know, I've kind of grown away from that.

00:20:41 James Slaby

You know, my folks moved to New England and I became, you know, the city kid with the job in networking and cybersecurity, which, you know, was a little better understood nowadays, but

00:20:52 James Slaby

in my career, it was sort of impossible to explain to people who weren't in tech what the heck it was that we did.

00:20:58 James Slaby

And so, but again, you have, there's also some reuse of challenges.

00:21:03 James Slaby

You alluded to this transition from a kind of premise-based computing to the cloud, and there is a similar kind of transition going on here and similar difficulties.

00:21:14 James Slaby

Absolutely understand the resistance.

00:21:16 James Slaby

Like you spent your whole career making sure that nothing messes with this great automation set of

00:21:22 James Slaby

that you have where downtime is extremely expensive, tinkering is really discouraged, right?

00:21:28 James Slaby

Let alone opening up the environment to potential new threats.

00:21:32 James Slaby

So these are concerns that I understand and have heard before.

00:21:37 James Slaby

And frankly, we're in a period where we haven't figured out all the issues yet.

00:21:42 James Slaby

And we're starting to see really ominous shifts in the threat environment where critical infrastructure, which ag is now considered a part of by

00:21:52 James Slaby

cybersecurity standards bodies and national governments is really increasingly becoming targeted.

00:21:58 James Slaby

I don't know how much you talk about attacks on the show, but I just look at there's been a bunch of them over the in recent years and they seem to be growing.

00:22:06 James Slaby

Probably the JBS attack, I think is the one that probably most people who aren't in tech are probably aware of.

00:22:13 James Slaby

But you know, I don't want to I can reiterate a bunch of them.

00:22:16 James Slaby

I imagine this is something that your audience is well familiar with.

00:22:19 Kristin King

We do talk about it quite frequently.

00:22:20 Kristin King

And I think that they're great

00:22:22 Kristin King

great examples, but I always say they're the known ones.

00:22:25 Kristin King

It's the unknown that scare me half to death because those big corporations had to, because they're publicly traded, because the SEC regulations, so of course we're going to find out about them.

00:22:34 Kristin King

But we don't know always what the issues are.

00:22:38 Kristin King

Like the Amazon distribution one, that one that supplied for Whole Foods, we don't know what happened, but it reads like ransomware.

00:22:44 Kristin King

We can speculate based on knowledge of the industry, but they have not disclosed what it was.

00:22:49 Kristin King

And I feel like there should be some type of disclosure within these

00:22:52 Kristin King

particular rules that tells you what it is.

00:22:55 Kristin King

How are you going to prepare an industry for something if we don't know what it is?

00:22:58 Kristin King

Just an attack doesn't, I mean, that's like saying Godzilla attacked and you're just going to, that's it.

00:23:03 Kristin King

You don't know how he attacked, where he came from.

00:23:05 Kristin King

Was it another creature involved?

00:23:07 Kristin King

We don't know.

00:23:08 Kristin King

We just know that it happened.

00:23:09 Kristin King

So I think we're doing a bit of a disservice to the food and ag industry by not having more disclosure.

00:23:14 Kristin King

And then you, on top of it, if there's a small, medium-sized farms or different CPGs or small businesses and things like that, we don't know.

00:23:22 Kristin King

if they got hit.

00:23:23 Kristin King

It's kind of word of mouth, it's community.

00:23:24 Kristin King

And as you know, James, there's a lot of shame that comes with being in an attack, so people don't want to talk about it.

00:23:30 Kristin King

And then if you are in food and ag, it's an OT issue as well as an IT issue, generally speaking, because everything intersects with the physical world.

00:23:37 Kristin King

The incidents that are happening are becoming more frequent, yes.

00:23:40 Kristin King

I think that it's an iceberg issue.

00:23:42 Kristin King

I think that we see just the small tip of what's actually going on.

00:23:46 Kristin King

Also, we have nation states that are involved.

00:23:49 Kristin King

The dairy industry's been getting punched in the face, literally, lately.

00:23:52 Kristin King

And now we've have loss of life.

00:23:54 Kristin King

Cows are passing because they don't have access to real-time data when they're distressed.

00:23:58 Kristin King

So there's a lot of things going on here.

00:24:00 Kristin King

And also we have the ag tech community that's innovative and excited and pushing forward and all this great investment.

00:24:08 Kristin King

And they're not doing it securely.

00:24:10 Kristin King

It's not secure by design.

00:24:11 Kristin King

So we've got these other things that are being added where different considerations for security have to be put into place.

00:24:17 Kristin King

But again, this falls back onto places that don't have teams, don't have OT, don't have a SIEM, don't have a

00:24:22 Kristin King

a sock, don't have a knock, don't have any of this stuff.

00:24:24 Kristin King

And it's just, you know, Mr.

00:24:26 Kristin King

and Mrs.

00:24:26 Kristin King

Farmers that are standing there going, I need to put this wearable on my cow so I know when it's going to drop a calf.

00:24:33 Kristin King

And I mean, is it secure?

00:24:35 Kristin King

I don't know.

00:24:35 Kristin King

It connects to my phone.

00:24:36 Kristin King

Is my phone secure?

00:24:37 Kristin King

I assume.

00:24:38 Kristin King

And there's all these questions around that.

00:24:40 Kristin King

And I don't want people in food and agriculture, this is my biggest fear, to just put their heads in the sand like an ostrich.

00:24:45 Kristin King

I want people to be informed on risk and blended into their safety practices as much as possible.

00:24:50 Kristin King

Have their stop-drop-roll type moments.

00:24:52 Kristin King

because these are the people that feed us.

00:24:54 Kristin King

This is what creates our memories of our childhood and various other aspects of our lives.

00:24:59 Kristin King

The idea of that being attacked is so disturbing to me and viscerally disturbing.

00:25:05 Kristin King

Like I am horrified by it every day.

00:25:08 Kristin King

And these people that have to be resilient in a different capacity than already they're doing, because being a farmer is very complicated and hard nowadays.

00:25:16 Kristin King

And it's not an easy path.

00:25:18 Kristin King

And we need more first-gen farmers.

00:25:19 Kristin King

And it's really hard to get in.

00:25:20 Kristin King

And there's all these different parts of the ag business that are just a lot.

00:25:24 Kristin King

It's A lot.

00:25:24 Kristin King

And then you want to add a cybersecurity level onto it.

00:25:27 Kristin King

I know I understand in a lot of ways why mental health is such a huge issue in that particular industry and why I continually talk about this and why I advocate and why I have this show and why I work with the industry the way I do.

00:25:39 Kristin King

because we need more people to come along and make it normal.

00:25:41 Kristin King

Like it's normal to talk about an attack.

00:25:43 Kristin King

It's normal to talk about what we got to do to fix it.

00:25:45 Kristin King

Or it's normal to have a resilience conversation so, you know, you can bypass you and you could survive whatever happens.

00:25:50 Kristin King

And that's...

00:25:52 Kristin King

That's the real trick of it.

00:25:54 Kristin King

And again, like I said, going back to your original statement, we're just seeing the tip of the iceberg.

00:25:58 Kristin King

There's so much more going on and it's scary.

00:26:01 Kristin King

There's so many like little nuances to this and it's, and I'm glad that people are waking up that agriculture is part of critical infrastructure, even though the US didn't add it to the list until 2020.

00:26:13 Kristin King

Like I still don't know why they didn't add it sooner.

00:26:15 Kristin King

Everybody else had it on there.

00:26:16 Kristin King

But I think that the more people who get educated in what agriculture is and what the business is,

00:26:22 Kristin King

It's not as simple as people think it is.

00:26:24 Kristin King

It looks simple for the most part.

00:26:26 Kristin King

People make it look easy, but it's not.

00:26:28 Kristin King

And also, it's such a big industry.

00:26:30 Kristin King

It's an industry-wide big thing.

00:26:31 Kristin King

It's not just the small farms.

00:26:33 Kristin King

It's also the grain silos and it's the distribution networks and it's the transportation that goes around it.

00:26:39 Kristin King

It's the cold storage.

00:26:41 Kristin King

The cold storage is like a whole thing.

00:26:43 Kristin King

Like that's getting attacked too.

00:26:44 Kristin King

And it's wild to me that as OT, we are very much system thinkers.

00:26:49 Kristin King

You know, when something happens over here, it happens over here.

00:26:52 Kristin King

And yet we're the weirdos because nobody actually thinks like that.

00:26:55 Kristin King

Apparently that's not common as people remind me all the time, because I'm like, well, why didn't people realize that if they'd have this, it's cause and effect?

00:27:01 Kristin King

Why wouldn't they?

00:27:02 Kristin King

They're like, oh, well, you're a nerd, basically back at me.

00:27:05 Kristin King

And I'm like, I didn't realize that's what it was.

00:27:07 Kristin King

And I'm sure, and you already strike me as a systems thinker, James.

00:27:10 Kristin King

So I think that you completely get what I'm saying.

00:27:12 Kristin King

And maybe that's why you've taken to OT quite well, like a fish and water.

00:27:18 Kristin King

It's definitely something that you're enjoying.

00:27:20 Kristin King

I can tell you're enjoying because the way you talk about it.

00:27:22 Kristin King

So that's great.

00:27:24 Kristin King

I'm glad that you can pull from your roots.

00:27:26 Kristin King

You understand what farming looks like.

00:27:28 Kristin King

How else are we going to have great food stories and culture and tradition if we don't have people doing that and keep doing it securely?

00:27:36 Kristin King

And I don't think that every farmer needs to go out and take a cybersecurity course necessarily.

00:27:40 Kristin King

I don't know if we're quite there yet.

00:27:41 Kristin King

We might be at that tipping point, but I don't know.

00:27:44 Kristin King

It's going to be hard because we're going to have to adapt tech that we have for them in that regard.

00:27:49 Kristin King

I mean, yeah, sure.

00:27:50 Kristin King

Food manufacturing, absolutely.

00:27:51 Kristin King

You can have all the bells and whistles and all the things.

00:27:53 Kristin King

The CPG is the same thing.

00:27:54 Kristin King

To have it on a farm level is going to be complicated and really take some real ingenuity to create something that can give a better monitoring experience.

00:28:03 Kristin King

I don't think we're quite there yet.

00:28:05 Kristin King

I think we're getting there.

00:28:06 Kristin King

I just wish that AgTech would start creating things more securely.

00:28:08 Kristin King

That would be my one wish.

00:28:10 Kristin King

If people asked me what my wish was for the world, AgTech creates things securely so farmers don't have to worry.

00:28:19 Kristin King

And thank you for listening.

00:28:20 Kristin King

If you're enjoying the show, please take a moment to like, comment, follow, and share it with someone who'd appreciate it.

00:28:26 Kristin King

Every bit of support helps more people find these conversations, and I'm so grateful for all the messages.

00:28:32 Kristin King

all the feedback and all the stories you've been sending.

00:28:35 Kristin King

Thank you for reaching out and letting me know how much the show has resonated with you.

00:28:38 Kristin King

And because we're heading into the holiday season, I want to encourage you to help where you can.

00:28:43 Kristin King

Donate to a local food pantry.

00:28:45 Kristin King

You could find one at findhelp.org.

00:28:48 Kristin King

Call a local farm and ask if you can sponsor a farm share for a family in need.

00:28:51 Kristin King

It's easy to find a place to start by going to localharvest.org.

00:28:55 Kristin King

Reach out to a local school and see if you could support them for breakfast or lunch, or just be a grocery buddy for someone nearby who could use the help.

00:29:03 Kristin King

Food insecurity isn't just an American issue, it's worldwide.

00:29:06 Kristin King

And while I'm not sponsored by any of these organizations, I believe if we have tools or resources, we can use them to make sure people have access to food.

00:29:15 Kristin King

Thank you for caring, and back to the episode.

00:29:20 James Slaby

It's funny, when you talk about the psychological aspect of it, that really plays to something important that I've seen going on in recent years.

00:29:29 James Slaby

Again, Acronis started as a backup company and then we got into the cybersecurity business and coined this term cyber protection, which was the idea that defense and recovery should be integrated.

00:29:39 James Slaby

I've kind of seen the world come around to that.

00:29:42 James Slaby

If you look at recent additions of cybersecurity regulations or recent

00:29:48 James Slaby

revs of cybersecurity standards, or you look at the requirements that you're getting from your insurance company, if you want a cyber insurance policy to help mitigate the cost of recovering from a ransomware attack, for instance, they have all placed this new emphasis on recovery.

00:30:06 James Slaby

So if you look at NIST CSF 2.0, the NIS2 regulations in the EU, or you've talked to your insurer recently, a few years ago, they were all about make sure you're using multifactor

00:30:18 James Slaby

authentication and that you're encrypting your data and that you have antivirus protection.

00:30:23 James Slaby

Now there are new planks in those standards and those regulations in those insurance requirements that say, make sure you're following industry best practices for backup.

00:30:33 James Slaby

Have an incident response plan in place.

00:30:35 James Slaby

Think about disaster recovery.

00:30:38 James Slaby

And this kind of recovery capability in OT takes on new dimensions.

00:30:44 James Slaby

The downtime costs tend to be much, much greater, right?

00:30:48 James Slaby

So the idea of being able to recover very quickly is important.

00:30:52 James Slaby

Another issue that you have is you don't have trained IT people around in many of these environments.

00:30:58 James Slaby

You're out on an oil rig, or you're in a mine at the edge of the jungle, or a remote distribution facility, or you're in a farm in the heartland.

00:31:09 James Slaby

You don't have IT people who are, you know, at your beck and call.

00:31:13 James Slaby

And if you are air gapped for security reasons, people that might

00:31:18 James Slaby

be able to help you with the remote tools, say try to come up RDP into your desktop, they can't do that, right?

00:31:24 James Slaby

Another issue that you've got is the equipment life cycles involved in OT.

00:31:29 James Slaby

This technology is designed to last 10, 20, even 30 years, whereas IT people are used to cycling through stuff every three to five years, doing constant updates.

00:31:39 James Slaby

In many OT environments, we see Windows XP PCs being used to control the environment or really ancient builds of Linux.

00:31:48 James Slaby

You don't want to update those or patch them if you can help it, because you might lose some functionality or break your ability to monitor or control or configure the lower level operational technology.

00:32:01 James Slaby

So stability is super, super important in these environments.

00:32:05 James Slaby

So one of the ways that we address this is that we never walked away from those old operating systems.

00:32:12 James Slaby

Another big issue is how do you recover if IT is hours or days away?

00:32:18 James Slaby

We've made it simple enough that you can basically do a recovery from a local backup and the ability to restore from a known working image uncorrupted by ransomware or without the update that you just did that broke something.

00:32:33 James Slaby

And to do that in a matter of minutes, that's super, super valuable, right?

00:32:37 James Slaby

When the clock is ticking on that.

00:32:41 James Slaby

Kind of grappling with those realities of operational technology environments has really to deal with these kind of

00:32:48 James Slaby

requirements where it's like, what's your story for backup?

00:32:51 James Slaby

How quickly can you recover?

00:32:53 James Slaby

What is your plan in the event of a cyber attack or a hardware failure or somebody plugging something into the machine like a USB stick that they shouldn't?

00:33:03 James Slaby

And this gets more important as these environments open up and as just in general, the threat environment has gotten more dire.

00:33:10 James Slaby

I know you're well familiar with the kind of the ongoing industrialization of cybercrime and how that's meant that it's cheaper,

00:33:18 James Slaby

to mount more and more frequent attacks.

00:33:21 James Slaby

The sophistication is getting higher.

00:33:23 James Slaby

Now we've got Gen.

00:33:25 James Slaby

AI tools being used by the bad guys so that phishing attacks are getting more effective, right?

00:33:31 James Slaby

The phishing emails are perfect and the calls to action are more compelling and they can mount them at greater scale.

00:33:38 James Slaby

So all these things, these pressures are starting to come to bear on OT environments.

00:33:44 James Slaby

So you need to start thinking about improving your cyber defenses

00:33:48 James Slaby

But your last line of defense always is the ability to quickly recover, right?

00:33:53 James Slaby

So you want to do as much as you can to reduce the risk of cyber threats with defensive measures.

00:34:00 James Slaby

But our adversaries are generally a step ahead of us and, again, can enlist armies of not very bright people to do most of the dirty work for them in ways that we can't possibly keep up with the frequency and the growing sophistication of the attacks.

00:34:15 James Slaby

So you really need that break

00:34:18 James Slaby

in case of emergency recovery mechanism.

00:34:21 Kristin King

Yeah, I think it's super important to note the backup aspect, like in JBS's example, if they were able to come back up faster and they couldn't because that was broken as well.

00:34:30 Kristin King

So there was a lot of aspects about it.

00:34:32 Kristin King

I think the thing about food and agriculture that I've noticed more and more is the social engineering component.

00:34:37 Kristin King

You already mentioned fishing as a great example.

00:34:40 Kristin King

Doxing is super popular now too.

00:34:42 Kristin King

Deep fakes are heavy in the industry as well.

00:34:45 Kristin King

And AI is driving that.

00:34:46 Kristin King

It's learned behavior.

00:34:48 Kristin King

For everything that is good, it's also equally evil.

00:34:50 Kristin King

It's really just there.

00:34:52 Kristin King

And I think the social engineering aspects around OT are going to hit a breaking point at some point, I think.

00:34:58 Kristin King

We are definitely at a place now where educating people on how to behave and how to be defensive as well as responsive is becoming, I think, more of the norm.

00:35:08 Kristin King

We're not quite there yet, but I think people are getting it.

00:35:10 Kristin King

And that makes me really happy because when we go to things like backups and being more proactive, it's going to be a lot more easy to adopt.

00:35:18 Kristin King

stopped moving forward.

00:35:19 Kristin King

And yeah, there's some really nasty people out there doing really horrible things, obviously.

00:35:22 Kristin King

And it's so scary that you could just dial it up as a service now.

00:35:27 Kristin King

Just hacking as a service, ransomware as a service, whatever you want to call it, is terrifying.

00:35:31 Kristin King

And you're right, they're ahead of us in a lot of ways, because we're still playing catch up.

00:35:35 Kristin King

You know, we don't know what's in our systems.

00:35:38 Kristin King

We don't have asset control.

00:35:39 Kristin King

We don't understand who's accessing when.

00:35:41 Kristin King

There's all these different aspects.

00:35:42 Kristin King

Or you don't have any people.

00:35:44 Kristin King

You mentioned that earlier.

00:35:44 Kristin King

There's no people to do the work.

00:35:46 Kristin King

So it's left up to people

00:35:48 Kristin King

who aren't technical to deal with it.

00:35:49 Kristin King

And they're just trying to get by.

00:35:51 Kristin King

And that's really the heart of the matter, especially in food and ag.

00:35:54 James Slaby

I recently had the family password conversation with my extended family.

00:35:58 James Slaby

We were all together for a kind of a reunion.

00:36:01 James Slaby

And the concern I had was around deep fake technology, particularly around voice, which is extremely easy to do.

00:36:08 James Slaby

And the scenario I painted was, grandma gets a phone call from someone who sounds exactly like one of her grandchildren, who's saying, oh, I was in a car accident.

00:36:18 James Slaby

and they put me in jail and I need money to bail me out.

00:36:22 James Slaby

I don't want to spend the weekend in jail, grandma.

00:36:24 James Slaby

Can you help me out?

00:36:26 James Slaby

And of course, that's not my nephew.

00:36:29 James Slaby

That is a deepfake of his voice, which you only need about a 30-second audio sample to do a convincing deepfake.

00:36:36 James Slaby

So not everyone in my family knows a passphrase that they can challenge a caller in a dire situation like this and say, What's the family passphrase?

00:36:44 James Slaby

And if they don't know it, then they know it's a fake.

00:36:46 James Slaby

So I'm

00:36:48 James Slaby

and spreading that stratagem around or around my extended family and friends is too.

00:36:54 Kristin King

It's an excellent strategy.

00:36:56 Kristin King

It's an excellent strategy and it should be updated annually as well.

00:36:59 Kristin King

You don't want to, you should have a different one every time.

00:37:01 Kristin King

Basic human behavior one-on-one based, and it's such an easy thing to do and such a simple thing.

00:37:07 Kristin King

And that doesn't necessarily imply just for those phone calls and those scams.

00:37:11 Kristin King

It could be if you're out and about and you have an emergency, you could just say the password and people will know that you're in trouble.

00:37:16 Kristin King

Those kind of things.

00:37:16 Kristin King

It also goes into those places.

00:37:18 Kristin King

places.

00:37:18 Kristin King

Sadly, I think we live in a world where we're going to all need those for various reasons at some point, and it's a good thing.

00:37:23 Kristin King

So that's an excellent thing to do with your family.

00:37:26 Kristin King

James, this has been a great conversation, and I have really enjoyed your wisdom because you're speaking truth to a lot of things that are happening, and you have a really good vision of what's going on and what needs to be done.

00:37:36 Kristin King

So thank you so much for that.

00:37:37 Kristin King

As we're leaving, any final words?

00:37:39 James Slaby

Sure, Kristen.

00:37:40 James Slaby

I just want to say, likewise, what a great pleasure it's been to be part of your podcast.

00:37:45 Kristin King

Thanks so much, James.

00:37:46 James Slaby

Thanks again, Kristen.

00:37:55 Kristin King

And that's a wrap up today's episode.

00:37:57 Kristin King

A big thanks to James for joining me and sharing his perspectives on the realities of inside the systems and critical infrastructure.

00:38:02 Kristin King

And to you, thank you for listening, for sharing, and for being a part of the community.

00:38:07 Kristin King

If you enjoyed today's episode, remember to like, comment, follow, and share.

00:38:10 Kristin King

It really helps others find the show and keep these conversations growing.

00:38:14 Kristin King

You can also check out my Substack and the Bytes and Bytes podcast website for

00:38:18 Kristin King

additional content, behind the scenes updates, and reflections on the various episodes.

00:38:22 Kristin King

The link is in the show notes.

00:38:23 Kristin King

Until next time, stay safe, stay curious, and I'll see you on the next one.

00:38:28 Kristin King

Bye for now.

‍ ‍

‍ ‍