Event Recording

Cyber-Securing the Digital Industry


Log in and watch the full video!

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
And I was asked to look at cybersecurity in the digital industry. Okay. So we're going to be addressing that now for a few minutes.
And I translated that into thinking through where within the supply chain, which at each point has a digital interface where we need to be aware of what's happening and, and take precautions. Okay. So that's where, what we're going to be looking at here. I, I'm gonna start with a little story. It's about Rob. Rob is a receiving doc supervisor for advanced building supplies. Guess I should go to my slide shouldn't I? Okay. I should just tell you what we're gonna talk about first. Okay. We're gonna go through a short story. Then we're gonna look at some environments and the things that we need to do there, and then we need to look at the supply chain issues. Okay. So Rob was the receiving dock supervisor for advanced building supplies. Okay. He got to work one morning, opened the receiving dock gate at eight 15, not supposed to start till late 30, but he was conscientious.
There was already a truck there. This truck had on it, a load of sheet, a sheet metal for the building, for his building supply company. And Rob was didn't know this truck. And then the company hadn't supplied before. So, but he got the, the, the docket from the driver went over to his computer in the receiving dock typed in the PO and up comes the order. So he received took him half an hour to get all of the stuff off and all around the receiving dock space, no sooner had that truck gone. Then another one turns up it's full of PLA board timber and another building supplies. Again, he takes the dock, it goes over to his computer and logs in and sure enough, there it is. But the time the, he got to morning tea, there'd been four deliveries. So he went into his supervisor and said, what's happening here?
There's all of this deliver. Well, you never told me all of this was happening. And the, the, his supervisor says, well, I didn't know. I can't possibly be the, the situation, but they were both go down to the receiving doc. And his boss is amazed at all of the stuff that's that that's been delivered hardly. Any room left he looks at then goes over to the computer, looks at the orders and sure enough, they were all all justified by the end of the day, not only was the receiving dog full, most of the yard was full and his boss was in an emergency meeting with a management committee about the hack into their ERP. Okay. Now the that's entire fiction. If you want to read more about and why it happened, you'll have to read my book. That's coming out late, late summer called Mandy. But the issue is what we need to do. And it's all up to us. Okay? Because we understand the poor, you know, the owner of the building supply company didn't know what they were supposed to do. And what we're gonna be seeing is a lot of the cybersecurity activity coming down from the big enterprises, most of the colonial pipelines have taken measures against, you know, to give them the cybersecurity. They need a lot of those small to medium companies. Haven't and it's up to us to get that message through.
Now you can interrupt me at any time. I love conversations. We're a small group here. We don't really have to worry too much about time. If we don't finish all the, these slides, that's probably good. You can always download them. What I want is when you leave this room to say, gosh, that was worthwhile. Okay. So let's contribute in terms of, of the digital industry, everything is a digital industry, okay? Eye track, operational technology activity for KuppingerCole and there's, there's many different sectors that sub sectors that we need to worry about. Okay. In Australia where I'm from agriculture is very important. I'm gonna tell you a story about that a little later on. If you're, if you're in building management and you don't have sensors everywhere, I'd suggest you would, you should do a lot. A lot more healthcare is, is burgeoning, right? Healthcare is, is a, is a huge industry right now.
And the, the dramatic increases we're seeing there and the dramatic security problems and lack of privacy. It boggles the mind in terms of retail, lot happening there. Manufacturing is the big one though. Okay. Manufacturing, there's more happening in the industry. 4.0 right now, in terms of if, of, of more and more machines coming online, that need to be managed smart homes too. I mean, it's not a big value area, but smart homes is taking off. People just love, you know, to be able to set the, the, the, the lights on as they pull in the driveway. And I mean, I've got I'm right here. I can, I can tell you the chlorine 11 in my swim pool, if you're interested. Okay. So we need to make sure that we are, of course taking advantage of, of the opportunities that we have available for us in terms of trends.
And this is where I want you to participate. I I've come up with these four cause they're front of mind, but you guys know what they are too. I would like to know what trends are, are you feel are impacting their digital economy. Growth rates is one thing. Like if we look at machines they're becoming cheaper and more functional, well, functionality has just gone in the last decade. Prices have dropped dramatically. Functionality's gone through the roof. So a lot of those use cases that just weren't economically available a short while ago now are. And if, if, if you're not taking advantage of them, your competitors probably are. So we need to stay, stay across what's happening in, in those areas. Edge computing is another big one. Now I'll have to define edge computing, cuz that term is used in so many different ways. The whole intention of an edge edge computer is to protect what's happening behind it.
So when I started in this industry 40 years ago, you had to be very careful when you put a processor in place, because if anything interrupted that, that, that system, that, that had to have a real time operating system on, on it, if anything interrupted that operating system so that it couldn't do a read when it was supposed to do a read or it couldn't actuate something when it was supposed to you're in trouble. So jitter was a big term back then. You didn't want to have anything was going to interrupt the processor unduly and that's what edge computing does. It says, okay, we need to get information outta IOT environment. We need that data so that we can use it within the business. But in doing that, we don't want to interrupt what's happening at the process level. Okay. And it also provides us some security pieces of it.
And the way that could be done now is, is multitudinous. Okay? And that brings us into the next one, communication, the communication advances and just read 5g. Okay. The communication advances are bewildering. What you can do. Now, if you've got a, a private 5g installation, you've gotta have a specialist that really understands 5g core to be able to segment the, the activity that's happening on your network. The time slicing availability in there gives you incredible capabilities. Okay? So you need a specialist that's working in that that's supposed to be 5g, cannot 5g. Okay. Supply chain, disruption. There's nothing that is more front of mind now for most companies that is what's happening in my supply chain, fuel costs are going outta sight. I can't get drivers, you know? So, so we, we have real problems now in that a new need to be thinking through what does that mean for your, your particular industry? What other trends let's, let's open the floor for some, some other trends. What other trends do you think should be front of mind that we need to put on the list?
Well, I'm thinking something like
I'm thinking something related to embedded user experiences, right? So we, for example, we, we used to go at Starbucks. We didn't have any digital identity at Starbucks. Now we can have a digital identity. We even have a credit or debit. We have a debit card there, we have money there. So, so, so this, this trend is, is, is, is spreading more and more this, this embedded user experience and the financial experience within the products that we were already using. So I think this is, this is also a trend that we might be looking at or might be interesting to
Look at the embedded user experience. Yeah. Okay. Because we also have the embedded experience with devices. We're seeing devices now being built out with more and more capability, particularly with EIMS you don't even need a hardware SIM anymore, just EIM for you. So the device that before was plugged into a PLC that was plugged into a controller, you know, we don't have that anymore. The device is right on the network. So yeah. So it's brings up a good point and thank you for that embedded user experience. Yes.
And new business models. I'm looking at energy, oh, sorry. New business models. I'm looking at energy supplier and we are not only producing energy transporting and distributing energy, but right now we are going into electric mobility, electric vehicles and charging points and things like that. And there's a very distributed area. So we got to this new technology, it's very distributed technology. It has to scale up that's one point. So it's just an example for new business, which is completely digital, which you should put on there and maybe all the field of production on demand, maintenance on demand or anything which measures and do some solutions on demand.
You bring up a very good point. Yep. So new business models and, and we need to be continually now thinking through, huh, there's a change. What does that mean? Okay. Now you don't necessarily yourself have to do that. Okay. What you've gotta be good at is getting people in a room that do know what needs to be done and can think through what the new models are, can think through what, you know, an energy, energy distribution and energy generation is changing. We're all aware of that. I personally think we're going to have many more centralized, smaller supply devices that are going to, to, to look after a community rather than relying on the grid. Okay. Well, what does that mean? Okay. Now, you know, you don't have to do that. You just have to get the right people in the room, stand in front of a white board with a white board marker and say, what does that mean for us? And then write down the ideas. Okay.
I have a, a commoner question on the AEC, 62, 4 43, and the sort of demands coming from there towards us supplying infrastructure to
Supply for in which area
That could be a heating cooling for, for big buildings and water treatments, et cetera. There are some regulations in the us you have to comply to if you want to be able to deliver.
Yes. Okay. There's a good point regulation and what's gonna happen in that space. Okay. The generally speaking, what we're seeing is that the, the separation that there has been in the past between OT and it, and sometimes mandated that that's dissolving. Okay. And we are, we are seeing some, even in the electricity generation area ability to have a, a unit directional gateway that would allow us to get that data out of the OT device network, I should say, but while the same time protecting it from, from what, what needs to be done. Okay. Look, thanks for that. I mean, that's great to get to, to get these ideas. So in terms of understanding what we need to do there and how we evaluate new opportunities, John Tolbert, John was supposed to be with us, but he had to leave. I've done a, a document with John that looks at the suppliers and the cybersecurity protection in, in devices.
And we came up with this little model that you need to think through four things you've gotta think through, how do you protect your, your environment? How do you monitor it? And there's some significant things changes happening in the monitoring space right now. How do you detect whether you've got potential compromise? And lastly, how do you respond? So we're going to be, be looking at each of those. And then in terms of the characteristics that we look at, we looked at, we looked, we, we saw these, these as being important. First thing you've gotta do is know what you've got. So having some asset inventory is important now, in terms of the device, the, the solutions, these days, a lot of, I was really impressed with some of the solutions we looked at in terms of their capability to go out onto a network and then bring back the information about what's the asset inventory, make sure we know who access accessing what we need, access control, tying into your corporate.
So, and seeing so that we've got our, if we've got a, a security operations center and we don't tie in our operational stuff, we are missing a piece of it. Okay. If we, if we are doing event management, but we're not worrying about the events that are happening on, on the, the OT in the OT environment, we we're missing something. It's so management UI is very important. I, I dunno about you, but I see some of the interfaces that are provided to us as being very ordinary. Okay. Make sure you evaluate the management UI protocol support. A lot of the devices are running weird protocols. You need to think through how do we understand that some, some solutions do packet inspection to identify what's happening on it. So a threat detection, I was blown away with one of one example where they actually, the threat de threat detection capability of the system actually flagged before you actually put anything into, into production.
It flags it. If you've got a problem, because it knew the common threat models and signatures in this space, and the tool actually gave you that response early event response, what are we gonna do about, about it? And there's no, there's no point in waiting till something happens to define what your response is. Okay. You've gotta have a plan. That's already worked that out. And then deception tools they're becoming to coming to the for now. Okay. They're, they're now being accepted as a way of providing cybersecurity to your, to your environment. Okay. So you have honeypots and you know, within your system, if you see any activity on the honeypot, you know, it's gotta be fraudulent, cuz nothing should be there. Right. So there is some, some, some interesting things happening in that space. Okay. We're gonna look at then the, the supply chain. See, just check our time here.
Okay. The, this is my very basic way of looking at all of the pieces. Okay. With, so these little, these little circles up here are indicating this is subjective is my view of how automated these, these particular options are. Order entry. I mean, for some organizations they're very, very, very automated, right? It is all done online and auto that orders taken in and then goes straight into, into the production planning. Production planning is very automated. Okay. So you, you, you, once the, the program, the application has gone through and decided what needs to happen, it updates into manufacturing. Most of the manufacturing options, operations, you know, your printers, your, your, your CNC devices and things like that, that, that automation's in place packing, not so much like particularly if you got a complex packing operation that that's sometimes manual, but the degree to which that could be a mechanized, the better and keep in mind that at each point along here, there's vulnerabilities.
Now, if you're doing, you know, just in time for a customer order, then you go straight down here. If you not, if you're in a big operation and you go warehouse it, you now have the warehouse and transport capabilities. Transport is odd because it can't be fully automated, but there's a lot happening in this space. I mean, I'm sure you've all ordered product and it tells you, you know, order's been placed and it's all been shipped and then it has, it's already arrived here. It's pretty impressive. What you can now do as taking attention. I dunno what happens with the demise of Sigfox, cuz a lot of the truck container tracking use Sigfox. And I was very happy to hear that there's a company in, in Singapore, that's taken over SIG Fox except for the us where they've gone bankrupt. But the there's some, some, you know, and again, 5g is responsible for this in my opinion's taken over a lot of the LP, one type of activity, but transport.
Yeah. Not so much in terms of automation, but there's there's, there are a lot of vulnerabilities there. Our distribution centers virtually fully, fully automated. And then the delivery fulfillment, depending upon what it product it is, whether it's retail or whether it's into another, you know, B2B type operation, I guess it's normally B2B the retailers on that top line. Isn't it? Okay. So the, the issue is though, now what's happening in this, in this supply chain, this blew me away. This is a look at the, for Amazon, what their shipping costs have, have done. The, the bottom part here is that fulfillment. The top is the shipping to the warehouse and that type of thing. That's up to 2021. Would anybody like to hazard to guess what 2022 is gonna look like it's gonna be off the chart. What does, what does that mean for your organization?
Are you thinking those things through do the, the, the whole supply chain shock is about to hit us if it hasn't already. And it's, there are some interesting things that, that, that are happening in, in this space that I, I read of one, a us company, a retail company that prior to last Christmas, because of the problems they were having, getting product, they rented a whole ship. They just, for them, weren't gonna look, look after the, the supply chain story from Australia. So we got quite big agricultural industry in Australia and some farmers from Northern Queensland, Southern, Northern new south Wales, Southern Queensland area, mostly grain. They were having problems cuz they get the, they, they harvest the product, it goes into the silos and it gets trucked to the railhead go rail to the port and then loaded for export. And at each of those points, they were continually having problems and, and costs escalating costs. So they've got together in a consortium now and they rent whole trains. They do it themselves. And so we're seeing some dis intermediation in the, the supply chain issue. So what does that mean? Right. And, and how people are gonna start to do things a little bit differently. Coming back to Amazon, this blew me away. CEO of Amazon. It's taken them 25 years to build their very significant DC system distribution center system. Okay. A lot of math goes behind. Where do you put a distribution center? They've doubled it in two years. Incredible.
Okay. So how do we respond to this? And I've just got a couple of ideas that I'd like to go to, but again, I would like your input on here cause you've got some ideas that, that I dunno about. Okay. I think that we, we need to go, like I was just talking to a chat this morning and says, look, when you get back on the rail on the train, leaving EIC, is it gonna be, oh, that was interesting few days or is it going to be my God, we gotta do something. I hope it's the latter. I hope we are getting fired up here because it's us that understand these issues and it's us that gotta help our companies get over them. So I think you need to engage those people that know the solutions. As I said before, get in front of the whiteboard, hold the pen and say what can go wrong?
Okay. Number two, whatever they come up with, then you gotta engage the stakeholders that know how to, how are we going to get across that? And one of, if there's anything that I see, I'm a project management from way back, one of the biggest problems, I still see people making, particularly in this agile project management sphere is not engaging the stakeholders. Okay. You need to make sure that you engage those people segment the work, obviously, but most importantly, then please deploy. Now, please go that next step and, and actually do something in terms of, in terms of other other issues we can do. Let's have some comments. Yes, please. Do we have that? Thanks.
Thanks so much Graham for, for that. And if, if you just go back to that slide that you, that you just shown, just coming, coming from, from a project where the organization that we were doing the project with was desperately trying to let's say throw agile methods on a waterfall oriented organization and make everyone do agile. That's just not how it works. And, and I see that there needs to be a, a change in the, in the human mind and, and people need to be picked up where they are. Yeah. Like just doing something agile and then requesting the project to come up with a project plan with milestones is just something that,
Okay, you make a good point. And there there's been some problems in, in that way, but agile can work provided. You've got good project manager. So put everything up on your project wall. You've got all of your tasks to do intrain and completed. The intrain ones are the most important ones. And the problem is typically where the, at the, at the standup, when you're, when you're doing a review of the sta status of the, the, the project, you should be identifying for each of those, any issues. And you need the people in the standup that can fix the issues. And that's the project manager responsibility. I remember one time shutting down a whole project cuz for three different meetings, nobody from marketing turned up and the boss called me and said, what do you think you're doing Graham, I'm sorry, sorry in designing something Martin marketing market. So, you know, you need to be that, that strict with people, the standups have gotta be respected, you know, make sure we get the right people there. Any other comments or questions for online? I have a place, a tablet here. I can take the online ones for any questions or comments. It doesn't have to be, this is, I'd like to see a interaction here. So if there's some comments, if you've got some words of wisdom for us, we would really like that.
Okay. No words of wisdom, but can we, can we be be, can we make a pack hand on heart as you leave this room, you're gonna do something right. We're not just gonna think. We're not always lovely food. We're gonna do something. Excellent. Thanks so much.

Stay Connected

KuppingerCole on social media

Related Videos

Webinar Recording

Unify Identity and Security to Block Identity-Based Cyber Attacks

Join security and identity experts from KuppingerCole Analysts and ARCON as they discuss the importance of securing enterprise credentials, explain why a unified identity security approach in line with Zero Trust principles improve security and efficiency, and describe how to combine…

Analyst Chat

Analyst Chat #152: How to Measure a Market

Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

Event Recording

Effects of Malware Hunting in Cloud Environments

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00