Loading Episode...
The Industrial Talk Podcast with Scott MacKenzie - The Industrial Talk Podcast with Scott MacKenzie 15th June 2021
Richard Ku with Trend Micro and txOne Networks talk about Cyber Security Best Practices and Recommendations
00:00:00 00:21:55

Richard Ku with Trend Micro and txOne Networks talk about Cyber Security Best Practices and Recommendations

In this week's Industrial Talk Podcast we're talking to Richard Ku with TXOne Network and Trend Micro about "Cyber Security Best Practices and Recommendations for your Digital Transformation Journey".  Get the answers to your "Industrial Cyber Security" questions along with Richard's unique insight on the “How” on this Industrial Talk interview! Trend Micro Event:  Cyber Security Perspectives.  Hold Your Seat Here. https://youtu.be/jjVYi2OIBG8 Finally, get your exclusive free access to the Industrial Academy and a series on “Why You Need To Podcast” for Greater Success in 2020. All links designed for keeping you current in this rapidly changing Industrial Market. Learn! Grow! Enjoy!

RICHARD KU'S CONTACT INFORMATION:

Personal LinkedIn: https://www.linkedin.com/in/richardku1/ Company LinkedIn: https://www.linkedin.com/company/trend-micro/ TX One Networks Company Website: https://www.txone-networks.com/en-global Trend Micro Company Website: https://www.trendmicro.com/en_us/business.html

PODCAST VIDEO:

https://youtu.be/MIElCbBZXhQ

Other Powerful Cyber Security Resources:

https://www.trendmicro.com/vinfo/us/security/threat-intelligence-center/internet-of-things/ Fake Company, Real Threats: Logs From a Smart Factory Honeypot - Security News (trendmicro.com) Lost in Translation: When Industrial Protocol Translation goes Wrong - Security News (trendmicro.com) Unveiling the Hidden Risks of Industrial Automation Programming - Security News (trendmicro.com) Security in the Era of Industry 4.0: Dealing With Threats to Smart Manufacturing Environments - Security News (trendmicro.com) https://resources.trendmicro.com/Smart-Factory-Success-Story.html https://www.youtube.com/watch?v=mKJomr8HqdQ

THE STRATEGIC REASON "WHY YOU NEED TO PODCAST":

OTHER GREAT INDUSTRIAL RESOURCES:

NEOMhttps://www.neom.com/en-us CAP Logistics:  https://www.caplogistics.com/ Hitachi Vantara: https://www.hitachivantara.com/en-us/home.html Industrial Marketing Solutions:  https://industrialtalk.com/industrial-marketing/ Industrial Academy: https://industrialtalk.com/industrial-academy/ Industrial Dojo: https://industrialtalk.com/industrial_dojo/ Safety With Purpose Podcast: https://safetywithpurpose.com/

YOUR INDUSTRIAL DIGITAL TOOLBOX:

LifterLMS: Get One Month Free for $1 – https://lifterlms.com/ Active Campaign: Active Campaign Link Social Jukebox: https://www.socialjukebox.com/

Industrial Academy (One Month Free Access And One Free License For Future Industrial Leader):

Business Beatitude the Book

Do you desire a more joy-filled, deeply-enduring sense of accomplishment and success? Live your business the way you want to live with the BUSINESS BEATITUDES...The Bridge connecting sacrifice to success. YOU NEED THE BUSINESS BEATITUDES!

TAP INTO YOUR INDUSTRIAL SOUL, RESERVE YOUR COPY NOW! BE BOLD. BE BRAVE. DARE GREATLY AND CHANGE THE WORLD. GET THE BUSINESS BEATITUDES!

Reserve My Copy and My 25% Discount

PODCAST TRANSCRIPT:

SUMMARY KEYWORDS organization, cybersecurity, industrial, richard, standards, people, tx, digital transformation, cyber, trend micro, Iot, technology, security, industry, digital transformation journey, podcast, implemented, key pillars, apply, strategy 00:04 Welcome to the industrial talk podcast with Scott MacKenzie. Scott is a passionate industry professional dedicated to transferring cutting edge industry focused innovations and trends while highlighting the men and women who keep the world moving. So put on your hard hat, grab your work boots, and let's get again, welcome to industrial talk your place to talk industrial. How about that? I just sort of flipped that all thing around. That is right. We celebrate you industrial professionals, industrial heroes, you are bold, you are brave. You dare greatly. Man, innovate, you're solving problems. You're changing lives and you're changing the world each and every day. Yet we have to, we have to celebrate you on this podcast. It's absolutely incredible. Thank you very much for joining. As always. All right. Again, this is in a five part series on cybersecurity. And if you're into digital transformation, which you should be, if you've been listening to the industrial talk podcast, you'll know that we feature a lot of companies, a lot of professionals who are experts at that you know what they need? Yep, cybersecurity, we're gonna be talking a little bit about cybersecurity best practices and recommendations on your digital transformation journey with the guy Richard cool. Let's get cracking. Yeah, you need it. Get it just need it, do not ignore it. Get up front on this saying you need to go through digital transformation. Yes, you need to create that level of resiliency within your, your processes, your manufacturing your industry. Absolutely. That is a digital transformation conversation, plenty of incredible professionals out there. And a part of that whole conversation, of course, is cyber security and doing it right and being able to know that your assets, your business, are thoroughly protected from the various nefarious individuals out there. Before we get into this particular, cybersecurity best practices and recommendations. Again, let's sort of point something out today is the 15th. So the the event, the perspectives event that is taking place at Trend Micro is going on right now. But for Americas, it's tomorrow. So put that on your calendar, go out to industrial talk COMM And you will find a link to this particular event. And it is if you're in the Americas, it is at 11am to 4pm. That is June 16th. If you're in Europe, it's 10am 3pm. And it is it's it's vitally important. Don't, don't just brush it off. Here it is free information. Because we've got to always be about learning, we always got to be about collaborating, we've got to be about innovation. And we can't stop. You can't innovate without collaborating, you can't collaborate without educate, and you can't do all of these three things independently, because we've got to keep learning, we got to keep collaborating, we got to keep innovating, so that the future and your business is resilient, and you can prosper. Alright, Richard Kuh. We're going to be once again, talking about cyber security best practices, and recommendation on number three. Now, if you didn't get number two and number one, it's a must all out on industrial talk. Enjoy the conversation. Richard, welcome back to the industrial talk podcast. Now listeners. This is going to be number three, called cybersecurity best practices and recommendations, this particular podcast number three, but I highly recommend the other two. The first one that we did was cybersecurity threats, challenges and risks. This is important information that you need to hear. And number two, podcast number two is industrial business and technology challenges. Same thing, and it is all directed to that digital transformation journey that many within industry are on. And if you don't have that cyber sort of mindset cybersecurity mindset as you begin this journey, there are challenges and Richard and TX one are here to help and they're willing to provide all this particular information. Richard, how are you? 04:39 Scott, and thanks for the invitation again. 04:45 Love it now. Richard, uh, just for clarification for the listeners out there. I see a couple of things I see Trend Micro, and then I see this another organization called TX one. Give us a little Background into that, that, that structure? 05:06 Yeah, so I think most of you out there probably know Trend Micro pretty well, right, we been around for a little bit of, what, 30 years, right in the industry. And we are one of the market leading in cybersecurity, you know, our, you know, for for many, many years. And so that's Trend Micro, but a few years ago, we recognized that there had been a lot of challenge in terms of, you know, getting the right solution and right technology to you know, apply to the industrial control side, specifically on the OT, environmental operational technology environment. So we basically did a joint venture with another company called moxa. And this joint venture is called TX one networks and TX one there was really is a sister company, and product Trend Micro and you know, what it does is really, you know, focus in, basically, like I said, design and building the right solution for the industry control environment. And that's what gx one next. 06:14 I'll tell you, right now, that that focus is so important, because in many of the conversations I've had over the past year to whatever digital transformation is at the forefront, and people want to be able to transition their business to a more digitally centric type of business now that requires, you know, technology and innovation, but it also requires a focus in on cybersecurity and your strategy. Can you give the listeners, the big picture? Give us the big picture? 06:55 Yeah, so I think, you know, with this digital transformation, right, you know, we believe that cyber security had to play a very key and critical role in that particular trans transition or transformation. And so, you know, when we look at cyber strategy, you know, I typically tell people, there are really four key pillars right in and, you know, and having an effective, you know, OT ICS security, begin with understanding the big picture. Right. And, and those four components are people, process, technology, and culture. Right, and we can talk about that a little bit more detail. But, you know, first, let's talk about the people, right, people play a very important role in a cyber strategy, right training and security aware organization can also reduce, you know, significant your security risk for the organization. And I think that's one thing. The other one is, you know, having well trained professional, right, qualified and competent people and really know, how can help organizations address cyber threat, and also in cyber challenge. So, as far as you know, you know, having this competence people in how organizations deploy and understand the right technology, you know, on to the, you know, operational technology environment, right. So, that's the people components. Right. And, you know, that second component, which the process, you know, I think any cyber is in a security strategy, right, you know, and to be effective, the organization must develop, implement some type of process or procedure, right, ensuring they are clear roles and responsibility, and management system are put in place, right, within the organization. I think we talked about this issue a little bit on the previous basis, basically, podcast, and, you know, one of the things we're seeing is the organization going through this digital transformation, right, and you have this convergence between it and OT, it is very difficult, right, to have, you know, clear roles and responsibility, you know, between the ITT because traditionally, I think it used to be the one responsible for the cybersecurity and now you have this convergence happening from the OT side. And now that I'm clear roles and responsibilities, so, these procedures and process have to be implemented, you know, even more you want digital transformation as a tourist, you know, OT in a cyber strategy, right. So putting good governance in place right now policy and frameworks are good, you know, thing to have in there. Some best practice, maybe some it ot auditing, you know, process in place, right. 09:50 So, this is what's interesting and I think you bring up a good point in the past legacy type thinking the OT in it. Organizations then and they didn't, they didn't work together, going forward in this new world and whatever this this digital transformation world, it's vitally important that those both organizations work together with a common, you know, like you said process procedure and governance to be successful in a cybersecurity type of mindset. 10:27 Correct? Yes. And then, you know, I think that the third thing we talk about as one of the pillars is technology itself, right? I think one of the big challenge and I think difficult for most people is that not every technology right, you know, from the IP side can be implemented, you know, on the OT or icsr and having a good understanding of the technology and be able to task verify and validate and make sure you can work and adapt into darkened environment is very important, right. So, I think that the knowledge component is also good. The other one, you know, we talk about people, right, having the competency skill people, and who understand the technology, and can take those technology really kind of deploy right into the environment or to the, you know, infrastructure is also is very good. So, the people and the technology also can play kind of, you know, side by side, important role. And last, but not least, is the culture. I think creating a cyber culture within your organization is crucial, right? To reduce the cyber risk. And that really means starting from the, you know, CEO, or the top, all the way to the lowest level, you know, your organization and make sure that everybody understand what is does, you know, this cyber strategy, you know, yes, and what are some the threat to the organization, right. And so, as long as you have that good fitting culture within an organized organization, it can reduce a lot of, you know, cyber challenge, you know, for the company. 12:06 All right. So, listeners, what we have, from a big picture perspective, the four key pillars, as communicated by Richard people, which is a well trained cyber workforce, which is also sort of have that heightened security awareness to well developed process and procedures, sort of that governance, that ability for the OT, and it to truly understand roles and responsibilities, the technology, which is driven by the people and having the right technology in the in the OT and IoT environment. And then of course, definitely a cybersecurity culture is vital for any company that is going down the road of digital transformation and having that awareness going forward from the CEO, all the way down to the frontline, individuals. Did I wrap that up? Pretty good there, Richard? Yeah, that's a very good summary, Scott. Okay. Now we got it, we've got to address it. There are standards out there, there are standards so that you don't have to sit there and say, Okay, I like what Richard is saying, I like what he's talking about. But I don't really have to start, you know, right from the beginning. Let's talk a little bit about standards. Help us understand those. 13:35 Yeah, so I think, you know, I think many organization, you know, when come to, you know, create a cyber strategy, right? They have to do a lot of research, you know, and try to understand, you know, how to do the right security control with the telling people, hey, there are a lot of the industry standard, and best practice out there for industrial control, or for operational and technology environment. Right. And, you know, and they are being used by many organization, you know, for, you know, I don't know, several decades, it's been very effective. And so, organization doesn't have to reinvent the wheel, right. I mean, some of the standards we talk about are like the iisa, IEC 624 fours, you know, three standard, right, this is a framework, and it's good for general industrial automation and power automation. I think that's a very good standard. You have, you know, standards such as the NIST sp 800 das 53. And this is also good data for ICS in IT security reference, you know, standards, and then you know, the other one or like, things such as ISO IEC 27,000 is a good guy for ITC. At a reference, and you know, and also depend on, you know, what vertical you play, you know, for example, you have the if your, your energy, you have the note sip standard. So there are many standards out there, their organization can start by, you know, just looking at this and use this as a baseline to how you plan your, you know, cybersecurity strategy, and not necessarily have to reinvent the wheel or re do a lot of work. Because all this has been around for many, I would say, years and people in organization have been using it. 15:36 So, when I look at these standards, the general industrial automation, the iisa IEC 62 443, who is I ask a? 15:51 Well, I say it's, it's the ethical about automation, right. And this is, include a lot of, I was a independent volunteer researcher, right, that need to come together, and they help to define right strategy across different vertical across different technology, and how to apply different security control, you know, or, you know, into the different type of environment, you know, for example, I sit in the, you know, working group, a, right, this is a committee that we've focused on how to better communicate somebody standing into a different type of customer. Right. And also, there's a, working group number nine, I'm sitting in also, in there, we talk about how to best provide, you know, guidance for organization to apply somebody's security control into the industrial control environment that be as a manufacturing or power, or, you know, oil and gas, right. And so, the International Society of automation have been around for many decades, and they have, it's a very well represented, you know, organization with many, many professionals out there. 17:12 Now, as I look at these standards out here, Richard, is there a cost if I'm a company, and I hear what you're saying, and I have a desire to proceed forward, is there a cost to get this information? 17:29 I think some of these standards are readily available out there. I think some of these organizations, for example, I say, right, they have our freelance, you know, expert, now who can help organization to look at the standard, right, and they can translate the standard and how to best apply. And yes, also, if you just want to get the information, there is no cost. But if you want to go a little bit more deeper, right to really try to implement some of the standard, the end how to better you know, apply some discount security control, then your day some cost and associate with it, but again, it depend on integrations 18:12 does TX one sort of fit into that outside of all of the other stuff that TX one does the TLS one network does? Do you fit into that sort of help companies define that right? cyber strategy? 18:30 Yeah, so, you know, here on your organization, right, we developed many industrial control products designed for different verticals, especially, you know, manufacturers, you know, vertical oil and gas and power. And so, we do have, you know, security solution with you know, design and you know, toe and also applied to somebody standard, you know, for example, you know, it is understand that will require your say some type of security control, to be put, you know, say applied to it like to escape a system, like, for example, an HDMI machine, right? And how do you apply that kind of solution? So, we have security solution that actually can be applied into the host directly on Hmm, machine, or we have security solution that can actually be implemented before, before the box that Oh, before the, the system, so, this out solution can apply to some understand that as well. I will talk about that a little bit more probably on the next. You know, I think podcast, but you know, we'll talk about that as well. 19:44 All right, listeners, what we have is we've got four pillars, make a note of it. People, process procedures, technology, and culture. Look at that. We've already talked about it and then from From an overall strategy perspective, there are standards to help move you forward to have that sort of that security awareness, that security culture, which is very important if you're a company that is proceeding forward within this industrial digital transformation journey. Excellent job. Excellent job, Richard. Thank you, Scott. Now, we're going to have all the contact information for Richard, all the information that you need to know about TX one out on industrial talk comm so we're not we're going to wrap it up on the other side. So stay tuned. You're listening to the industrial talk Podcast Network. Alright, as you can see with Richard, and trend, micro and TX one, we are building incredible knowledge when it comes to cybersecurity and your digital transformation. So remember, go out, listen to podcast number one, two, and three, we've got two more. Number four is going to be cybersecurity solutions. And number five, hopefully, we could get the CEO of Trend Micro on this particular podcast so that we could talk about what's taking place in the marketplace. All right, be bold, be brave, dare greatly hang out with people who are bold, brave and daring greatly, and you will change the world and you will change lives. That is a fact jack because you are in industry. You are that incredible. Now, one last time, tomorrow, sign up. It's important. This is a cybersecurity event called perspectives. It is tomorrow, June 16. Go out there. Industrial talk.com has the link. All right. Thank you very much for joining. We're gonna have another great cybersecurity conversation shortly.