In this episode of Redefining Cybersecurity, host Sean Martin and guest Joe Weiss explore the vital intersection of cybersecurity and physical infrastructure, revealing critical gaps and advocating for an integrated, cross-disciplinary approach.
Guest: Joe Weiss, Managing Partner at Applied Control Solutions, LLC [@appliedcontrol]
On Linkedin | https://www.linkedin.com/in/joew1/
____________________________
Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________
This Episode’s Sponsors
Imperva | https://itspm.ag/imperva277117988
Devo | https://itspm.ag/itspdvweb
___________________________
Episode Notes
In this episode of Redefining CyberSecurity Podcast, host Sean Martin engages in a thought-provoking conversation with Joe Weiss, a pioneer in the realm of control system cybersecurity. Weiss shares his experiences and insights from the frontlines of this intersection between cybersecurity and physical infrastructure.
The conversation reveals a significant gap between the cybersecurity and engineering worlds. Weiss highlights how cybersecurity professionals often focus on protecting servers and data, while overlooking the physical infrastructure that supports those servers. This disconnect, Weiss argues, can lead to significant operational issues, including the shutdown of major data centers due to control system cyber issues misidentified as mechanical failures.
Weiss presents a riveting case study of a billion-dollar manufacturing facility that was unknowingly suffering a 3% hit on net productivity. This was due to malfunctions in sensors and systems that were not detected by the facility's operational displays. The issue was only discovered when the raw physics of sensor readings were examined, emphasizing the need for a more comprehensive approach to cybersecurity.
Weiss further discusses the potential consequences of these overlooked vulnerabilities, including the disruption of critical services like air conditioning, power, and water supply. He stresses that these are not just issues for private entities but can impact every government operation, and consequently, our way of life.
The conversation concludes with Weiss advocating for an integrated approach to cybersecurity, one that connects security to operations and safety. He sees education as a key part of the solution, calling for more cross-disciplinary learning and collaboration between the fields of computer science and engineering.
This episode is a deep dive into the complexities of cybersecurity and the urgent need for a paradigm shift in its approach. Listeners will gain valuable insights into the critical intersection of cybersecurity and physical infrastructure, making this a must-listen for anyone interested in the future of cybersecurity.
___________________________
Watch this and other videos on ITSPmagazine's YouTube Channel
Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
ITSPmagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
___________________________
Resources
___________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network
When Bits Meet Bricks: Critical Infrastructure CyberSecurity Beyond the Traditional Server Room | A Conversation with Joe Weiss | Redefining CyberSecurity Podcast with Sean Martin
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
ean Martin: [00:00:00] Hello, everybody. You're very welcome to a new episode of Redefining Cyber Security here on the ITSP Magazine Podcast Network. This is Sean Martin, your host, where I get to talk all things operationalizing security in business and broader society. And it's easy to get wrapped up in the in the cogs of business because that's where a lot of money is made.
And there's certainly a lot of attention paid to the The consumer end of cybersecurity with a heavy focus on privacy. And of course those two intersect. Um, but as you'll hear today, there's a whole sector that I think, uh, doesn't quite get the attention it deserves. And that's, um. Our critical infrastructure.
And there are many elements of that. There's water and power and waste and certainly financial systems, health systems can be lumped into there depending on what it's, what it is, maybe manufacturing as well, and all kinds of stuff, telco, maybe transportation, you name it, [00:01:00] a lot of things that. Make us move and connect us all together and keep things running.
Uh, have systems to that tend to have vulnerabilities that can be exploited. And I'm going to talk a bit about that today and kind of the state of critical infrastructure and critical infrastructure security with Mr Joe Weiss. Joe, thanks for being on the show.
Joe Weiss: Thank you for inviting me.
Sean Martin: And, uh, I'm trying to think how I, I certainly came across, uh, control.
com, I believe is the, is the domain control global. com. There we go. And it was one of your posts, uh, that, that caught my attention that we're kind of missing the mark on critical infrastructure. And when we connected, you then sent another one. And, and clearly there's, there's a lot going on. You mentioned before we started recording, there's even some more news today, perhaps that it makes today's conversation even more interesting before we get into.
All of that, Joe, a bit bit of your background, if you [00:02:00] wouldn't mind, please give give folks a sense of who they're hearing from today.
Joe Weiss: Okay, well, I'm a black sheep, if you will, in the cyber security world. I'm actually a nuclear engineer. And until 2000, everything I did was dealing with instrumentation, control systems, and equipment forensics.
In other words, is the turbine working properly? Is the motor Thank you. Uh, degrading, you know, things like that. Uh, and in 2000 is when I helped start the, uh, control system cybersecurity program for the electric utilities. And it was a, a real shock, both for me going in there and for the industry having me come in, because I look at life as an engineer, that is, is cyber security going to hurt anything we're doing, or [00:03:00] conversely, can cyber in a funny sense help us, but I'm not worried about, if you will, a vulnerability here, there or wherever I'm worried about.
Has a motor been impacted? Has a valve been impacted? Has an electric transformer Has been impacted. So my life is looking at impacts, not vulnerabilities and then trying to figure out what we do from there and also how we can use it to improve reliability and safety.
Sean Martin: I love it. And, um, yeah, I think another I'm generalizing here because I know there are people that do take different, uh, put on different glasses and look through things for different lenses, but, um, it's easy to focus on what it does and what it's supposed to do and where it isn't.
Doing that accurately, but then the other side of that equation is what you just described, which [00:04:00] is what what's the impact of that? Right. So let's see if that motor is burnt out or if that valve gets frozen or or Melted because it's over overworked because of a compromise That's the real problem, right?
And and so this is it's for me. It's interesting because You have the digital connecting to the kinetic, and presumably you have to have strong resilience in the mechanical end of things, um, with an understanding of resilience in the digital, and how those two interplay, right?
Joe Weiss: And I'll add one other point, because you started with it.
The digital connecting to the kinetic. In reality, what we really have is mother nature, which is analog actually, you know, connecting with kinetic and in, in [00:05:00] between mother nature and analog. Is where digital and, if you will, cyber come in, but what's been missing is really, you know, that, that front end, which is, uh, I use the term mother nature, but it's like, um, the fact that something is heating up.
That's mother nature. Okay. And when something heats up, it has a physical impact when it heats up, it's, it's analog, what's happening is it has to get converted electronically. This is again where, you know, cyber comes in, et cetera, you know, into, if you will, digital and from there to Ethernet packets, which is really what puts it on to, you know, where people start paying attention because [00:06:00] the networks as things are going on, um, What's missing is the very front end, you know, should something be heating up?
Is it truly heating up and why is it heating up? And that's the part you don't see, uh, in the normal world of cyber security. And that's also where sophisticated attackers will come in because you can't see it.
Sean Martin: And I'm curious, and this might be a slight tangent, but Do we have visibility into that information?
Are there sensors on these things? We can we can see that that mother nature view.
Joe Weiss: Yes. Yeah. Now is it common to use it? Because there are two things. Okay. Number one, we have sensors there. In other words, we, we are looking constantly in the [00:07:00] engineering world, not in the cyber world, in the engineering world, we're looking at pressure and temperature and flow.
And, uh, um, uh, voltage and current and position. I mean, you think about in an office where you have all these, uh, you know, well, you know, um, sensors, uh, monitoring movement in order to turn lights on or off in an office. You know, there's all of this stuff. It's called the invisible visible. It's there all over.
You just don't pay any attention to it because it's just part of the background. You know, these, these, these sensors are not something you pay attention to the cyber world normally doesn't pay any attention to anything that doesn't look like. It has a keyboard or a cell, cell phone type of thing. Right.
Sean Martin: Can you, can you paint a picture for me and for, for our [00:08:00] audience of, I know there's probably no typical, um, example, but I don't know, pick, pick some critical infrastructure. It could be power generating station. It could be power storage. I don't know. So pick something, water treatment, um, pick something there and kind of describe.
What, what kinds of systems exist there and what, how many sensors there might be, uh, can you, can you paint a picture there so we can kind of grasp
Joe Weiss: what we're, yeah, if you're talking about say a large power plant or say a refinery, they can have on the order of 25 to 35 or 40, 000 sensors and what they're doing is in real time measuring them.
Like I say, pressures and levels and flows and temperatures and valve position, [00:09:00] or, um, like I say, voltage current, all the physical state of the world is being measured in real time. So this is like, I say, millisecond microseconds to millisecond. All of this is being measured. It's being sent electronically off to controllers.
The controllers have been pre programmed to basically say I want to keep this tank of water at 80 degrees. So I'm monitoring the temperatures and pressures and pump speeds and everything else, all to make sure that I keep that tank 80 degrees. If my sensors start telling me, hey, I'm now at 85 degrees, Then the controllers are [00:10:00] going to automatically based on the sensors, say, reduce pump speed or reduce a heater or whatever to bring the temperature back from 85 to 80.
The flip side is if I'm at 75 degrees, I'm going to say, increase pump speed or increase a heater or whatever because I want to be at 80. Well, I'm doing that constantly in real time. The other point I think that's important is the operator who's monitoring this, you know, who's sitting in front of generally a bunch of windows screens.
It's going to see what's happening, but seconds to minutes later, he's not seeing what's happening instantaneously. So. What's different is the operator really is [00:11:00] not controlling keeping that tank of water at 80 degrees. These control systems are automatically doing that and feeding that information back to the operator.
So if anything happens with those sensors or those controllers, those actions are going to occur right or wrong. That's why you worry about cyber, right or wrong. Before that operator ever sees it or has a chance to correct it. And what's happening today is the focus of cybersecurity is not on those sensors and the controllers that are trying to keep this tank of water at 80 degrees.
The focus of cyber security is on those windows screens that the operator is looking at that are, you know, seconds to [00:12:00] minutes old and may or may not even be providing accurate information. And so much of what the cyber security world is pushing is not, if you will, coincident with what you're trying to actually do in the physics world.
That's a really big part of our problem, and I want to take it a step further. This problem starts in our education institutions. And that is, if you're going into cyber security, that's in computer science. Very, very few universities. Require that if you're, uh, in computer science that you have to take any engineering courses, even a basic introduction to engineering.[00:13:00]
So the people coming out of universities into the cyber security world are, I hate to use the term, clueless about engineering. The flip side is. Those people in the engineering disciplines, whether it's electrical, or mechanical, or chemical, or nuclear, or systems, aerospace, name it, again, this is, never say never, never say always, but by far and away, the vast majority of universities do not require anybody in an engineering discipline to take an introductory course In cyber security.
So here we have these two worlds each trying to do something different. And in reality, what they're both trying to do is almost mutually exclusive the [00:14:00] cyber security world wants to lock everything down strictly on a need to go. And, um, you know, essentially shut down if, if you feel that there's been a compromise somewhere, the engineering world is all about safety, reliability, productivity, and to do that, you really want open interoperable systems, which is kind of a no, no for cyber.
Um, they want, uh, you know, you've got. Uh, engineering experts who don't feel cyber is applies to them. You have the cyber world who feels everything is about the bits and bytes. And the fact that a motor is heating up has nothing to do with what they're doing. And this situation is not getting better.
It's getting much worse.
Sean Martin: I want to talk a bit [00:15:00] about that because before we started recording, you mentioned, you had me reminiscing about, uh, about visiting the big yellow campus there in Northern California, where I used to work. And, uh, you told me a story about traveling around to Different entities to talk about this.
Joe Weiss: Yeah, well, when I started, yeah, when I started or help start anyways, the control system cybersecurity program. This is in 2000. Okay. I was at the Electric Power Research Institute. I was the technical manager of the program and represent Palo Alto, you know, Symantec, Trend Micro. HP, you know, I keep on going, you know, all of all of the old names are here in Silicon Valley.
So I didn't have to get on an airplane. You know, what I did is I basically got on a car where I walked down the hill, for example, going [00:16:00] to park Palo Alto Research Center. You know, I'm going to all of these. big names in the world of cyber going, you know, with industrial strength, knee pads. So I can beg and plead.
Would you please work with us on cyber security of these infrastructures? And each and every one said, Well, let's see. Are you using, um, windows? Are you using, you know, all of this? Standard IT stuff, and their interest was in protecting servers, because that, their life, that's like I said, what you did at Symantec.
Um, you start talking about a pump, a valve, a sensor, an actuator, and I had to bring pictures and spell out, that's what this stuff is. This is not, you [00:17:00] know, neither side was talking to the other. The ultimate irony is. That in every one of their buildings, in every building, you have sensors measuring temperature and pressure and flows and, and, and, and, uh, humidity and, and,
Sean Martin: and security operations centers and labs, uh, power backups and generators,
Joe Weiss: the ultimate irony is, That the cybersecurity world is worried about the bits and bytes of data.
The engineering world is worried about the physics and the process, and they don't talk to each other. So here you have all of these engineers or facility people worried about keeping the data center, uh, at the right temperatures, [00:18:00] you know, and, and have, you know, the right cooling and everything else. But the whole focus of a data center is the servers and the data.
Yet, we've had many, in fact, between August 30th and October 14th, there have been three major data centers worldwide shut down because of control system cyber issues. And none of them were actually identified as being cyber related. They were all called mechanical failures, which also meant there was no cyber incident response initiated.
Anything. These issues took those data centers down for hours. And in one case in Singapore, it took out Deutsche Bank and Citibank's [00:19:00] operations. For something like I think it was four hours or so.
Sean Martin: So these are private, private entities, commercial entities, supporting data centers that support other businesses.
And you mentioned financial.
Joe Weiss: Yeah. Or, or, you know, keeping, keeping, you know, air conditioning going or keeping power going or keeping water going is something not only needed for private. It's needed for every government operation. You know, this is what keeps our. You know, way of life going.
Sean Martin: So what, um, I mean, we could probably pick apart all the, all the places where, I mean, in, in, in the traditional it world, the, the core conversation is around connecting security to the business and there's a huge gap there.
What I'm hearing here is connecting [00:20:00] security to the, uh, the operations. Yes. Making sure it is security to safety basically. And, um. So how, how do you see a path forward? You mentioned education earlier, I think that's probably one area, but where, where do you see, we need to,
Joe Weiss: I'm going to give you an example of something that's actually happened.
We actually wrote it up. It's in the November, 2022 issue of IEEE computer magazine. So what I'm telling you about is a real project with real results. And why it worked, in other words, why we're able to do this and the flip side, which is where everybody else's shows you this gap of where we are versus where we should be.
This was a billion dollar manufacturing facility [00:21:00] and the windows displays said everything was working normally, but the plant people felt they were very uncomfortable. Everything seemed to be working properly. But you know, the gut feeling thing that this doesn't feel right. So they did a project and they basically took one of the manufacturing lines in this, like I say, billion dollar facility in this manufacturing line had 16 sensors.
They were measuring pressure, temperature, flow, motor amperage. In other words, if you will, you know, the, uh, current in the motors, you know, Going up, down, whatever valve position and vibration. Now, that's [00:22:00] typical of every single facility in the world of any type. And what was done here, which is what was different is there's several, there's a couple of types of technologies.
I'm not going to name any names, but I'm going to just talk about the type of technology. This particular one that was picked was looking at the raw physics of the sensor reading. So what they were looking at, and I'm going to sound propeller head techie for a minute. They were looking at the 4 to 20 milliamp current readings.
So they weren't looking at pressures or temperatures or flows. They were looking at the physical response of the sensor, and then again, this is a year ago, February, so this [00:23:00] predates chat GPT, but they were using machine learning to take those values, those physics values and try to understand really was the real ground truth measurements.
Were they the same as what you were seeing on the windows displays? And the control room, because if they were, then, you know, hey, people with your, you know, queasy feelings, you know, suck it up. It's real. What we found, and this is part of the reason this is written up in this IEEE Computer Magazine article.
More than half of those sensors were either inoperable or out of calibration, meaning they were not accurate. Only [00:24:00] the Windows displays didn't see any of that, you know, major, major error. Oh, my God. What is this? Okay. The next thing that was done is they were looking at the main pumps, what are called main feed pumps, which are, you know, feeding the process and when they looked at the operator displays, everything seemed normal when they started looking at the raw physics of those of the signals, what they found was the pumps were having real problems, but it was occurring in seconds to less than a minute.
It was too fast for Windows to see it. Windows had no idea. There wasn't a problem with Windows. Windows was never meant to be an engineering tool. Well, the next thing that was done was doing a real [00:25:00] extrapolating what was found in that one line and extrapolating it to the facility and then doing a very, very, very detailed cost impact analysis of what we were finding and what we found was this billion dollar facility was taking a 3 percent hit On net productivity because the sensors in the systems weren't working as they should.
Now, again, the reason this is in IEEE is a couple reasons. Number 1, here's real dollars associated. Number 2, the sensors are the input to every network cybersecurity monitoring program. So, it's basically saying, guess what? All of your cybersecurity monitoring is based on untrusted or wrong data. [00:26:00] The other thing, and that's where I was coming from too, because this program was called a productivity program, corporate was involved.
All of engineering plant management was involved, all of engineering was involved, and cybersecurity was involved. If this would have been called the cybersecurity program, not one of them would have been involved. Interesting. So, again, this is why, this is in the, you know, like I say, IEEE Computer Magazine.
Uh, again, for what it's worth, just deviating for a minute. We have an article that's supposed to be in the December issue, like this month's issue of IEEE Computer, and it's about the data centers and their shutdowns. So what we're looking at is this gap [00:27:00] that is, and by the way, none of this has to be malicious.
As an engineer, I don't care whether, quote unquote, it's unintentional. That you're losing 3 percent in net productivity or because somebody is hacking you to lose that 3 percent Because at my level it doesn't matter and I want to take it one step further And this is part of the problem in Again, i'm going to make a general statement in the cyber security world to cyber security people if you can't tell them It's malicious.
They simply don't care what Stocks net If you remember what Stuxnet was, you know, for those who don't, that's, [00:28:00] you know, attacking the centrifuges in, in, in Iran, what they did is they made a cyber attack look like an equipment malfunction because of that, it was literally more than a year that those centrifuges were being damaged or destroyed until that, uh, PC was sent to Belarus and they found this, you know, some software issues in it.
Nobody. Okay. ever thought to say, Hey, is this misoperation of the centrifuges cyber? It was just assumed to be systemic malfunctions, design malfunctions. And by the way, that is what is going on, um, where Iran is going, where China is going, where Russia is going, [00:29:00] you know, if you want to cause damage, you go that direction because nobody's going to see it.
The engineers are going to see it as a problem. The cyber people are going to not see it because. There's no anomaly on my network.
Sean Martin: So let's, so in the example you, you gave the first IEEE, the November edition, Um, it wasn't until they did a, a side view of it did they spot the, the 3%. So presumably there were networking issues, scalability issues, and the overall system that just weren't, those anomalies weren't flagged.
Correct. Um, clearly when, when things in the other example, the second IEEE that you're putting out, Well, I don't know if it's that, but the other case you just gave where things actually started to fail. Mm hmm. That's easier to spot. [00:30:00] It is by the engineers. Right, so that, that's where I was going with this.
So let's assume for a moment. We'll go back to the, we can't spot it yet in a minute, but let's assume for a moment we, we see something, um, how do we, how do we get to a point where, and does it matter? How do we bring the teams together to actually figure out what's going on?
Joe Weiss: These are phenomenal questions, which are asking, is what we've been asking for the 25 years.
Um, when we first started the EPRI program. We thought of this term called donut diplomacy, which was, gee, have the engineers go have coffee and donuts with the IT or vice versa. And one would think that would have been all that mattered. Wrong. That's why we're still in this [00:31:00] position we're in today. Okay, where's the breakdown then?
Um, you know, one of the things that's missing is a psychologist in all of this to say why in the world are these two worlds not willing to accept each other? I'll give you one other too.
Cyber lives with network or security operation centers. It is monitoring in real time all of the internet protocol networks. Well, again, where the The, if you will, engineering or control system world starts is with serial or point to point networks that eventually become, you know, your internet protocol networks, only that's not looked at.
And you can't find that in a, you know, a network operations center. Meanwhile, in the engineering world, you [00:32:00] have a control room or a control center. And you'll see just screens everywhere and what they're looking at are, you know, um, you know, pressures, level flows, temperatures, you know, um, voltage and current flows, you know, it's an engineering center quite often these two centers may be separated by miles, states or countries.
And I'm not being facetious when I say they could be separated by countries. So. What's happening by
Sean Martin: operating system and by network and by by
Joe Weiss: by everything. Okay. So what's happened is when in a control room, you start to see a pump, you know, uh, you know, [00:33:00] starting to heat up or, uh, I should say a motor starting to heat up or you start to see a decrease in amperage or something.
In other words, a physical world. All right. Issue that you start seeing in the control room. The network operating center is generally blind to that because that's not affecting any bits or bytes. Meanwhile, where you're in the network control center, and you start to see bits and bytes starting to go on, how many times does somebody there call up somebody in a control center saying, Hey, are you having any problems today?
That almost, uh, I'll rephrase it, that rarely, rarely happens. And so, these two worlds, and that's what they are, you can almost say these two universes. are operating in parallel and oftentimes [00:34:00] divergently because I remember going to, I had to give a presentation here in the Bay Area, um, number of years ago and a utility person showed up because they were told they needed to hear what I was saying.
And we ended up going to lunch afterward. And this is the cyber security. And I asked him, and remember, this is for an electric utility. And the question is, if there were a cyber issue and the, and the only way we could keep the lights on was to open up the firewall, would you open up the firewall? You know what the answer was?
No, he'd rather have lights go out because that's what he was measured on than to have his firewall open. [00:35:00] One of the issues we have, the engineers have no KPIs and, you know, no metrics or anything in terms of cyber security. The network people have no metrics for the fact that if you're an electric utility.
Your operating reliability is being affected.
Sean Martin: So
let me, let me ask you this, Joe, cause I, I mean, I, I, uh, I, you nerd out on, uh, on, uh, sensor technology when you had a little bit of fun there. I nerd out on risk management. And I'm just wondering, to me, there has to be an entity above IT and OT, ICS, CI, uh, worlds that look at risk.
Because to your example of [00:36:00] the security lead in electrical organization, they're measured on protecting the infrastructure. Even at the cost of service delivery, that doesn't seem right. I don't know that he would have the ability to make that decision and have it stick. Which is kind of my point. There has to be somebody that oversees the whole kit and caboodle that says, Here are our objectives, here's the risk, here's what we're willing to tolerate, here are the decisions that follow because of that.
Does that
not exist?
Joe Weiss: Not well. And this is one of the things I've been pushing with insurance companies and credit rating agencies. Um. Take it back for a minute. Risk is frequency times consequence. In the control system world, there's only two numbers we don't know. Frequency and consequence, okay? Now, the other point [00:37:00] is, when it comes to cyber, who's responsible?
The CISO. Here's the issue. The CISO has no responsibility or ownership of a single piece of equipment. The CISO doesn't own the turbine. The transformer, the relays, the pumps, anything. Meanwhile, the person who does own all of that is kept out of the loop because he or she is not a cyber person. So when those discussions occur with the risk manager and the C suite in the board, who's in there, cyber people, the system is broken and that's what you're seeing.
In a sense, play out today, like with the Unitronics issue, [00:38:00] that people that understand the engineering piece are not involved. The people who understand the network piece are the ones making all of these decisions. And in the Unitronics case, this is a control system. It is not a router, a switch, a firewall, or anything else.
But the decisions being made are made as if that controller was the same as a firewall or a switch, and it's not. And so, without trying to go into any more detail, the guidance that is coming out is simply inappropriate.
Sean Martin: Yeah, it needs a boost in some areas, for sure. So I'm going to, funny enough, that was the driver for this conversation, but [00:39:00] you and I agreed to kind of broaden the conversation out a bit, which I'm very grateful for.
And I think a lot of people listening will be as well, but I'm going to link to the, the original article and the, and the subsequent one that you shared with me on, on the Unitronics piece. Some people can look at that and, and. Dig into more detail there. I'd like to, Joe, I'm, I'm like, uh, impressed, curious.
I don't know what the right word is. Control global. You write a ton of stuff there. Can you give me an overview? I mean, cause it, let me just go there quickly. Cause there, if you click on the dropdown, there's measure, control, manipulate, visualize, network, manage, protect. All these categories have six to 10 items underneath them.
And you contribute to some, many. A lot. I don't know. Can you give me an overview what what's going on there? Because I'm fascinated. That's the word I'm looking for. Fascinated by what you're doing. [00:40:00] So let me explain the work you're writing about, which is very good.
Joe Weiss: Let me explain also one other thing. I wear two hats.
One is my daily work hat, an independent consultant. I, you know, my company is Applied Control Solutions. I have a pro bono hat where I'm the Managing Director of the International Standards on Control Systems Cyber. Because I'm a huge company of one, being able to maintain, you know, a blog site of this consequence is a difficult thing.
So, Control Magazine has allowed me to use their site to blog. So, Control Global is simply. My blog site. And unfortunately, by the way, that's got me into trouble [00:41:00] because there are a number of other magazines and others who feel that I work for them for control and I don't. I'm an independent consultant.
They just happen to give me that spot and maintain that website for me. So I just wanted to clarify what that is, is this is. Arguably, one of the only places you'll find, which is the engineer's view of cyber security, and that's what makes it so different is because these worlds are still not working together because their goals are different, and in a lot of instances, they're mutually exclusive.
And we have to get, we have to break that and so far it's not happening. [00:42:00]
Sean Martin: Well, Joe, this has been fantastic and yeah, that what you just described, the engineer's view of cybersecurity is what caught my attention. You articulated it better than I was thinking it. And um, you're, you're very prolific there. I was cruising through some of your, some of your articles, very detailed and, uh, certainly it's clear you have, you've been doing this for a few days.
You have a bit of knowledge there and, uh, experience of what's going on and I appreciate what you're doing and I, I want to thank you for. Joining me today and who knows? Maybe, maybe it'll be back in a few months or something. We can, we can talk about some important updates. Hopefully there's something interesting in a positive note to, uh, to talk about in the, in the new year.
So thank you, Joe.
Joe Weiss: Sean, thank you for the invite and hope to do it again later.
Sean Martin: Absolutely. And for everybody listening, uh, I'll link to, uh, the, the two articles I mentioned, perhaps Joe can [00:43:00] share with us the AIEEE, uh, links, the one that's coming or one that exists and the one that's coming, I'll add it to it.
And, uh, appreciate y'all listening and watching. Please, uh, share with your friends and enemies and, uh, subscribe and enjoy. And most importantly, thank, thanks everybody. Thanks, Joe.
Joe Weiss: Thank you very much.