Note: This episode was not sponsored so the video edition is a “member only” perk. The below audio edition (also available on major podcasting platforms) is available to the public and supported by ads. To learn more about our membership/supporter options and benefits, click here.

Shawn Tierney (Host): Welcome back. My name is Shawn Tierney from Insights and Automation, and I wanna thank you for tuning back in to this episode of the automation podcast. This week on the show, I have Ashley Weckworth from ISA to talk about the OT cybersecurity summit they just held over in Europe in Brussels, and, very interesting conversation about OT cybersecurity. In addition to that, I had a couple announcements. First off, I wanted to let you know that I have rebooted the automation news podcast, and I renamed it Automation Tech Talk.

And I’m trying to do a show at least three or four times a week at lunchtime. So if you’re not already subscribed to the old automation news podcast, you should be able to find it now as Automation Tech Talk. And, I’m just trying to spend ten to twenty minutes every lunch trying to share some knowledge that I have with the community. I also wanna mention that if you are a listener, I’m running a special 20% off, sale on my courses over at the automationschool.com. You will not see that there.

It’s only for those listening. And I know most of you are already automation experts, so you don’t need to take these courses. So, really, this would be something you would pass on to the people who work for you or people you know who need to get up to speed on whether they need an introductory PLC course, so they need to get up to speed on ControlLogix, CompactLogix, s seven twelve hundred and fifteen hundred, PanelView plus, USC, and so on. So in any case, to get that discount, that 20% off any course or bundle of courses at $99 or more, All you have to do is send me the email address of the person who wants the discount. And, of course, we do do, group enrollment with, we’ve done it with a lot of Fortune 500 companies.

Actually, I got a new order that just came in I gotta process. But, when we do a group enrollment, you you enroll, like, several people at your shop, and then I enroll them all at once, and you get a discount a quantity discount and all that. So in any case, if you have any questions about that, just go to the automationschool.com. All my contact info is at the very top, my voice mail, my email. You can even fill in a form there or book a meeting with me.

But, please let me know if you know anybody who needs training. Even if you just want me to reach out to them to see if I can help them with their training needs, please let me know over there. And with that, let’s go ahead and jump into this week’s episode of the automation podcast. And, Ashley, I know this is your first time on the show. So before we jump into the summary of what what what this OT cybersecurity summit is and what it was all about and the highlights and all that good stuff, before we even get into that, could you tell the audience a little bit about yourself?

Ashley Weckwerth (ISA): Yeah. Thank you, Shawn. I appreciate being here. My name is Ashley Weckworth. I am located in Orlando, Florida.

I’ve been a volunteer for ISA for twelve years now. I actually have a day job, though. I’m a volunteer with ISA, which is the International Society of Automation. But in my day job, I’m actually a project manager for automation projects, so specifically SCADA systems projects for the electric grid right now. But our company also supports many other industries, so I actually started my career out.

I was a chemical engineer. So I like to tell people, you never know how you’re gonna find your way to automation professions. There’s so many different varying degrees and everything that kinda lead us to this place. But I graduated in chemical engineering, went into instrumentation and controls, for the oil and gas industry. So doing a lot of, you know, it was PLCs or DCS systems that we used.

But essentially, as I actually got my pro professional engineer license in control systems. So as a chemical engineer, you don’t know a lot about instrumentation controls and automation, at least I didn’t. And so I was actually recommended to join ISA right out of school. So I joined ISA in June 2012 and became a volunteer leader at the local section in 2013 and then just grew, in my volunteer roles, and I am now the ISA president-elect secretary. So what that means is in 2026, I will be the, ISA president for that calendar year.

So I’m excited to be here today, to talk to you all about the ISA OT Cyber Summit. I actually was able to attend this event this year. It’s the third year that ISA has done this event. The first year was Aberdeen, Scotland. The second year was in London.

And then this year, the first year I was able to attend was actually in Brussels, Belgium. So we’ve been all over Europe in different capacities, and I was really excited to attend this event. And I wanted to come on here today, and I’m so thankful you allowed us to come on here today to just tell your audience and community that are all very, enthusiastic about automation about this summit. So, hopefully, maybe they wanna attend in the future or maybe just can see what ISA is all about, and look into it more. So I’m really excited.

Shawn Tierney (Host): No. And thank you for coming on. You know, it’s we we all get so wrapped up in our day to day that it’s great to have people on, like, from ISA to tell us what’s going on. And, you know, maybe, you know, you’re you get in a position later in your career where you can actually spend some time after work, you know, meeting with, your colleagues from all kinds of different industries. ISA is a great place to check into and and get involved with.

But let me go ahead and turn it back to you.

Ashley Weckwerth (ISA): Yeah. No. And, Shawn, you’re so right in the sense of I tell people is even though right now I’m not really in the day to day cybersecurity or OT cyber space, this conference was actually still really beneficial because of all the diverse connections that I gained there. It was actually the first time I had been more of the minority coming from The United States in the sense that you had people from Spain. You had people from, you know, Belgium, of course.

You had France, you had Ireland, you had London in The UK. Right? You had different perspectives that everybody’s trying to come together. And ISA had this vision statement that’s create a better world through automation. Is and that’s truly what this group’s trying to do is we’re trying to protect all of our automation systems in the OT space against those vulnerabilities or those threats and how it will impact us from an operational standpoint, but also a business standpoint.

So I thought even though I’m not in it day to day, like you mentioned, is sometimes I just have my blinders on, do my job, know what I’m doing, is it was very unique to talk to these folks at the socials and in the the meetings and listen to them to really expand my knowledge of what automation can be and also what we can do to protect it, but also just, like, building those connections because you never know where your career might lead. And I really did value that. So, with that, I did wanna mention that ISA OT Cyber Summit did have two unique tracks this year. I do feel like we try to change up the tracks based on what’s happening in today’s world, what people are talking about, the trends in this area. And so this year, we had a chain a track called threat intelligence.

So really just identifying threats, knowing the vulnerabilities, knowing how to respond and react to those, how to prepare for those threats. So that was one track that we had, and the other track was securing the supply chain.

Shawn Tierney (Host): Hey, everybody. Just wanted to jump in there for a minute and pay the bills and talk to you about some of the changes coming to the courses at theautomationschool.com. If you’re watching this video, then you will see me standing in front of a bunch of equipment, and that’s because I am updating actively updating all of my PLC courses as well as filming new additions. So I just wanna make it very clear. If you buy the existing course today, you will get the updated edition as well.

And, there are some add on courses I’m doing that will be optional. You can buy them or not buy them. But in any case, I just wanted to let everybody know that I wanna protect your investment. I know I’ve been doing this for twelve plus years, you know, on my own as the automation school and the automation blog. And twenty five years before, I was, you know, working as a, a specialist.

But I just wanted to let you know that, you know, if you make an investment today, you’re not gonna miss out on what I previously did, but you’re also gonna get what I continue to do. And that that’s very important to me. And all my courses are buy once own forever. So if you, make the investment if you made the investment, let’s say, going back to 2013, 2014, you’re still gonna get the updated, courses. So I know a lot of people get confused when you start looking at the new versions of Studio 5,000.

It looks different, you know, than even version 30. Right? And so, you know, I figured it was you know, a lot of people too move to a Windows 11, and, there’s some new cool stuff I wanna include. You know, over the time, I’ve looked for different hardware sales and, you know, I bought a lot of different equipment, you know, just out of my own pocket that I wanna show you guys as well. So with that said, that’s an update on the automation school.

Now let’s get right back into this week’s podcast.

Ashley Weckwerth (ISA): So making sure that when we have disruptions to those supply chain areas or what those disruptions might look like, how are we gonna adapt to those? What does that mean to do to make sure that we’re being dependable and reliable in what we’re trying to accomplish in the supply chain and making sure we understand those impacts as well. So two different tracks. Of course, we had speakers, that sometimes overlapped both because they do kinda intertwine together. We had 40 speakers, two thirty attendees, and over 20 sponsors this year.

So the event just continues to grow and grow. But the, the real thing that I loved about the conference and the content was it it actually shocked me how transparent and open the conversation was, because I feel like at some conferences, you go and you feel like you’re just sitting and being, like, preached at. And you’re like, I don’t know if I agree with that. At this conference, I felt like was different. It had more panel discussions.

And one that really stood out to me is it was a panel discussion about ITOT convergence. And now this has been a theme word for years now. Right? IT, OT convergence, that’s the way to go. It actually took a shift in the the discussion in the panel discussion where people were actually like, why?

Why why are we trying to do that? It seems like IT just wants to do that, and OT is being told you must do that. And so I thought it was and and you would think that we were about to go, like, in a boxing ring, but we weren’t. Right? It was actually, like, people wanted to hear and be inclusive of counterarguments, which, again, I think was very unique for this kind of conference in the sense of you might think that we were trying to push OT, IT convergent, but it was no.

Like, let’s discuss the pain points and the challenges and where we like, what’s holding us back from converging? What are the benefits of that convergence? And I thought what was unique is we had IT backgrounded people on the panel as well as OT backgrounded people. So you kinda see both sides where they actually had people raise their hand what their background was in. And it was kinda unique to see the audience members being like, yeah.

I came from the IT background, and I’m being told I need to watch over this IT space or the IT people raising their hand or OT people. I’m sorry. OT people saying, yeah. I came from the OT side, and I want the IT side to to watch what they’re asking and be careful and stuff like that. And so I, again, wanna go back to it was very cool to see the diverse connections in this group, but also the inclusiveness that we weren’t trying to push ideas.

We were trying to get people talking about the options and what’s available and why. And I so I thought it was interesting that I feel like I’ve always heard, like, we wanna push towards convergence, with, you know, just having better data, knowing what’s happening through the whole system, and and from a cyber aspect. But I thought it was unique to hear how we could work together and keep them still separate in some certain situations and and why. And so that was that was unique to me. I I thought I was like, wow.

This took a it took a turn, but in a positive way. And I think we all left there really challenged with where do we want this to head, why, and how do we get rid of those pain points. So Yeah. You know, I

Shawn Tierney (Host): think a lot of controls engineers, right, they they know their they know their IT guys. So let’s say you’re an NGS er, and they know but they know the the cost of downtime. Mhmm. And and in many cases, there’s there’s no convergence because Right. There’s there’s no tolerance for downtime.

If you’re making computer chips or you’re making, well, I guess, even potato chips, you you really downtime is such a profit killer. Right? And Yeah. In in some cases, it can it can take years to recover from a day or a week of downtime. And so that mission critical aspect of what we do in industrial automation is not always that mentality is not always present in IT.

In many companies, and I’m not saying all IT people, but in many companies, IT is a firefighter. They’re a tech who’s been thrown into the, you know, thrown to the wolves, and they’re fixing everything from smartphones to, you know, trying to get the UPS, replaced to, you know, somebody needs a better monitor to the to the CEO, maybe needs a little hand holding to get the PowerPoint to work. So, yeah, different worlds and and and it’s so you every every and I’m sure you see this in your business, but every site, every customer seems to be unique well, because they have unique people. Right? But every site you go to is even different sites in the same company.

They have different cultures and just I guess they all have unique people, unique teams, so they’re gonna that’s gonna happen. But, yeah, I can definitely see where you’re coming from, with with that. That sounds like it was a very interesting discussion.

Ashley Weckwerth (ISA): Right. And you bring up a great point in the sense of I I remember specifically this, CISO or CISO, you know, chief information security officer from Johns Mansville came in and was talking about how he came from an IT background and was told you’re kinda leading this. And he noticed that he had the gap from the OT lens and that downtime, like you’re talking about, or the individual plant to where he did a strategic hire, essentially, or move to bring in an OT lens into his, you know, umbrella, essentially, to make sure he wasn’t, like, missing something or speaking and not realizing that impact of downturn. And that’s that’s actually Scott Reynolds who talked here, I believe, last year about this summit, is that’s who he brought under him to bring in that, you know, OT thought process, and they actually do travel to their different locations. Like you said, every plant’s different, every manufacturing facility is different, to make sure they’re hearing the unique circumstances and what they can do to support, but also not just, like, pushing them to do it a certain way knowing that there are the variances.

So I think that you’re exactly right. So perfect. So the other side, right, is that that’s really trending right now and especially in Europe, which I learned, fun fact, I was like, why is this conference in Belgium and in Brussels? And I did not realize that Brussels is, like, the de facto capital of the EU, the European Union. And so there’s a lot of regulation that is happening in Brussels and and things that, like, come down from a compliance standpoint.

And so a lot of the other, you know, discussions that happened was regarding the regulatory landscape across, all the all the world essentially and, like, NIST two, which I had to write this down because I am I’m not as familiar with NIST two, is network and information security directive. There’s been NIST one for a while or just NIST, and now they’ve come up with an update that actually spans across multiple sectors. And we can see from NIST two and from RED, which is radio equipment directive, and just other cyber initiatives and regulation coming down, cybersecurity initiatives, that more and more government or state officials are seeing the vulnerabilities that could happen or the risk that could happen if they don’t say you shall follow this or do something to protect your OT systems from, you know, disruption, from downtime, all of that, especially the those, again, like you mentioned, mission critical things. And and and there and I’m gonna talk about one specifically, one session that stood out with this. But I do want us to all be aware is, like, with these regulatory and governmental mandates or guidance or directives, is there are products out there and standards out there that a lot of people are leaning on to make sure they are protected and, you know, ready for an incident and how they respond, how they react if it happened.

And I I think last time this was also talked about is six two four four three. I think you all had Eric Cosman on

Shawn Tierney (Host): Yes. Yeah.

Ashley Weckwerth (ISA): On an episode as well. So I would advise anybody that isn’t familiar with 62443, go back, look for that episode to really dive into the meat of what that is. But ISA developed the the IEC ISA six two four four three standard that has different different layers to it that you kinda can pick it which layer you need to do based on where you stand in this process. But, essentially, is because ISA has this as the foundation is this is what a lot of regulators are looking at to be like, you need to make sure you’re doing this. You need to make sure you’re being as compliant as you can be with six two four four three.

So that’s why ISA continues to host this event and talk about it because we can see from a regulatory, you know, perspective that it is coming. And and and it has been coming for a while now, but I think it’s now being more enforced than ever before in certain regions. So just keep that in mind.

Shawn Tierney (Host): Yeah. You know, I think, and and I may get this wrong, but from a previous coverage of NIST and NIST two, you know, it’s it’s, you know, from memory, just going by memory. You know, NIST was really about core providers. So those people who, if they got hacked, could really affect society in a big way. And with NIST two, right, it broadens that.

So some industries that you may think, well, you know, if that plant goes down, it’s really not gonna well, it could affect your your community, your city in a big way. You just may not be have been aware of that previously. And so, you know, in America, I think you’re absolutely right. You know, not that we’re gonna get those same regulations, probably not word for word, but, you know, a lot of OEMs here are shipped there. Right?

A lot of integrators work on machines here ship there. But beyond that, understanding what the threats they’re trying to protect from, the six two four four three layered you know, the different layers of standards, You know? So you understand what when you see a product, right, like a remote access product, and it has all these different numbers on it, you understand what are they protecting? What kind of what kind of security was built in, baked into this product? Like, this this product has this number on it.

That means they went through all kinds of testing and and, you know, and to to make sure that their, you know, processes and the product itself and the supply chain and all that. So I think it’s very helpful. Not that we’re going to necessarily have to meet this and this too. We may have similar regulations, but the fact that you’re staying up to date with what’s going on in the world as far as cybersecurity is concerned. And we’ve had so many vendors on talking about zones and conduits and Yeah.

Just all kinds of all kinds of different things, you know, secure remote access, VPNs. And all of this plays a role in in you know, there’s just so many great products out there, but, you know, that that’s my pitch for why staying abreast of these is important. In worst case scenario hey, everybody. Just wanted to break in here and pay some bills. Did you know that the automation school is a factory IO reseller?

That’s right. Not only that, I have questions on using factory IO with ControlLogix and CompactLogix, with the MicroLogix and Slic 500, and with the micro 800. Now factory IO is a three d, factory simulator that allows you to really practice your programming skills, not on an actual machine, but on a three d simulation of a machine. And I’ll tell you what, some of these, are really challenging. Right?

The early editions are not the early levels aren’t really that hard, but as you get them to lesson three, four, five, six, and more, they start getting much harder. And a lot of times, we utilize, like, a state machine to solve them because, like, if we have, merging two different conveyors or if we’re checking for the height of packages and things like that, or we’re filling a tank, whatever we’re doing, a lot of times you wanna take a very sequential approach to those type of applications, whereas other applications, you know, you take more of a batch approach. But in any case, if you don’t know anything about Factory IO, go check out lesson one zero two in any of my PLC courses, and I put a little demo in there along with the free utility I give away with my courses as well as for the compact and control logics. There’s another package we sell called, PLC Logics that is similar to Factory IO, but it doesn’t require a PLC. It doesn’t require that you have your own license of Studio 5,000.

It’s actually it’s all self contained training, software. So check those out over at theautomationschool.com. And with that, let’s jump right back into this week’s episode. Don’t connect the plant flow to the Internet. You know?

I know you I know you wanna be able to VPN in and check on your PLCs, but, you know, just make sure that connection is ultra secure. If you’re not if you’re not sure if it’s secure, unplug it and and do the research because, you know, we’ve heard about the pipeline where there was, you know, a cyber attack and there was, you know, ransomware, and we’ve heard about hospital hospitals and, you know, just, you can pretty much think any place in our society, there’s been a ransomware attack. And so we’re just gonna be cognizant. We heard a major news talking about don’t even charge your phone at the airport because Right. Cult I don’t know how to get in, but culprits have been going in and hacking the physical hardware so they can steal your information when you’re using The US.

So we all have to help each other stay up to date on this. We gotta share these stories. That’s what people do best is share stories about things that are important that we need to know about. And, you know, that’s that’s kind of my pitch for staying. Let me turn it back.

Let me turn it back to you.

Ashley Weckwerth (ISA): Well no. And you bring up it honestly makes me think about a session that happened about Wi Fi. Is it it’s talking about Wi Fi security, and I know that I’m just as, like, guilty of this where we’ll just sign on to what we believe is the local safe Wi Fi, whether it’s the airport. Yep. Or the use case that he gave me even here, like, how many of us signed into the hotel’s Wi Fi?

Shawn Tierney (Host): Yeah.

Ashley Weckwerth (ISA): Right? And he talked about how and he kept saying, hypothetically, to make sure because he knew it was against the law, but, like, hypothetically, I could spoof it right now. Right? Is essentially and he went through how he could do it. Right?

How he could use a device, hypothetically, in his laptop to essentially make the Wi Fi go out for a second, create a new Wi Fi with a very similar name that makes you believe that that’s now the new connection that you have to, you know, say that you’re joining and, you know oh, there it is. My my current hotel Wi Fi went off. There’s the other name that looks very similar

Shawn Tierney (Host): Yeah.

Ashley Weckwerth (ISA): And joining and not realizing you’re joining, that unsecure network. They can get in different ways now. So you’re you’re very right. As I tell people, is is really that threat intelligence track at OT, cyber made me, in a good way, again, expand my knowledge for what is possible out there, but also, like, what what I should be thinking about taking into consideration in my day to day home personal, you know, career and life and what I’m doing. But also, what am I doing in the job that I should be second guessing or making sure I’ve thought through?

Are there any loopholes or gaps that someone could get in or is already in? Right?

Shawn Tierney (Host): Well, that’s the thing because you bring most people are bringing their devices to work. So if you get hacked at the airport or get hacked at the hotel, that’s a vector into your company. And a lot of companies, that’s where that’s where the intrusion comes from a personal device. I mean, today, it used to be people are a little on and don’t bring your devices. And today, everybody brings their phone with them everywhere.

Yeah. And so that is a vector into the plant. And that’s another reason why maybe your POC and HMI and SCADA system and VFDs and everything that you have in your network should only talk to a list of approved IP addresses and proved you know? You know? Maybe there should be some digital signatures there.

I’m not saying for for certain networks, but for other networks that are more wide open, like, maybe you plant for a Wi Fi, maybe you should be locked down a little bit more. Maybe it shouldn’t be a great place to to stream you to. But, anyways, let me turn it back to you.

Ashley Weckwerth (ISA): Well and and you, doctor, her name was doctor Marina Krotafil, And I’m gonna say it wrong. She actually shared a case study. Now I won’t give all the details of the case study, but, essentially, is it talked through how even at, like, state sponsored cyber operations. So when we’re talking, you know, we’re talking maybe, like, everybody thinks, like, hackers are, like, you know, the the people that just have too much time. They wanna do ransomware, get money.

They wanna get through it’s like, you know, you think about especially with all the things happening in the world today is Mhmm. Countries against countries or states against states, essentially, that want to get in and disrupt the economy or disrupt and show their power can do so through cyber attacks. And she actually talked through how attackers, especially at a state level, that get recruited by a state, maybe like a Russia, you know, at first, like, essentially, she went through different scenarios where is if a if a government official or government wanted to get in and learn the vulnerabilities and all that for another, entity or another country, they know how to do that. Right? They know how to essentially make it to where they they’re testing their limits.

Right? How long does it take them to get caught? How long does it take them to to make you notice that they’re in your system? How what do you do about it? Like, they’re essentially, she gave examples in this case study where everything certain state sponsored cyber operations do is strategic.

Right? They’re testing their limits. They’re testing their capabilities. They’re testing and training up folks for when they actually want to do something. And I think you mentioned this in other, podcasts too that I listen to is, like, we gotta be cautious that people could be lurking.

They could be in. They could be just not making themselves known in our critical infrastructure. And and, again, she she spun it in such a way that I’m not here to scare anybody on this podcast, but, essentially, just being aware that people are very smart, and we need to be smart and ahead of that as well. And that’s what I think this conference allows us to do is it shares best practices. It shares that knowledge.

It builds those connections. So now, like, you kinda mentioned, there’s so much equipment that you can buy and vendors selling different things that have different security settings. Like, all those sponsors make great products. And and understanding what they can do, what they can’t do helps us be able to protect ourselves, get ahead of these risks, get ahead of these potentials, and not be afraid. Right?

It’s kinda like you put a lock on your door to make sure you’re not just welcoming anybody in, not that you’re gonna plan for someone just to walk in your house that’s not welcome. Right? Is we wanna make sure we’re doing what we can, and I think that’s what this conference really allowed is to know the risk out there, to be aware of the situations, the cyberattacks that have happened in in recent history, but also, like, what can I do as an end user, as a consultant, as an integrator, as a product, you know, manufacturer? What can I do to make a difference to help safeguard our OT systems and make a difference and and protect them?

Shawn Tierney (Host): You know, I I I restore to the people. They’re like, well, why would they hack us? And it’s like, you know, take a step back. You know, the first of all, these people who are working for their governments, whether it’s The US, whether it’s EU, any country in the world, you name it. Right.

They all they all think that they’re doing a patriotic thing working for their com their country. In every country, every almost virtually every country in the world, virtually every one of them have been hacked by almost every other one of them. Yeah. And we don’t know who hacked for us. Right?

This is the eye for the eye thing. Like, it’s been going on for so long. You know, did the French start it? Did the Americans start it? Did the Russians start it?

Did no. Every country in the world’s been hacking every other country. There there’s no tracing back to who started this this roller coaster of hacking, but everybody’s perceived like the other people are hacking me, so I have to hack back. So you just have to be cognizant of that and and and understand that it may not be you. It may not be your company.

It may not even be what you make that’s the target. You may just be the punch back for the punches they received last month, and you’re just the only target they can hit. And so we we, you know, let’s stop all the punching. Let’s secure our facilities. So so we frustrate all of these, including our own, all these people who are trying to illegally hack into different companies and and cause problems like the ransomware.

And, you know, I and and it’s real. And, you know, it came years ago, it came to me. I put a SCADA server as a demo for my customers. I put it on the Internet. I was just like, hey, boss.

Give me a cable modem. I’m gonna put my server on. I’m gonna demo, you know, web based SCADA to all my, to all my great customers in the area. And the thing was hacked within a day. I mean and I’m going back twenty years now.

This is twenty years. It was hacked in a day. And every week, I would spend a couple hours trying to make it hack proof. You know? And, you know, this was before I even you know, firewalls were even, like, consideration for a small business.

Right? And so, yes, the people are being hacked all the time. Yep. We we you know? And and we have to be vigilant against those hacks.

And we gotta people are tired of me saying this. Also, please back up your PLC HMI SCADA systems and all those VFPs.

Ashley Weckwerth (ISA): Just in

Shawn Tierney (Host): case. Stuff up just in case. It’ll there there’s so much room on your hard drive now. You could back it all up a thousand times, and you would still have room left over. So I like to

Ashley Weckwerth (ISA): Can you imagine how much money you would save having that backup ready to go instead of like you mentioned, downtime earlier, right, is Yeah. Essentially, if if something were to happen, right, say, ransom ransomware hap whatever. Right? Is is you you end up saying, no. We’re not paying it, and you lose everything.

Is now if you had to rebuild all of that code and all of your systems and get everything back talking to each other is I mean, I don’t even wanna do the math. I mean, you’re talking you’re you’re not you’re losing revenue, just whatever you’re producing or making with that system, but you’re also now spending money to get it back to whereas if you had the backups already ready. Yes. You’re still gonna have downtime. You’re still gonna have to get everything back up, but you’re saving all that developmental time to, like, redo it all, essentially.

Shawn Tierney (Host): Sometimes you can’t. There are some machines that are so complicated. Right. And they, you know, they may have had changeover. Nobody may have that file anymore.

So take your take your own future in your own hands, back up everything, back it up more at once. Right. You know, and take it like Microsoft will tell you if you go to any type of server type of training or certifications, you’re gonna have a copy of that off-site. They all cannot be on your site because if there’s a fire where you store all that stuff, you don’t have any backups anymore. So very interesting stuff and, you know, I hate to preach.

I know the the I know the audience is used to me saying this stuff, but, but it’s so important. I I I’ve had multiple customers well, former customers, colleagues, audience members tell me about their horror stories where they had ransomware, and it’s just it truly is devastating to the companies. Right. And it really, like, I mean, it hurts people’s paychecks because, you know, there’s no raises that year, no bonuses that year, sometimes layoffs. So

Ashley Weckwerth (ISA): Oh, yes. It kills the culture. I mean, truly. And and that’s where I and I I think sometimes we take for granted, kinda like you mentioned at the beginning. We put our blinders on.

We just do our job. We think we’re doing our job, and you don’t think about all these things. And I think that’s the the benefit of groups like this. Right? Your podcast, bringing a community together to talk about things like this, lessons learned, things that I’ve learned in my career, my product.

Like, you’re getting knowledge out there, and that’s exactly what ISA is trying to do as well. It’s like, why do we all have to learn by the the hard way or learn by things happening when you have all these resources? That’s what I think frustrates me the most sometimes is people will be like, well, I didn’t know that.

Shawn Tierney (Host): Hey, buddy. I just wanted to jump in here and pay some bills and tell you about my training at the Automation School, my in person training that I do right here in my offices in the beautiful Berkshires. So many great things to do out here in Western Massachusetts. We’re about an hour away from Albany, New York. And one of the things you’re gonna find with my training that you’re not gonna find with, the big vendors is, you know, I can kinda customize it for you.

Right? So, you know, if you wanna do, like, a day of, Allen Bradley PLCs and a day of Siemens PLCs, I can do that for you. Also, you know, we teach not just using the the trainer trainer boxes, but we also teach using factory IO so that even the most advanced students should have a full day’s worth of work or two or three full days depending on what you wanna do. And you’re gonna see over the coming weeks, I’m adding even more hardware to the training room. I’m, creating all of these one by one demo boards that I’ll be showing you guys in on the, the lunchtime show that I’m doing, where, I’m bringing in things like Flex IO, Point IO, you know, seventeen sixty nine distributed IO, fifty sixty nine distributed IO.

All these things that, you know, if you go to some of the place where they just bought, you know, APLCs and APCs and say, here’s a manual, you’re not gonna get the same experience. So in any case, if you have any needs for in person training, maybe you don’t wanna send your folks off to the factory for $5,000 a pop and have them gone for a week, get in touch with me, and you can see all these details about what I’m doing over at the automationschool.com forward slash live. That is where I have not only information about my in person training, I have pictures of the training room, I got pictures of the building. I also have all the local hotels. Within three miles, we have all of the big hotels as well as all of the kind of fun stuff you can do in the Berkshires when you come out here, like visit the Norman Rockwell Museum, climb Mount Greylock, and there’s so many other things to do as well out here.

And a lot of historical places too, like Susan b Anthony’s home or Herman Melville’s home and so on. So with that, I just wanted to tell you about my in person training that I’m offering here in my office. And now let’s jump right back into this week’s show.

Ashley Weckwerth (ISA): And I’m like, but you gotta, like, you gotta go find that out. Right? You gotta ingrain yourself in a community that knows more than you do and admit you’re not the smartest person in the room. Right? And and learn from the group.

Right? Learn from the greater good that is really trying to help make make the world a better place. I know it’s a a tagline, but, essentially, that’s true. Right? Like, you’re trying to get the automation community more knowledge, more information, and that’s what ISA is trying to do.

And I think it’s nice to know that you don’t have to do it alone in the sense of whether you’re starting out in automation and you have no clue what you just signed up for, or you’re in it. You’re now charged with making sure the OT system’s safe is knowing that there’s conferences out there that specialize in OT cybersecurity as well as, like, standards that tell you how to make sure that you’re protecting your OT cyber, you know, security assets and all that stuff, but also training courses. So I think Scott mentioned this last year, but we did the same thing this year where we hosted two training courses with this conference that you could sign up for. One of them even sold out, and that was using the IEC ISA six two four four three standard, like how to use it to secure your control systems. Literally a two day course sold out.

Full house packed room. Marco Aiola? I can’t ever say his last name. Sorry, Marco, if you’re listening. He is great if you’ve never met him, but he has tons of knowledge.

He he trained that or taught that course this during this conference in Belgium. So if you’re not sure where to start and you’re just like, I just need to, like, wrap my head around what this standard is, maybe reading, you know, a standard is not what you love to do, maybe you want someone to teach you what’s in there and how to use it, that’s the place to start, as well as, Steve Mustard taught, assessing the cybersecurity of new and existing systems. So industrial con industrial automation control systems. So Steve Mustard’s also been on an episode. He taught a a class as well at Brussels.

And so I just wanted to encourage everyone that is listening, is you don’t have to be an automation professional alone. You don’t have to do figure out how to just make sure you’re safe and secure alone. Get involved in communities like this podcast, like ISA. Find those people that have walked it, have learned from mistakes, have done things because there’s resources out there that you can find and get involved in, whether that’s discussion boards, conferences, standards, training, all of the above, podcasts. I just I think that’s where I truly people are like, why are you involved in ICA?

I’m like, why wouldn’t I be? Like, it’s like you just it’s so much knowledge. It’s so take it take it with what I I say as I just ask people to get involved. That that’s what I’m saying in in any automation community.

Shawn Tierney (Host): Yeah. And if you’re an engineering manager out there, consider, you know, be in the first take the first step. Get yourself involved with your local chapter. Right? And maybe it is an ISA.

Right? If you don’t have an ISA local, there’s probably another another similar organization, and get involved. And if you find it valuable, right, that whatever it is, an hour or a week, an hour a month, then, you know, encourage the people who work for you to also get involved. It’s it’s yes. Some of them may find may network a little bit and find a new job, but then again, you may find people to fill positions you’re open.

So but it did just, you know, this this this industrial automation, industry is so tiny. Right? To tip to, like, health and fitness, right, or or all those type of things that that, you know, we’re we’re at a disadvantage as far as, you know, just be able to have, you know, everybody on the corner. Had there’s a gym on every corner or there’s Yes. You know, a a maker shop on every corner.

Well, with industrial automation, you know, a lot of times, we can’t visit each other’s facilities just because of intellectual property. So so consider that, and there’s some great places online, plcs.net, misterplc.com, and other forms online. We get the ISA and other organizations. So, yeah, I definitely, confirm that too. We wanna we wanna encourage people to get involved.

And I know a lot of folks are like me. You got family, you got kids, grandkids. You’re just busy all the time. But if you’re able to, and and I live in the boonies, but if you’re able to, get involved. So I I definitely encourage that.

Yeah.

Ashley Weckwerth (ISA): Exactly. And I have I have two boys on my own, two and six. And the the joke around ISA is that they’re the youngest members because they are going to be I literally have bought merch with ISA on it for them because it’s just one of those things that the it it it does take a village to be part of something like this and and try to really make a difference. So I do wanna go back a step. You mentioned this too, and I think it’s so valuable.

I joined ISA because my manager found the value and said, you should join ISA because it will skyrocket your career. You’ll learn from other professionals. You’ll network. You’ll get up to speed faster in this type of industry with if you didn’t. Right?

And I can tell you as as working for the same company now for thirteen years, that that hasn’t been a true statement. Is is it truly enabled me to, one, get involved in this industry, grow from an I and c engineer, you know, putting in big EPC projects, engineer procurement construction projects, you know, midstream refineries to now managing automation projects for my clients. And it I I I truly credit getting involved in the automation community because, again, it’s a small world. I’ve literally met people across The United States that are like, I feel like I’ve gotten an I like, an email from you. Like, are you part of ISA?

Like, it’s truly, like, you don’t realize how that, like, comes full circle. You’re like, yes, I am. And, like, what how do you and how are you involved? So I’ll just say, I totally agree. And I do want to say, if you go to events, is you might start you might be the first to hear something that’s in the works or that’s starting.

So I did wanna mention in here, because I think it’s it’s a really cool, initiative that’s rolling out, is our group ISA Secure, which, again, focuses on six two four four three, is they’re rolling out the industrial automation control system security assurance program this fall. So there was a session on it at the conference to announce it, and there’s a whole, flyer on it. You can find it at isasecure.org. What it’s doing is it’s kinda coming full circle. Right?

Is ISA developed a standard. They then made training for the standard. They then, you know, essentially said, okay. What else can we do? Okay.

Let’s do ISA secure and really, like, certify devices and and things that that fall as ISA secure. They’re doing what they should be doing. And now it’s saying, now let’s offer a site assessment program to where we will validate or essentially not prove, but essentially, they’re gonna say, yes. You are following what you can do for six 2443. And so it’s gonna roll out this fall, so more details to come.

Like I said, there’s a two page flyer on it. It goes through different stakeholder benefits depending on, are you an asset owner? Are you an insurance underwriter? Are you, you know, an end you you know, I said end user, but you know what I mean. It essentially is it kinda lays out that they’re going to come in and say, yes.

You are being compliant with 62443 as the person that, you know, wrote 62443 is essentially kind of validating that through this new, it’s called ACSSA. We love acronyms in ISA, and control systems love acronyms. So we had to fit the the part there. So all to say, I think it’s good to join events because they’re the first ones to know. I learned that at the conference.

So it’s essentially it’s like you’re always finding out what’s coming ahead that you can be on the lookout for, what can help you instead of going down a rabbit hole that you didn’t even realize this was coming into play. So

Shawn Tierney (Host): That’s awesome. That’s awesome. Was there anything else you wanted to share with us about the event? I know we covered a lot of ground already.

Ashley Weckwerth (ISA): Yeah.

Shawn Tierney (Host): But were there other things that you wanted to talk about?

Ashley Weckwerth (ISA): The only thing I wanted to say was, I know I mentioned this before, but I would say get involved at a conference that maybe is overseas if you ever get the opportunity. Next year, it’s going to be in Prague, Czech Republic, also in the month of June. You’ll find all the details coming out, on our website, o t c s, for OT cybersecurity, summit, .isa.org. And I I want to just reiterate that you really do build that diverse connections. You build confidence if you’re doing it the right way.

You get the knowledge if you essentially, you know, needed more knowledge on what to do to secure your OT assets. So I I just think going to a conference like this really builds that community, that network, and that confidence. And so I encourage you all to join, but, essentially, I think you should look at our pictures on our website. It makes it look like you missed out. I will say it was a lot of fun.

I was so glad to join. But I do thank you, Shawn, for letting me be here today.

Shawn Tierney (Host): No. And it’s great to hear what, ISA is doing. You guys do so much. And I know this, this security summit, OT security summit, or cyber summit is a big part and and and touches on a very important aspect of what, the audience the people in the audience do on a regular basis. And, we love getting updates from you guys.

Maybe we can get you back in a few months to talk about, some maybe something else you guys are working on. But, in any case, we

Ashley Weckwerth (ISA): should that.

Shawn Tierney (Host): Yeah. I really appreciate you coming on today and, bringing us up to speed on the the summit.

Ashley Weckwerth (ISA): Well, thank you, Shawn. I really appreciate you and your community.

Shawn Tierney (Host): Well, I hope you enjoyed that episode, and I wanna thank Ashley for coming on the show and talking OT cybersecurity with us. It sounds like a great opportunity to go to this, event if you especially if your company has, offices in Europe. It’s not something that I think I could do as a self employed person here in The US, but, definitely, any of you folks out there who are, you know, working with your European counterparts, maybe going to SPS over there, this may be a trip you may wanna consider. And, of course, please check out the ISA. They’re a great organization, and we love having them on the show.

I also wanna thank our sponsor, the automationschool.com. If you know anybody looking for PLC, HMI, or SCADA training, whether it be in person right here in this office or it’d be online, please, contact me directly at theautomationschool.com. You’ll see all my contact links up at the top of the site. And with that, I wanna wish you all good health and happiness. And until next time, my friends, peace.

Until next time, Peace ✌️ 

If you enjoy this episode please give it a Like, and consider Sharing as this is the best way for us to find new guests to come on the show.

Shawn M Tierney
Technology Enthusiast & Content Creator

Eliminate commercials and gain access to my weekly full length hands-on, news, and Q&A sessions by becoming a member at The Automation Blog or on YouTube. You'll also find all of my affordable PLC, HMI, and SCADA courses at TheAutomationSchool.com.