Episode 338 ControlTalk Now: New Trends in Smart Building Cybersecurity

Building Automation Controls Cybersecurity

New Trends in Smart Building Cybersecurity is the topic on Episode 338 Of ControlTalk Now the HVAC and Smart Building Controls podcast.
Anto Budiardjo, CEO at Padi.io and Facility IT Evangelist and Cybersecurity expert is my guest this week and gives us a unique, useful perspective on the State of Cyber Security in Smart Buildings.

ControlTalk Now Transcript


The following is a presentation of the ControlTrends podcasting network

Eric Stromquist
Welcome to control talk now you’re smart buildings video cast and podcast for the weekend a November 10 2019. This is Episode 338, where we talk about all things smart building controls and HPC controls. For those of you don’t know, this is kind of a labor of love for Ken smilers and myself. We both have day jobs so this is what we pretend to be on the weekends. And customers always come first can had a customer that needed to be taken care of attend to to do today so he won’t be on the show and I’ve got a great guest and I’ll try and attempt to go at so low. So without further ado, I’m going to introduce our guest our guest this week. His name is Anto boo Dr. Joe from Padi IO, man, I can’t tell much appreciate a chance to talk to you. We want to have you on the show for a while and today is The day Anto thanks so much for taking some time to be with us.

Anto Budiardjo
It’s really great to be here and chatting with you. I’ve been watching the show for quite a while intrigued and happy to be invited. Great.

Eric Stromquist
Well, fantastic, fantastic. Well, you know, for industry, people who might not know, man, you’ve got quite a career in smart building controls and walking us through sort of what you’ve done and what got you to Patty.

Anto Budiardjo
Yeah, I kind of started this journey in the UK in London in the year of 1989. Believe it or not, that’s 30 years ago from from from right now. And my my focus area has always been not really in the control systems, but what sits on top of that and the integration of different different systems and the first project that I was involved with as a product called the CDC engine, which was an integration platform in the UK. Back then it was integrating trend control systems with Andover and lighting and lighting systems and security system CCTV and other stuff. So that’s really where it where it all started. And I did several sort of other platforms over the course of the 90s. Several of the products that I developed the integration platforms, but used in many different projects in the UK and Europe through a number of OEM vendors as well. So that was really kind of the initial sort of entry of Anto into the building controls industry.

Eric Stromquist
Very, very, very cool. And you know, along the way, like you say, you work with the great, great, great companies on the caca labs for a while. And so now you are going to tell us about Padi now because that is an exciting, exciting sort of blend of, you know, it and OT as far as I’m concerned.

Anto Budiardjo
Yeah. So Padi sort of continues on this sort of integration theme that I spoke about that started in the UK and In the late 80s, and 90s. And it was really a sort of realization that I kind of had about two years ago that they’re obviously building control systems and IoT is becoming more complex. There’s lots of different systems that are being integrated. And in a way we saw that back in, in the 90s. But the technology really wasn’t as suitable as it is today with the internet. So when I started looking at it again, about two years ago, I kind of thought now things have changed. Now, there’s this thing called the internet, right? And we do things differently today. And the key part of that was that most if not all systems, certainly new systems and new devices are built with web servers in mind or web page consumption in mind, right? So everything’s all web based these days. That’s kind of That’s kind of how it is. And I kind of started thinking, this is going to cause a lot of problems work for users down the road, because they’re going to be bombarded, they’re going to be asked to go to different websites with different credentials with different ways of them operating. And this is going to be a problem because people are going to need to manage all of that. And on top of all of that, I think we all know that buildings is not a solo sport. Right? Right. Right, right. So you never do these things on your own. Right? When it when it comes down to it, you’re working with other people, you’re working with vendors, you’re working with experts in different areas, you’re working with maintenance teams and other sort of people. And as well as your team, you know, you brought a team. This applies whether you’re a system integrator or a facility manager, it really doesn’t matter the other people involved. So the sort of the These web pages that I was referring to earlier, is not just something that’s going to be consumed by one individual is something that is going to be consumed by multiple people. Right? Right. Right. Like this kind of like the how the internet behave these days, right? We kind of its interactive and what we’re doing exactly that. So again, this, this, I thought this is going to create a lot of problems in terms of how people are going to manage all of the different things, all the different systems, but also manage their relationships with other individuals that they need to work with. Right? So Patty was created to solve all of this problem, right? It’s created so that as users, you can aggregate all of the pages that you care about all of the web pages that you care about that then you can share those pages with under other individuals that also need to access the those pages and you can collaborate with them, whether it’s in the process of of engineering a control system as part of an exercise work or control contractor, or whether it’s a facility management, kind of a team working on that. Or, you know, if something goes wrong and alarm happens in a boiler or some unit, then along gets created, and then you all of a sudden need to work with maintenance team or some experts across the country across the world, right. So internet enables that. And Patty sort of makes that all happen.

Eric Stromquist
That’s a really cool platform in looking at it because again, you like to create teams, you can create groups of information. It’s a great way to organize action plans, data and everything else. And I can totally see that being really, really useful in in a building a smart building like you like you said,

Anto Budiardjo
just just one one little sort of anecdotal thing. Is that the name Padi, yes. You may be wondering what that’s all about.

Eric Stromquist
Well, I went to the website, so I know what But I think it’s very clever. So how about enlightening our audience?

Anto Budiardjo
Okay, so I was born in Indonesia, in Asia. So Padi is an Indonesian word for rice, rice and rice is our metaphor for the billions of devices in the Internet of Things, right? Nice, nice grains of rice that are billions of devices, eventually that’s going to happen. And in a way you don’t care about the fact that there are billions of grains of rice, you care about the bowl of rice that’s in front of you that you want to eat. Right, right. And so Padi, the system is the same. You don’t care about the billions of things in the internet of things you care about your bowl of rice and my bowl of rice is different from your bowl of rice. That may be overlaps, but that’s kind of how the whole thing works. And, and that’s really the rationale for tonight.

Eric Stromquist
That’s a great name. It makes a lot of sense. And of course, you know, this way if you see some rice you want on the other side of the world, you can bring it put it in your bowl very easily with the So that is that is really Rico, how do people sort of engage with you visa v Padi? So I’m interested in Padi, who’s it for primarily, I mean, you’ve given us some general generalities. But you know, it’s courtroom in our industry, who do you see using it? How do they sort of get engaged and work with you guys on that?

Anto Budiardjo
So there’s really sort of three audiences that we think about and Padi is still in early days, I would say. The first group that we were getting a lot of really positive feedback from our the sort of the system integrators and the contractors and people that actually working with working together to create buildings or create these sort of sophisticated buildings, right? And we talked to many of them and they look at it and say, okay, so I can manage, I can organize, okay, I can organize control systems and controllers and analytics and stuff, but before I actually get there, I can think about using package organized specification documents, drawings, right budget calculations, checklists a whole bunch of other stuff right because Padi in addition to being able to manage devices and systems, it can also host PDFs and drawings and any anything that is that can be displayed on an HTML page can can be aggregated in padding right. So people say okay, so we can use it for that. So it becomes a sort of an extension of the project management. It is not project management system itself, but just sort of aggregates everything right. And then once you start to install systems and devices, they can be brought into that same structure of of pages that make up your your Padi sort of framework that you can then share with your with your colleagues and your your vendors and other people. And then the second group is when you start to think about Patty being used in the operations of buildings. So think about a system integrator or contractor, my first sort of use case creating the pages, right. And then when it comes to the time where that those pages need to be delivered to the building owner, right, essentially, with Patty, they just get shared to the building owner, right the same way as I would share a Google Docs with you. Right, it’s kind of very similar to that. Right. So then the the facility managers and the building owner would have access to those pages, and they can add their own pages. Again, a lot of it will be the systems that they use on a daily basis. They can add CCTV cameras, they can add a whole bunch of other stuff and they can also add sort of other information that may be useful and valuable to them in the operation of the building. Right. So for example, take a silly example if there is a cafeteria restaurant in the building, you may want to put a link to the to the menu of what’s going on. On that cash cafe that bed, right, sorry, cool. It applies a lot to IoT and system, but can also apply to other to other sort of information that’s available and valuable for for them when they’re operating, operating the building. So, so system engineers and system integrators sort of one use case there. The other use cases, the operation side. The third target is really sort of where we’re focusing right now are the vendors, right? The vendors of systems and devices, of which there are many, many different components that you know, and you talk to on a daily basis. For for those, those kind of conversations, is really about using Patty to deliver that service to the customers. Okay? Because if you’re, if you’re creating some kind of system that is web delivered, it could be analytics. It could be some kind of management that could be in cyber security controls or whatever, right? At some point you that needs to be consumed by the users. Right. And again, as I was saying earlier, the users have a whole bunch of other things to consume, not just that particular service. Right, right, by using Patty as the delivery mechanism, right? It can be delivered and integrated, automatically integrated by all of the other things that the system integrators and the facility managers need to use.

Eric Stromquist
Right. So cool, so disparate types of data, you can bring them together in one platform. Yeah.

Anto Budiardjo
That’s exactly right. And but you know, we’re early days yet, with Patty. We obviously would welcome all of the interest in terms of feedback and actually getting this thing going. But it’ll it’s it’s it’s a change in how people will start to operate in a more efficient way. And I’m not naive to the fact that change takes takes a bit of time in it. in any industry, and especially this one. So really encouraged with all the feedback we’ve got and looking forward to doing this.

Eric Stromquist
Well, very cool. And with your permission, I might post the video, you had a really great video that does a great job of sort of showing the power of it in the flexibility. I’m sorry, with your permission, I’ll post that on ControlTrends as well. And we’ll, we’ll get that done. And then we’ll put a link also to Padi, so get hold of you guys. And I just gotta ask though, dude, is it cyber secure?

Anto Budiardjo
Okay, so this becomes a nice segue to talking about cyber security. The answer is yes, that’s actually a critical part of Padi that is that, as I say earlier, all of these different websites, typically they all have credential and security requirements, right? So you have to log into one and then when you go somewhere else, you have to login to another one, blah, blah, blah, and it gets really laborious, right? When site when securing the system becomes laborious, this becomes dangerous because that’s when you do that’s when you take shortcuts. That’s when you have, you know, the ABC 123 passwords. And because you can’t remember all of these different passwords, right? So it becomes, right. So the critical value proposition or Padi with respect to cyber security, is that Patty sort of hides all of the complexity of the the credentialing mechanism, you log in once the patty, right. And once we have the the integration properly executed with a different system providers, the user will then be able to maneuver and navigate between all the pages that he or she is allowed to view, right. And that’s managing Patty by whoever’s administering Padi. And throughout that process, they won’t be challenged with any additional security, right. So the system is as secure as you know, the internet as Google system we use the Google Cloud platform to do that is as secure as the system’s individual systems. But Padi sort of aggregates and manages all of the different credentials. So you end up with a single sign on to all of the different systems that you need to access. So it’s inherently designed to not only to be secure, but to solve a key part of the security, cyber security challenges for building automation people

Eric Stromquist
know it’s kind of like a PayPal of building automation controls or data, right? I mean, because is that similar to the PayPal concept, you got one point you go in and you secure and then everything is secure behind that initial login?

Anto Budiardjo
Yeah, PayPal, but you know, there are other sort of similarities and other other analogs but PayPal kind of works in it. Right. All right.

Eric Stromquist
Well, you got it. I’m a cybersecurity novice. So you got it. You got to throw me a bone here. I’m, I’m the best I can with so but you cybersecurity is such a key trend that you Know that we’ve been tracking on ControlTrends, the whole cyber security thing. So and you’ve written a lot of articles, I would argue that, you know, you’re one of the great cyber security minds in our industry, sort of walk us through what you’ve seen in terms of cyber security, Visa V, building automation controls, where it was, where it is and where you see it going.

Anto Budiardjo
So I think the, the place we need to start is really sort of acknowledging why we are here with regard with regards to cyber security. Right? why we have this problem and building specifically right cyber security is, is an issue everywhere, but in the context of buildings and building automation systems. Why do we have this problem? And the problem really stems from the fact that through the, the 80s and 90s, when electronic digital systems started to proliferate and building automation system in buildings. Those systems were standalone, right? They were Initially proprietary but eventually with with with standards, they were typically not connected to anything, right? Even not connected to other different systems, right like CCTV security, lighting, lighting was its own thing HPC was a certain thing with its own network that they don’t really cross disciplines, right. And that’s why I was doing all of the stuff back in the 80s and 90s to actually integrate them, right? So they were always separate, right? So when when you when your network is completely disconnected to everything else, you really don’t have to secure it as much as when it is connected to everything right? Because you really only you’re really only protecting your system, let’s say dhvc system, you’re only protecting that right and the sort of the the saying goes that you know, what’s the worst that can happen? somebody breaks in and changes the set point and you know, Maybe turn the light on and off. If you’re in the lighting system, that’s not really, really bad, right? And it’s going to be inconvenient for somebody, but it’s not really bad. And therefore, you know, through through the decades, the building automation system, industry is really sort of gotten used to that way of operating, it really has not needed to deal with security seriously. This is why we see the sort of the common problems of posted notes stuck on monitor with username and passwords, which from an IT perspective is kind of the worst thing you can do. You can shop for that. Right, right. You’ve seen it, I’ve seen it going to control rooms, and you know, and utility rooms and whatever. So the industry sort of got into this sort of mindset that it doesn’t need to worry about security. Right. So that’s where we start now, over the past five or 10 years, the integration or the convergence with it. has become real, right? I know, technology wise kind of started in the 90s. But things are becoming more IP today. Right. And so when you’re starting to think about putting the systems into it systems, right, then all of this sort of learned behavior that we’ve had over the past decades doesn’t work at all. Right? It’s really, really bad. Right? So that’s really why we’re in the situation, right? The many of the products are not really built for the secure the security sort of posture that’s needed for it. And many of the sort of behavior of how we build how we design, how we engineer systems and how the professionals operate on a daily basis. It’s just not it’s not it’s not a concern, right. So the biggest thing is, how do we change this? How do we change the industry for an industry that’s inherently not been that concerned about security to one where security is a critical thing, right? Because if you want to connect it, if you want to connect be a systems to it. It has to be secure. There’s no option to that right now. So the one of the ways that I’ve seen in the last couple of couple of years that sort of addresses this without really addressing it, right, is separating the network by creating sort of a shadow IT network, right? people refer to this commonly as OT, right? So this is a discussion about it, OT divide it LT convergence, right. And I believe that the winner, one of the driving force of actually keeping a separate OT system from an IT system is sort of extending this sort of behavior that’s inherently not really Right, right. We basically want to create a separate system just for ot does not connected to it, therefore we can continue the behavior of the last decades. Right? I think, you know, I can see why people think that way. And I can see that can be sort of a transition very period. But I think we need to think seriously about building automation systems in the future to be integrated, well integrated in an IT system. So we have to really think about both the technology and from the behavior perspective, professional behavior perspective, to really be as secure as IT systems and it professions and IT organizations require.

Eric Stromquist
Why haven’t they done? Why haven’t they done up to that up to now and

Anto Budiardjo
why isn’t that happen? because it hasn’t needed to. Okay, all right, really, because we’ve, you know, the functions of building automation can operate separately, and it’s kind of easier that way. And also because a lot of the products have not had the technologies needed for them to be secure. Right, right. What one of the things that that’s going on right now is obviously revolves around back met. Right. Back net, you know, has evolved since the 90s. The last 2025 years, there’s been several sort of security initiatives within the backend organization, right. It hasn’t really caught on because they’ve been very proprietary is the wrong word because back net is inherently open but proprietary in terms of not being the same as what it is doing. And so what’s happening now you would have heard of this, this new thing called back net se back, secure Connect right? That has is actually going through the all phases of the standards process it was voted out of committee last week, the back net meeting last week. So it’s going through the X ray standards process right. And we hope that it will be it will become a standard efficiently by the time we get to Orlando in HR. Right. And the key part of magnet SEC is that really for the first time with BACNet SC right, it has adopted it centric technologies is adopted to basically pls communications for communication between devices, right. So if you don’t know what pls is, when you log into Wells Fargo Bank on any anything on the internet, or when you go to any secure site on the internet, you are using pls to care so that’s pretty

Eric Stromquist
pretty dark because that’s a controller to controller type thing.

Anto Budiardjo
Okay? Right. So, so we’re back, net SC all of back net devices that have the back net se in them in the devices in the stack will communicate with other devices using pls right? So it’s secure. Okay, all right. So that that resolves a very key problem with back net because it was always bus oriented that’s that really didn’t have any technology. I didn’t have any cybersecurity sort of protection

Eric Stromquist
right? So you can see that being like a Ford integration solution if I got a new project and I go with the BACNet SC I’m good to go but all these devices already have back to his are going to go backwards to another words to us see, the building automation controls committee replacing older devices with this new BACNet SC or is it do we actually have to replace a controller? Is it a software upgrade or how would it work?

Anto Budiardjo
Well, you you caught it doesn’t fix all of the the insecure devices does not fix the BACNet IP. No, BACNet me TP devices, right? The standards does not fix them automatically. I guess in some cases, they can be firmware updates. But generally speaking, that’s probably not the case. Because by putting in TLS, you require certificates within each device. Right, right. Bit more horsepower and each of the devices. So generally speaking, it’ll be new devices that will have back net se in them, right. So the race of magnet FC doesn’t secure all the old backpack. Right? Remember, I’m sure there are products that I’m already seeing in terms of things like routers, so that you can actually take back net se and isolate the back net MSRP the insecure devices and have a router that will then be secure from that point upwards, OK. So those kind of architecture will, will will happen and will will sort of evolve right? So once BACNet SC devices are available in the market. Everybody should use them. I mean, it has to be sort of the de facto. But what’s what’s I think the the other thing that is really important to understand about back networks is that back net sec, because I mentioned secures those connections between devices and between devices and supervisory kind of routers and stuff, right. And there’s, there’s, incidentally a concept of a hub back net SE hub, right, that orchestrates all of these things within within the building. What the, the one of the concerns is that it solves those issues, but it does not solve a whole bunch of other issues. Right, when you’re talking about cyber securing, securing buildings from a cyber security perspective, there’s a whole bunch of us stuff Right there securing the connections, great big check mark on that. Then each device has a certificate, right? How do you manage those certificates? And who

Eric Stromquist
manages them? Right?

Unknown Speaker
Yeah, who manages them? How do you manage them? How do you manage the their expiry what happens when they expire? How do you know they expire? and all that kind of stuff? And also, having a secure network of devices is great, but how do you do things like configurations? How do you do back not sort of backup and restore? How do you update firmware? How do you get all of the sort of the event information, the CES log, right, and also how to do all of that in an interoperable and standard way? Yeah, yeah. So it kind of it there’s a number of sort of different approaches people are taking, and you’ll see quite a lot of that at HR in terms of not just social The BACNet SC connectivity challenge, but also how to address all of these different sort of other sort of security issues that needs to be addressed.

Eric Stromquist
Well, listen, we’re going to get to HR because I know you got a big meeting there that we’re going to talk about, but I want to back up for a minute because, you know, sort of what we’ve seen in the field because it’s kind of like you got the IT departments, you got the BAS people never the two shall talk or me, right, right, because it kind of gets down to money at a certain level. So in the past, the sort of the pushback about building automation controls was Yeah, well, it can manage it, but there’s a cost to that, right. So whoever’s buying the building automation control systems, if it is going to manage it, they have to pay for that. And I guess pretty expensive. So one of the things we’ve seen is a solution is you know, thanks to maybe this gets to the shadow IT or creating the air gap. You know, there are companies that will they’ll just be as people coming to create their own separate network, right? Like someone toss the box or something like that. And we What I hear you saying is you’re saying ultimate that is maybe a stopgap solution. But that ultimately, that’s not really the solution we need to get to it sounds like what you’re saying is we need to get to the solution where the controllers are more secure, maybe back net se, but then somebody’s got to take responsibility for that. And do you see that being the building automation control people in a building or the IT people or a group yet to be determined?

Anto Budiardjo
That is really a great question. And I think that’s, that is the sort of the crux of how this is this is going to evolve. Right? And I think the answer is a new breed of people is going to materialize to actually have get this responsibility, right? Because you’re right, because the building automation professionals and facility professionals that’s their focus is The operation staff is kind of the moving of air and moving people from a security, you know, all that kind of stuff. And it is is doesn’t work in that in that in that sort of way. Right. So, as part of the I started an initiative instigated by some metrics company that I work with about a year and a half ago called a new deal for buildings. And we’ve been sort of the organization’s been sort of exploring the issues, right in terms of how we can actually make this sort of transition and make the systems that we know can happen, be installed in buildings, with black with a blog and also the summit that you refer to is actually being organized being organized by the New Deal for buildings organization. Out of that we did a white paper with with Kaaba think it was in last year. One of the things that came up was really a sort of a concept of facility it right facility it being a department within organizations, that is the sits in between the AS and it, right facility a facility it people would understand the issues with BS but also understand the requirements for the requirements of the IT with respect to not just cybersecurity, but other sort of more operational stuff, you know, assigning IP addresses and a whole bunch of things, right. So we’ve talked to an increasing number of building owners and security cyber security people and some of them are kind of talking about the sort of concept of another group and facility it seems to be that the term that is resonating. So I think that’s what’s going to evolve because keep them separate, as we’ve talked about earlier, as kind of It’s okay, it’s kind of a stepping stone to get there. But if we really the reason why keeping it separate isn’t an ultimate long term solution is that it doesn’t help bring all of this data that we know exists in INNBAS into it. So they can be analyzed properly and be easily manage and be analyzed and be fed into the enterprise system, right, keeping it separate, just that makes that hard, right. And combining it makes that much easier. But it has to be secure and it has to be done in the right way. And so having somebody responsible for that is probably the way it’s going

Eric Stromquist
to go get the children to play right. Okay, what about a parent? You guys got to play nicely. We got we got I got you. That makes sense. Well, let’s transition to HR because man, you’ve got a great summit, cybersecurity summit. Tell our community about that.

Anto Budiardjo
So we did this first. Last year of this, this process right in, in Atlanta and the thinking again go goes back to the the New Deal for building the new deal for building is really just kind of a think tank or just sort of a group of people thinking about how the industry, our industry, the BS industry can work better with building owners and facility management and operations. That’s kind of the mission of it, how to make this sort of more fluid, right. And so in discussions last year in 2018, obviously the the subject of cyber security as being the sort of the critical point that is sort of preventing this from from happening, right. So we thought okay, so that that needs better conversation about cyber security and a better conversation about how how important cyber security is for BAS and automation systems, right. So instead of brains We kind of said, let’s see if we can put together a summit at HR. And this that thought was like in November of 18. So it was like two months before and Risa can sit there and ask them if this was a good idea and kind of slammed the phone down at me.

Eric Stromquist
That’s our man can right.

Anto Budiardjo
So but you know, so we we pursued it and we got number of people to support holding the summit and we did it. It was a seven o’clock on Monday morning at ashtray HR, which is in itself a challenge, but Oh, yeah, we brought breakfast and people were attracted and we got over 100 people in the room. Man, congratulations, seven o’clock on a chart. That’s great. Congratulations. And it was really a good conversation because it Just four hours nonstop discussion about cyber security different aspects of cyber security. You know, we talked about BACNet SC and where it was at that particular point in time, we talked about the challenges and some of the things that we’ve talked about in terms of the, the concept and the ITOT. And the concept of facility it we talked about the challenges from specific, it sort of experiences, right. And we had, you know, a good number of companies participating, Johnson control was there k MC Delta, light x and metrics, BACNet international was there. I think there were a couple of others that I, I’m sure they’ll Forgive me for forgetting. So I was really good discussion and there was a lot of participation from the floor, which was also something that we wanted to do. We wanted to have this as a as a To a dialogue, so that was really successful. And I think that initiated a lot of conversation at HR in Atlanta, especially since it was right at the beginning on Monday so that was really good. So that was the first summit. And this year or next year in Orlando, we are doing it again,

Eric Stromquist
seven seven in the morning or do another another time fat All right.

Anto Budiardjo
So we’ve managed to get a more sensible time slot eight o’clock on Tuesday morning. Okay, I still early but we will have breakfast there for as long as it lasts. So come and join us eight o’clock on Tuesday morning in in room 311 g i think it is but it will be on

Eric Stromquist
it’s on the schedule. Perfect. Worth Canton, Claire will lead us because he books all our time coming in video and all his stuff at HR. But if there’s there’s an Opening there. Well, we can come by with the cameras. We’d love to videotape that for you if possible.

Anto Budiardjo
Yeah. come in at the beginning, because I don’t think he, he stops until about nine o’clock. So coming to the beginning, maybe you can interview a couple of the be there. I’d be great.

Eric Stromquist
Well, so now Anton, let me ask you something with all these different people that have come in and these these dialogues you’ve had with the Cyber Security Summit. What are some things that surprise you that you’ve learned from from being at that?

Anto Budiardjo
At the summit?

Eric Stromquist
Yeah, your cyber summit? You’re doing Yeah, but saying anything sort of go? Oh, my gosh, I never thought of that before or this is a really great idea. Or maybe. Where’s the education level with people? Are they on top of it? Are people still learning about it? Are you surprised with the progress you’re making? But yeah, I mean, what, what what’s what’s what struck you as is is interesting.

Anto Budiardjo
I think I think a number of things Right, I think going back to what I said earlier about why the industry behaves this way, right? It’s, it’s not that, you know, we’re bad people or whatever. It’s just like, how that’s how we’ve, we’ve grown up. Right. Right. Right. And that is very surprising, because you can’t do that in a in a in a connected world. Right? It’s surprising, but it’s not surprising, right? But it’s, it’s really worth pointing out that that’s just how we’ve evolved into what we are now. Right. And we need to we as a group of people need to understand that and we need to, we need to kind of make sure that we understand that that’s not the right way to go if BS industry and if the if the vendors in the channel is to continue to deliver the value of managing the event. vironment and facilities, right? So that kind of realization is probably sort of surprising to me over and over again.

Eric Stromquist
So So you got to kind of acknowledge that you have a problem before you can begin to solve it type thing. Yeah, I got you. Well, and I’m encouraged from what we’ve seen over the last several years, we’ve been covering cybersecurity, it does seem like people are acknowledging that this is an issue that’s not going to go away. We’re going to have to address it. We’re going to have to deal with it. And the solution we have today is probably not the solution. We’re going to have a year from now or two years from now we’re gonna have to keep evolving because the hackers keep evolving, right?

Anto Budiardjo
Yeah, yeah. Yeah. And you know, what, what you kind of have to remember is that this is the sort of the bad thing of thinking about bad stuff, which is cyber security and, you know, other broader world, things like terrorism and other things that we because we’re the protector of the systems, right. We have to be on guard And perfect 100% of the time, right? The attacker, the person who’s doing bad things only has to win wants. Yeah. Well, they can get infinite numbers of tries.

Eric Stromquist
Well said, what I said. Alright, so, so straight up question here. And I don’t really have children now. But imagine now you have a young child as I do. Do you encourage them to go to school to learn how to fight cyber security or become a really good hacker?

Anto Budiardjo
Well, I think the kids were inclined to be if hacking or sort of the the challenge of hacking is appealing. I would encourage them to be a white hat hacker. A white hat. That’s

Eric Stromquist
right. And for our community out there. No, we learned from Fred Gordy that you got white hat you got black hats. You got gray hats, right? Yeah. So just give your give you a little tyke a white hat when they start getting on the computer and let them know this one. They need to do but what my friend anything else before we sign off here? Because it’s been a great conversation?

Anto Budiardjo
No, I think we’ve covered a lot a lot of the things I just I do want to say one one other thing. It’s, it’s, it’s really goes back to, you know what we need to do from a cyber security perspective. We talked about the need, we’ve talked about the the broader need beyond BACNet SC and thingsis that there’s a lot of complexity there. Right. Andyou can’t you can’t hide from the fact that cyber security inherently is complex, right? So something like the certificates that needs to be in the devices. They’re not simple things to think about. They’re not simple things to manage, right. So really what I think we need to start to be able to look out for our tools to help us manage this complexity, right? That will actually help the help us, help the industry and help people to sort of get ramped up to be able to do what’s necessary for to make our system secure. Right. So it’s not just the technology takes having the technology is great having acknowledging that you need to do it and you know, the change of in sort of mindset is great. But you also need to acknowledge the fact that is complex and you need you need to be the you need the systems to be managed, you need the right tools for for people to use, because bs engineers and control engineers and the likes are great at doing what they do. Right. And the expectation that overnight they become it cybersecurity experts is just folly just doesn’t work, right. So you need the tools so that they can perform the functions that they focus on. Right and yet to be for their actions to be secure and to be well managed right so look at look at not just for the technology and for the change of behavior of the industry but look out for tools that will actually help us do this.

Eric Stromquist
Yeah. And you know, in Patty to me is a great example of that because again, it is one of my teachers once said, and God We Trust and all else get data so I think that’s one of the things you gotta have a cyber security is you got to be able to track what’s happening and have the data so agreed tools that can take the complex and make it simple. And

Anto Budiardjo
a lot of tools that a lot of people that you and I know that many of them show there’s been on your on your show here that are developingpieces of tools. Yes, right. And I work with symmetric for example, they’re doing a lot of work in terms of increasing the the tool set for the cyber security issues, but last All the companies doing it and we need to encourage that we need to make sure that people understand that those tools are critical for us to make

Eric Stromquist
building security. Very, very cool, my friend Well listen, I’m gonna need your help here real quick. Can you help me out? Derek said since Ken’s not on the show, we have an intro. So I need you to can you put your thumbs up like this and say Indeed, indeed. Okay, now when I was you’ll get to the part. I’ll do the intro, and then you just go indeed. Now go indeed, Antonio. That’ll be the end of the show you get with that? Yes, sir. All right, here we go. Hi. Well, there you go. Man. Anto, thank you so much. Great, great interview. We appreciate it and check him out at Patty. That IO. And with that, thank you so much for tuning in. And remember, be bold, stay in control and be cyber secure. Say indeed and, and there you go. That’s another week on control talk now. Very good man. UU past audition. That was awesome brother.

 

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

BE IN THE KNOW

Join 7,592 other subscribers