21 May Good Data Can Be Used to Anticipate Problems
Shaun Six, UTSI President, on The Green Insider Podcast with Mike Neemer, ep. 169… Powered by eRenewable™️
Why should we be concerned about securing critical infrastructure? Because it is near impossible without GOOD data that can be used to anticipate problems. Find out how in The Green Insider podcast hosted by Mike Neemer of eRenewable. Our very own Shaun Six lays out the case for good data analytics in 22 minutes.
Podcast as mp3 and digitally processed transcription follows below.
UTSI provides an independent assessment of your ICS cybersecurity through a multi-phase process that includes offline reviews, vulnerability assessments, penetration testing, and forensic investigations in the event of data breaches. We can ensure recommended practices are in place that have been vetted by experts, in order to reduce your risk of cyber-attacks.
With decades of professional ICS experience, UTSI’s recommended practices are a result of deep study and understanding of system vulnerabilities, attack paths, and secure architecture design.
Contact us to speak with one of our consultants about your specific ICS cybersecurity needs.
DIGITALLY PROCESSED TRANSCRIPTION:
Pre-recorded Announcer: Welcome to the Green Insider, powered by eRenewable. Each and every podcast… Hosts, Mike Nemer and Greg Frank will bring you energy experts to help you better understand the renewable and sustainability space. Education is important to us because it’s important to you, the listener.
Now, here’s Mike Nemer and Greg Frank.
GREG: It is episode 169 of the Green Insider, powered by eRenewable. My name is Greg Frank. We’re gonna get to the podcast in just a second, but before we go any further, as it was a fun recording with our guest, Shaun Six in the studio, we do wanna check in with eRenewable, COO Anne Nemer, and Anne’s got a few words for us.
So without further ado, here is Anne.
ANNE: Anne Nemer here, COO of eRenewable. We know today whether you are a public company, private equity, or privately held company, ESG and sustainability are important to your company. At eRenewable, we can help you achieve some of those goals. If you have any questions or need any assistance with regards to reaching your sustainability goals, please visit us at erenewable.com to learn more.
GREG: As always, thank you for listening to the Green Insider, powered by eRenewable, and we welcome you into the Green Insider, episode 169 of the podcast, powered by eRenewable, alongside Mike Nemer. My name is Greg Frank as we record on a Wednesday morning. Mike, it is the middle of March, and I know you’re jacked up about your Jayhawks.
Although we were talking before we jumped on. Not a good showing there against Texas in the Big 12 final.
MIKE: No, Texas has our number. We might have beat ’em once, but they shellacked us twice and but March is our time of year. We’re the defending champs and… Let’s see how closely we can come to repeating.
GREG: I guess the good thing is if you see Texas again, it’ll be in the Final Four, so that’d be a good problem to have.
MIKE: That’d be a good problem. I’m sure they’ll choke then and we’ll come through at that point.
GREG: All right, so let’s get to our guest now. He is Shaun Six the from UTSI, International Corporation. Shaun, it’s good to have you aboard here on the Green Insider. How you doing?
SHAUN: Doing well. Thank you for having me.
GREG: Absolutely. So just tell us a little bit about UTSI. How you got involved, your background and, and what you guys do.
SHAUN: Sure. So I’ve been working in critical infrastructure space for about 15 years and UTSI has been around for going on 38 years this month actually started here in Houston and we work with industrial control systems.
So basically, I always say we’re the first digital signature of the physical world, whether that’s a controller being on or off, or if that’s a pressure, temperature electric. Kilowatt measurement or whatever the case may be. We configured that from the filled all the way to the control room and everything in between.
MIKE: Well, that’s awesome. You know enough doesn’t get said out into the public about what’s going on behind the scenes in the measurements of all, everything that we have going on in the energy space. And I know that’s where you guys really have a focus there about measuring, trying to, don’t, you kind of predict things before they even happen or try to.
SHAUN: That’s the goal. Yeah. We want to get to that predictive analytic piece. But you have to have really good data and consistent data, and that’s what we do. We come in and try to make it measurable, repeatable, and consistent from the sensor all the way to the control room so that you can get a predictive indicator saying, Hey, this is happening or it’s about to happen.
MIKE: Just to follow up on that, how. Much more efficient. Have you gotten in your time with UTSI at kind of getting those predictive metrics to where you want them to be? I mean, I imagine that’s a process and getting out in front of the, you know, process is a little challenging sometimes. Just what, what kind of progress have you guys made there?
SHAUN: Yeah, we’ve seen a lot of progress and I think there’s a, it’s a two-edged sword. So there’s this term IIOT, Industrial Internet of Things. So sensors have gotten cheap, communication mechanisms have gotten prolific, so everybody’s got Bluetooth, wifi, cellular, so we’re able to acquire a lot of data, and that’s really what we do.
We’re in the business of acquiring data. The problem there to the double-edged sword so that on one side we’ve got better data and more data. Aggregating that and bringing that into a consistent way so that you can see it from a control room somewhere sometimes is difficult because there’s so much of it out there.
And the other part of that is it’s opened up a whole other surface. We call it a surface area of attack for hackers. So you could essentially insert false data or acquire someone else’s data so you can send a green light to somebody in a control room while causing a, a red light or a red-light incident.
Basically a bad situation’s happening. So anyway, to answer your question, yeah, we’ve gotten a lot better at it, but it’s also gotten harder cuz it’s like it’s like herding cats sometimes with the amount of data that’s getting thrown out into the field.
MIKE: I’m sure that’s true. And when you start talking about hackers, you’re also then referring to why cybersecurity is needed. Is that correct?
SHAUN: Exactly, yeah. And so when we’re talking about industrial, so what we do is industrial control systems or ics. And when we’re talking about industrial control systems the goal is really to. Make sure you have safe operating parameters. And if you don’t, you want a yellow light saying, Hey, this looks like we might be going into a bad situation.
And then a red light is, Hey, we have a bad situation. So you want those yellow lights to be really good and, and glaring on someone’s screen. And the problem with the IOT world is that sometimes you can have a red situation happening, but you haven’t aggregated the data accurately. So our job is to come in and help you.
Kind of corral that data, so to speak, and bring it into a, a uniform control situation where you get that, that amber alert ahead of the red alert.
GREG: What’s it been like for you guys from a staffing perspective? I mean, you mentioned it, how many hackers are out there, and how much noise there is on the internet these days? Just in terms of trying to you know, collaborate as best you can with your staff and tackle the issues. In a kind of team first manner, like what’s it been like for you guys in that light? Like what’s your staffing situation like?
SHAUN: That’s a great question. So, and I just got off a call today. The folks in my world we’re all collaborating and they think, you think in the business world it’s competitive and it is for the most part.
But when I got into this it was in 2005. It was a three to one ratio. So for every technical role coming in, there was three leaving the industry. The average age of the industry was 55. That has changed. It is 65 now, and it’s a five to one ratio, so we have to do more. So now imagine all the new things that are going out there.
There’s 73 billion in the not the, the, the recent act, I’m sorry, the critical Infrastructure Act. Mm-hmm. So the Infrastructure Act put 73 billion for renewables out there. People are building like crazy. Battery farms are going out, wind farms are going out, solar farms are going out. And those all require technical roles.
So there’s, there’s fewer people to do more work. And we’re all having a hard time. We get calls all the time for people looking to, you know, put in a control system and to put in monitoring and do cybersecurity. And the reality is, We need more people. And so my, one of my jobs, one of my, my goals is to recruit talent.
And I’ve been competing with the Amazons and the Microsofts of the world and they throw a $20,000 sign on bonus and hammocks. And I don’t have either of those. So, you know, we’re, we’re trying to, well, we don’t have time for hammocks, quite frankly. And, and you know, the sign on bonuses are just not reality for us, cuz we’re all working on small margins.
As you can see in green energy. There’s, there’s very small margins there. So we’re trying to do it and be competitive. So there’s times where we get phone calls from people. They’re looking for 12 people that can, can drop on the ground and do some testing and do some installation, and, and we just don’t have the people.
So we’re, we’re looking to recruit and hire as, as fast as we can to meet the demand, cuz there’s just the demand out supplies, the supply.
MIKE: What is the difference between what you have to do if you have an Oil-field customer and you’re measuring their pipelines versus if you have a wind or solar customer and you’re having to measure their output and looking for problems there.
What is the difference between the old-fashioned oil well and the new modern wind or solar farm?
SHAUN: Well, there’s not much of a difference, quite frankly. So at the end of the day, we are measuring data. And so it could be pressure or temperature. And in green energy it’s often kilowatt production. And so you’re acquiring data and the data has to be secure, consistent, and it needs to transfer and traverse a long way.
So you might have. The recipient of that data might be 2000 miles away, whether that’s a pipeline or whether that’s a solar farm. So we’re in the business of acquiring data securely and transferring that data consistently.
MIKE: And is blockchain involved in any of the transferring of this data?
SHAUN: It’s not yet. It will be, and I believe what we’re seeing again with IIOT, so sensors getting cheaper, storage, getting cheaper. There’s a lot of ability, what we are gonna call fell safe. So you can, you can have a hack in the middle and still acquire the data. And whenever that hack is secure or the data is or the, the network is secure, you can start transferring that data back.
And I believe blockchain’s gonna play a big role in that. And I, I believe, so when we’re talking about data transfer, we’re also talking about transfer of custody. So that could be electric transfer of custody. So I’ve generated it from a wind farm and I’m transferring it to a grid, or I’m producing oil and I’m transferring it to a pipeline.
So at the end of the day, we’re transferring data. We wanna measure that data, hand it over and say, I produced “X” and I’m, I’m handing it over to you, and now you’re in control of it. So I’ve transferred that. That’s a, a legal obligation, right? That’s a legal contract that’s not too different from what we’re seeing with the ledger on blockchain.
So I believe there’s a great opportunity, and there are some companies out there doing this like Data Gumbo that are helping with the acquisition of that data and the transfer of that data and using blockchain to encrypt it. To secure it, and then to actually even store the, his historical. So right now the traditional model is you transfer that data, it’s not saved on the edge.
So if you get a hack on the edge, you don’t know what’s happened. Or if you get a hack in the middle, you don’t know what’s happened. So we want to push that down as far as we can in the future to store that data there. And so you can validate, which is what blockchain’s really good at.
GREG: Yeah. You’ve mentioned a lot of things about information and other companies out there, and I’m just curious with UTSI in terms of your networking and relationships with other people in your space, I’m sure that’s an important thing when it comes to acquiring more information and data.
You know, how wide of a network do you guys have in terms of other companies and, and people from outside the company that you’re talking with to try and just spruce up your information a little bit.
SHAUN: Oh, that’s absolutely huge. So working with blockchain companies, so we actually have a decent, well, so there’s a, there’s kind of a, the blockchain bros and, and we talk about that and that there’s a lot of popular use cases for, you know, NFTs and we’re not really.
Doing that. But then we’ve got decentralized ledger technology, which is, is really what we’re interested in. And so that we, we have a strategic partnership with a company called Notorus. We’re working on a, a DOE project right now with them. And so again, we’re agnostic. We’re, we’re vendor agnostic, technology agnostic.
And as a result of that, we get to partner with some really cool tools and other companies called Nozomi. So they do active monitoring of networks, and we’re working with a company here in Houston, a startup called Pandata. Or Pandata Tech, I get in trouble for calling it “Pandata”. Apologies Gustavo. But so Gustavo runs that company and we’re partnering with him on the DOE project as well.
So we want to do real time data science and data analytics as close to the edge as we can, and companies like Pandata Tech help us do that. And then companies like Notorus help us with the encryption of that data and the pushing it down to the edge.
MIKE: Well, you know, a few minutes ago you talked about data gumbo. Mike Matthews was on our show, episode number 100 exactly 51 weeks ago and now your episode 169, so that’s perfect.
SHAUN: Yeah, great, great company and I’m very proud of them. Proud, proud that they’re in our Houston ecosystem.
MIKE: They’re doing a lot of good stuff, and we appreciate you here today too. Let’s go to the next popular topic that you hear people talking about nowadays, Bitcoin.
Okay, so we’ve done a little oil, we’ve done little solar, Bitcoin. How does your service, even though it’s the same process, probably just kinda walk through. How does your service and cybersecurity come into play with regards to Bitcoin? Is there a play in there somewhere for you?
SHAUN: Yeah, there is and, and we’ve talked about this and to be honest, the oil field is not always known as being tech forward, but that’s, that’s not really true.
So the popular, they, they think, “Hey, this is an old school industry”. But there’s a lot of companies, there’s a lot of Processing power capability at the edge, like I keep saying the edge, but just imagine a field remote site far away. So that could be a solar farm, a wind farm, or oil field. And there’s a lot of capability out there.
And there’s companies that are actively mining Bitcoin with the excess energy that they produce, and they’re storing that Bitcoin. So they’re a node in the, in the network. At the farthest edge, so you could have, again, it’s all about resiliency for, for me, I, I look at it as this is critical infrastructure and, and critical infrastructure is not a term that you just throw around loosely.
There’s, there’s 16 industries that are considered critical infrastructure for the safety of the environment and the economy and the people. And so energy is one of those. And we’re trying to make that as resilient as possible. And part of that for our economic system, I think is going to be tools like Bitcoin and that blockchain encryption as far down in the edge as you can.
So you can have a complete failure in a, in a system like here in Houston, but you could have all that transaction backed up. And so the ledgers backed up in the field. So when we come back online, that data starts flowing back and you, you capture all that.
MIKE: Well, I know it’s important because, you know, so many of, in Texas, so many of our data centers are mining for Bitcoins.
It’s Bitcoin miners inside those data centers. So they’re using tons and tons of power. Yeah. And they’re going 24/7 occasionally. You know, some of ’em do some demand response with regards to buying their energy so they can go offline for a little bit when the gut grid needs it, which is important. So we’re glad they’re here and we’re glad they’re able to participate in those kind of programs.
But, I don’t know if the public really realizes how much power is going through those data centers and the data flowing back and forth. Resiliency and cybersecurity and all the things you’ve talked about here is very important with regards to what’s going on within those data center companies.
SHAUN: Right. Well, well think about this. So I think the future cloud is gonna be a Bitcoin type decentralized node. And so it’s great to have data centers cuz you have economies of scale. But if a data center gets hacked or breached for whatever reason, you want to be able to fail safe. And have that data backed up somewhere else, which is where, why Bitcoin is so resilient and why you’ve seen it take off.
There’s never been a hack cuz the encryption is great and you’ve got a ton of people participating as, as quote “nodes” on the network. So I think green energy and renewables have a great opportunity to build that resiliency at the farthest edge so that it’s, it’s physically hard to get to, it’s harder to hack.
It’s harder to attack. And you’re also acting as a backup to those data centers. So when they come back online, you can start. Storing that data and forwarding it back to them.
MIKE: Well, you know early in the show you talked about finding employees and getting people to you know, work within your company and your industry.
I’m sure more and more of the universities around the country are, are, are now offering cybersecurity majors or, or classes along those lines. When did that explosion take place? Within the last 5 years, 10 years to where those are more, a lot of the students are wanting to study that cause they see that’s the growth.
What has been the educational process to get students into the fields you’re looking for?
SHAUN: You know, it, the trend is really, from my limited perspective, it’s been about two to three years… You’ve seen a lot of schools pushing, so engineering folks and computer science majors were not asked five years ago to take cybersecurity.
It was kind of an afterthought. And to be honest with you, there’s a lot of great groups that do cybersecurity training, but in the universities, it was never really coupled. It was always an elective. And now you’re seeing it as, as a requirement. So you come out with a, a computer science degree. And you’ve got cybersecurity training and that’s, that’s becoming more prolific.
And so we’re actually partnering with other groups to help educate people and push them at the university level to take cybersecurity. And one thing I’d like to call out about cybersecurity. A lot of people, there’s really two worlds that we live in and the IT world where this podcast is gonna be hosted and our phones are all working on, that’s all what we call it then.
And there’s, there’s a host of it, cybersecurity people out there. And they’re getting trained on, you know, how to, how to secure and do multi-factor authentication on your banking system. So we’ve got two factor, you know, you log in and then you have like a biometric thing that you log into for your bank.
That’s great. But banks can go offline and it does cause disaster, as we saw with Silicon Valley Bank last week. But, That is not gonna stop your lights from turning on and your water from flowing. So what I would encourage people, anybody listening to this or that has any influence, is to push people in the cybersecurity space to focus on OT, operational technology.
So that industry control system, the power generation plant, and the transfer to the grid and all of that, that whole area is the biggest surface of attack for our enemies, and it’s probably the most underserved area of training for cybersecurity experts.
GREG: Shaun, last one for me, just in terms of the roadmap ahead for you guys at UTSI, and we’ve talked about education with cybersecurity students and people, younger people getting into the field. Just kind of how do you see UTSI fit in the rest of the decade here and where the industry’s going and kind of what you guys still want to do?
SHAUN: So, We are trying to get again raise awareness around this and get more people focused on the OT piece of the, the actual technology. So it’s great to have, you know, the next Uber and everyone’s talking about, Hey, I’m the next, you know, AirBnB or whatever, but we need to look at, you know, the next industrial control.
Expert and we’re recruiting for that next week at the ION. So we’re strategically partnering with, we’re in the Greater Houston Partnership, the Energy 2.0. It’s the Houston Energy Transition Initiative. We’re, we’re part of that, the Rice Alliance. So we’re strategically partnering with these companies that have this reach.
I’m meeting with one of the professors of, of an engineering program at Rice next week. So, you know, we set through some of their programs. It’s great school, great education, great focus. They’re looking to, to build the future engineering managers. So you have to have an engineering background and a business background to take this program that they have.
We’re trying to insert this OT cybersecurity piece into that. So everyone comes outta that program understanding that there is a, a huge component and a huge risk. And if you’re leading the future of our industry, you need to know what that risk is and you need to understand the, the industrial control space.
So that’s a big piece of it. We’re presenting next week with some of our partners. We’re presenting with Nozomi and Pandata Tech at the ION on Wednesday, I believe that’s March 20th. I might be wrong. Maybe it’s March 22nd…
MIKE: 22nd, 22nd, 22nd.
SHAUN: Thank you. Yeah. Yeah. So March 22nd at 12 o’clock we have a lunch and learn.
It’s free anybody can sign up on for that. And it’s really just to raise awareness to recruit new people and to get in front of these the green energy folks cuz you know, we had a conversation a few weeks ago with a company that got a huge investment to build battery banks in West Texas and they built these battery banks.
And so remember the freeze part of the freeze was we had all this energy generation way out there. The grid fell, couldn’t get the energy from the field to the, to consumer. So there’s a huge investment into that. And battery storage is one of those investments. They had a fire and they had alerts going off like crazy.
But because they had no control center, they had no standard operating procedure, how to monitor that the fire spread and it burnt down the entire facility. Which is horrible. It’s horrible for the environment, but it’s horrible for their investment and it’s horrible for what we were actually trying to do, which is make the grid resilient.
So we’re trying to get in front of them and partner with them cuz that could have been avoided with some just basic practices, some industrial control practices, some control room management.
MIKE: I’ll tell you what Shaun, we appreciate everything you’re trying to do to help bring resiliency, not only to Ercot, to all across the country, cuz you’re just in the United States at this point? Is that correct for the work you’re doing or are you also
SHAUN: No, we’re we’re all over. Yeah. I have a, I have a meeting with Kenyon Company today, so we do work we’ve done a lot of work in Spain, the Middle East. We’ve, we’ve been all over Bangladesh. So
MIKE: Oh, very good. We’ve learned something already, didn’t we? Yeah. But anyway, we appreciate you time. Thank you for joining us on the Green Insider and we’ll have to have you back in six months to get caught up. Very excited. Thank you. Thanks a lot, Shaun.
GREG: Okay, for Mike Nemer, I’m Greg Frank. That’s gonna wrap things up for episode 169 of the Green Insider, powered by eRenewable.
Make sure to subscribe to us wherever you get your podcast from and leave us a five-star rating because as the saying goes, you learn something new every day and we were responsible for today’s lesson.
Again, he’s Mike Nemer. I’m Greg Frank. This has been episode 169 of the Green Insider, powered by eRenewable.
We’ll talk to you again next time.