Beyond the Firewall. Powered by HUB Tech

How Converging OT And IT Protects The Systems That Run Our World

HUB Tech Episode 2

Share episode

Operational technology runs the systems we depend on every day. Power grids, hospitals, manufacturing lines, transportation networks, and smart buildings all rely on environments where uptime directly affects safety and revenue.

In this episode, we sit down with Pat Hurley and Ryan Davis from Acronis, along with Chris Daggett from HUB Tech, to explain how OT differs from IT and why convergence between the two is accelerating. The conversation focuses on what it takes to protect physical systems while maintaining performance and reliability.

We discuss the realities of securing legacy-heavy environments, where downtime is not an option, and many systems were not built with security in mind. Our guests break down how regulations such as NERC CIP, FDA requirements, and Europe’s Cyber Resilience Act are shaping OT security programs. They also explain the importance of asset visibility, network segmentation, and disaster recovery plans that teams can execute under pressure.

The discussion then moves into practical defense. We cover digital twins for safer testing, broad operating system support for faster recovery, and how teams manage aging machines tied to critical production. We also explore AI use cases such as predictive maintenance and anomaly detection, as well as the risks introduced by Industry 4.0 and increased connectivity.

This episode is for leaders responsible for uptime, safety, and cyber resilience across factories, hospitals, utilities, transportation, and smart infrastructure. It offers clear guidance for building OT and IT programs that work together to protect the systems that run our world.

---

For more information about all-in-one cyber protection, please visit  Acronis at www.acronis.com

---

The Beyond the Firewall podcast features discussions with technology leaders and practitioners who provide valuable insights into today’s IT and business challenges.

Follow the podcast to stay updated on new episodes, and watch full episodes and video highlights on YouTube.

To learn more about HUB Tech and the services that support IT modernization, visit the HUB Tech website at https://hubtech.com/.

Announcement:

Please drive the future by team. Powered leaders take to work. Welcome to the Beyond the Firewall Podcast. Powered by HubTech, where we go past the headlines to talk with technology leaders, industry experts, and IT practitioners, shaping how we work, live, and live. Let's get into today's episode.

Host:

Episode of Beyond the Firewall Podcast, powered by HubTech. I'm your host, Adam Shaffer, and today we're unpacking a topic that is critical to the systems that power our world, operational technology, or OT. OT runs the physical processes behind manufacturing lines, hospitals, utilities, transportation systems, smart buildings, and increasingly, it's intersecting with IT in ways that create new possibilities and new risks. To help us break this down, we've invited our friends from Acronis. So let me introduce the guests joining us today. First, we have Chris Daggett, Director of Managed Services and Security at HubTech, and also our co-host. Second, we have Pat Hurley, Vice President and General Manager of America's at Acronis. Pat is a veteran technology executive with over 17 years at Acronis, leading one of the industry's most recognized brands in data protection, backup, cyber resilience, and more. He's an expert in scaling enterprise and MSP go-to-market strategies, and he spent his career helping organizations stay secure and productive in a rapidly evolving digital landscape. And lastly, Ryan Davis, senior director of enterprise sales at Acronis, who leads global teams supporting the world's largest commercial accounts and major OEM partners. Ryan brings a unique frontline view into how the biggest enterprises are approaching OT, IT convergence, cyber protection, and digital modernization. With Pat and Ryan, we're going to explore what OT really is, how it integrates with IT, why it matters to every industry, what organizations must do to keep their operations safe, resilient, and future ready. So with that, guys, let's jump in. How's it going, everybody? Thanks for joining today. Um, it was a long intro, but guys, before we go into it, did I miss anything on your awesome introductions?

Patrick Hurley:

I think you never know. You know, you could have said Pat Hurley's sales, that would have probably summed it up pretty pretty.

Host:

No, you guys are the best. We want to make sure everybody knows who you are. So, with that, let's get into it. I mean, I I think the biggest thing is, and and I didn't really understand it before I started getting involved and hanging around with Chris, but yeah, you know, Pat, can you just help us define what is OT and what does it mean? What's the difference between that and IT?

Patrick Hurley:

Sure. So uh the way I look at it is OT really refers to the kind of the manufacturing of widgets. So the hardware, the software systems that monitor and control the physical devices and processes that exist out there in the world. If you compare that to what you might call traditional IT, I look at that as like managing data, managing business applications. Um, operational technology is more focused on the operation of and successful operation of machinery, uh, industrial equipment, critical infrastructure, right? They're the backbone of what you guys see in a day-to-day basis operating in the world today, production lines, utilities, smart buildings, really ensuring that physical processes run safely, they run efficiently, efficiently, and run reliably at the end of the day.

Host:

So it is IT, but it's really, it's really the building blocks of of these smart buildings. It's really the processes that are happening in the background. And and so, so Ryan, from an enterprise and OEM perspective, how are the largest companies thinking about OT today? I mean, like, do they even think about it in their world, or is it something that you talk to them about?

Ryan Davis:

Uh well, they're definitely thinking about it more and more. And uh a lot of that is driven by the regulatory environment that is constantly changing and now bringing attention to this area, the business that previously might have been uh a little bit of a black box. But you know, to your comment on it, it's like IT, uh, but you know, Rob Lee has a really good distinction around IT are the systems that uh help you manage the business. OT is why you're a business. So you know, with the whole ITOT convergence concept, it's starting to make the environments look similar. But OT is everything that's involved in the production, whether it's the IoT, which may be simple sensors or supervisory control systems that actually monitor and manage the processes themselves. So as I alluded to earlier, from an enterprise perspective, the OEMs are the ones that are typically providing these systems. But from an enterprise perspective, you know, historically there is a little bit of kind of a black box type perspective. Hey, we'll have our key automation supplier manage that for us. But as the regulatory environment is changing, and you're starting to see things like uh in Europe, they introduced the CRA Cyber Resilience Act. The US have had some regulations from an FBA perspective or NERCSIP and bulk power, where now they're requiring businesses to have plans, to have programs, to have disaster recovery plans, to have proactive risk management and cybersecurity. And that's forcing large enterprises or even up to medium-sized businesses to wrap their arms and have programs where they're actually managing these environments proactively. So it's been a really good change over the last few years.

Host:

So so they have to have a written plan too. Is that what this is about, too? For these regulations?

Ryan Davis:

It really depends uh on the regular regulations. So NURCSIP is for bulk power. So if you're like an oil and gas company or you're a power utility, then yes, they need to have a written disaster recovery plan that they then follow. Um NURC SIP, I don't remember the number of controls, 11, 12, it it it's it's changing. Um, but they're they're very peculiar and extends everywhere from cyber, which might be cybersecurity, it might be business continuity, but also to like physical security. How do you get access to the building and perimeter security? So um, you know, and again, I mentioned FDA, that would be tied to really anything that's being put in the human body, whether it's food and beverage or whether it's pharmaceutical. So those regulations might look a little bit different than if you're uh I don't know, a toy company, right? Manufacturing some consumer products. But um, in addition to the regulatory environment, we're seeing current events that drive investment and drive attention in this area. And I'll point to two examples Jaguar Land Rover, um, their production was impacted for months. They actually had to get like a bailout from the UK government related to a cyber incident. And currently, ongoing in Japan, uh Asahi, the uh a very large brewery or distilling company, they make one of the most popular beers in Japan, their production is still impacted, tied to uh a cyber event. So, you know, the regulatory environment has really at scale started to drive activity and drive investment and focus in this space. But we're also seeing uh these sort of outages that prompt industries to start taking action. So, you know, not petcha was a good example, I think 2017, that drove a lot of investment. But then you see, hey, there hasn't been as big of a large-scale event over the years, and then things like Jaguar Land Rover and Asahi really galvanize industries to take action to make sure that they're not the next.

Host:

Yeah, no, I heard a lot about the Japanese brewery. They were taking orders on the phone and writing them on paper. They were struggling to get the orders out. It was, it was, I mean, they figured out how to manually do it, but it was painful. And and so, so Chris, I mean, you talk to a lot of clients, um, but both public sector and and private sector all day long. You know, what of what do they know about OT? What do they think about OT, and what what what are they not understanding about OT that you're trying to bring to their attention?

Chris Daggett:

So it's really important to uh understand OT and how to secure it uh appropriately. You know, many, many folks refer to OT as anything on the plant four floor. Um, but you know, there are definitely some common gaps there. You know, it's thinking, you know, a basic firewall uh equal segmentation, it doesn't, you know, um you actually need to break things down into you know zones and conduits, meaning, you know, security domains and then how uh the data is uh you know moving from point A to point B. Um, you know, because typically those um you know those OT environments are air gapped and locked down. So understanding how to communicate communicate and connect to them is super important. Um you know, many, many assume that OEM networks are secure by default. You know, many manufacturers, just like our regular IT environments, are you know, they release patches and and things like that, and there are security considerations that you need to take into account. You know, secure configurations are super important. Um, you know, making sure you have backups of those secure configurations uh in the event of you know some downtime is is critical. Um but you know, essentially, you know, you need to treat availability like it's uptime. You know, OT downtime equates to production loss and safety risk. You know, as Pat and uh Ryan had alluded to, you know, these are the systems that make the world go round. So if there's any kind of downtime to them, they have a direct impact on many day-to-day things that we take for granted. Um and another critical gap is not realizing, you know, asset visibility. Um, you know, that's stuff serious. You need to understand everything, every asset that's in your OT environment and how it's communicating. So, you know, you know, to Pat's point, IT and OT are very um, they're they're different things and they need to be treated as such.

Host:

So so is OT harder to secure than IT? I mean, is it more complicated to to make sure that you have the the security in place for this? So if you think about it, Adam, right?

Chris Daggett:

If in a typical IT environment, all right, we'll take security patching, for example, you know, the desktops, you know, servers, things like that. We typically will put these on a regular um cadence and schedule maintenance windows and things like that. Doing that in an OT environment is a challenge. You know, if you try to patch an electrical grid, you know, without having any impact, you know, it's just it's not very realistic. So, you know, many are under the I'm you know under the way of just, hey, you know, if it's not broke, don't fix it. So and and the life, you know, the lifespan of anything in OT is like 10 to 15 years, whereas, you know, you're dealing with a lot of legacy stuff, and you know, the environments themselves are, you know, they're they're locked down. So, you know, the IT environments are locked down to an extent, but it's important to have that net network segmentation in place, make sure that you know you understand who's connecting to the environment and how, and ensuring that the appropriate you know security controls are in place.

Host:

And and so with OT, I mean, and and anybody kind of jump in, Ryan or Pat, Pat. Um are there ways that they can test um you know the OT systems, you know, you know, while the OT systems are running? Like you can't really shut them down, but is there is there a way to test them while they're running?

Ryan Davis:

Yeah, so I'll just piggyback on Chris and answer your question. So in terms of testing, there's this really big movement to uh a concept called a digital twin, which is um you know essentially creating kind of replicas of the production environments in areas that allow you to do whether it's data extraction um or kind of testing and validation. Now, that being said, there's only so much that that applies. If you're gonna make a change to a production system, typically it has to be re-qualified or revalidated, depending on the industry you're in. They use different terminologies. But to Chris's point, if you're dealing with something on the electrical grid, right, and a change on the system can take it down, which means people don't have power. The prerequisites for doing anything are much higher than in IT, right? And so again, typically that's called like qualification or or validation. So um, to your question on is it different, does it need to be managed differently? Absolutely. And that is because you're gonna have a much more heterogeneous set of infrastructure. To Chris's point, things 10, 15 years old, right? You're not gonna see XP in a corporate IT environment, right? IT can just say we got to get rid of it. Well, if that machine is attached to a robot that costs a million dollars, well, unless that they can somehow upgrade that machine and have it still work with that robot, they're not gonna do it, right? So it takes different tools to be able to manage that sort of environment as well as different processes, because you have to recognize that you don't necessarily have the same uh authority or the same ability to just unilaterally make decisions on what happens on those computers because of the sensitivity to them and because of the potential impact on production. So uh what we see, most of our customers that are most successful in having a modern uh cybersecurity posture or really good hygiene from a cyber perspective in OT, they have dedicated stacks, separate stacks. So that doesn't mean they don't use any expertise or any of the learnings from IT, but it's taking the best practices, taking the expertise from the IT side, but then applying it rationally where it makes sense to OT and also recognizing where it makes sense to deviate. So that's really the key to having a successful program. And to me, that's the culmination of this concept of ITOT convergence, which has been going on for many, many years. The original kind of form of that was well, let's try and make OT look like IT. And it caused a lot of friction between the two sides and a lot of issues. But now what we're seeing is the ITOT convergence really means let's bring expertise from IT and expertise from OT to build a dedicated program that accounts for the best practices of both sides.

Patrick Hurley:

And that convergence, um, some data that I was reading a couple of weeks ago, that convergence, that market for ITOT is going to exceed one trillion dollars by 2030. It's about an eight to nine percent kegger on that. And I would say if you do have XP in your environment, call Chris Daggett at how it's actually people still have XP in their environment. Oh yeah. Come on.

Host:

Oh my.

Patrick Hurley:

Well, the thing is, Adam, I remember even a year or two ago, I remember seeing it at airports. You'd see like blue screens and it would have an XP logo instead. Oh right.

Chris Daggett:

I mean, another thing, Adam, you know, one thing to take into account, these OT devices are not necessarily connected to the internet. So they can run these legacy uh operating systems. Um, you know, as long as they're up, they're they're fine. Um, they typically don't um, you know, patch them too often, um, and they're not susceptible to uh you know these remote risks um that IT is typically um you know susceptible to because it's in such an isolated environment and there are controlled connectivity methods.

Host:

Okay, that's pretty cool. So changing it, I mean we talked a little bit about this, but so so Pat, like what industries are most reliant on OT? We talked about smart buildings and the utilities, but but like you know, where do we see the majority of OT kind of living and and and the most reliance on it?

Patrick Hurley:

I mean, it's like it's kind of the backbone of the U.S. economy, right? It's what we manufacture, the stuff we make. So think all the factories, the assembly lines, but then drug manufacturing, chemical manufacturing, oil and gas production, uh power plants, everything from nuclear to coal to water, etc. Uh think of the healthcare industry, hospitals, but all those medical devices that they're plugging into you to figure out what's wrong with you. Those are all part of the OT um story. Uh transportation, railways, airports, logistics providers. How do UPS, Amazon, and FedEx make sure that all these packages arrive within 24 hours or less when you order them online? It's a significant amount of OT reliance there. Uh Ryan mentioned this earlier, utilities, right? Water treatment plants, electrical grids. Um, and you mentioned smart building. This is probably, I guess, one of the fastest areas of growth is think of the fire systems, the security systems, think about um municipal infrastructure. All these areas are really built on uh having a reliable, you know, OT story in place that they're they're heavily reliant on operational technology capabilities.

Host:

So, you know, when I think of IT, I think of all the hackers out there. Uh I I don't even know if I want to call it hackers like threat actors, uh, whatever you want, what whatever the proper uh words are for them. But are are are are people trying to hack into these OT systems or are they trying to just more hack into the PCs and and and the servers more than they're trying to hack into these these uh OT processes? You know, I was just watching, I don't know, did you guys ever see Mr. Robot? That is the weirdest movie. It's like a series, but I mean they they hack into everything. Like, like, so are they are they breaking into this now or is this harder?

Chris Daggett:

Recently, Adam, uh, there was a case on 60 Minutes. Uh the town of Littleton in Massachusetts was actually uh their OT infrastructure was breached by China, and China was sitting in their OT environment for about six months unnoticed. So, you know, it's it's a real thing that we're dealing with. And, you know, these these businesses and and municipalities, you know, whatever the case may be, if anybody has OT in their environment, they really need to understand how they're connecting to it and how they're getting out, you know. So, you know, that there's a lot of there's risk everywhere at the end of the day.

Patrick Hurley:

Uh the convergence of IoT into this OT store, think you're in a Waymo or uh Lyft or an Uber, you're in a self-drapping car. That's something you want to make sure it's not hacked, right? You want to get to that, you want to get there safely. Um, and those are the they what might have may have seemed as like outlandish thoughts of just a few years ago are now things that these organizations have to take extremely seriously and have the right types of uh layer protection plans in place to make sure that they're consistent.

Host:

Even with that, Pat, I don't know if I'm getting in a way mo.

Patrick Hurley:

I mean that that that seems like I took my first phone in uh in Phoenix last week.

Ryan Davis:

I felt very phenomenal drivers. Yeah, they're really phenomenal drivers.

Host:

I'm gonna let it mature a little bit before I go in there. But it but you actually did it. You there was no driver.

Patrick Hurley:

No driver. You show up to the car, you get a notification on your phone, it drives right past you, it doesn't know who you are. Drives right past you, and you click a button, it opens the door, unlocks the door, you get in, you press the button to go. It gives you some safety reminders, tells you not to touch the steering wheel. And then five minutes later, I was at our office in Tempe, safe and sound, perfectly controlled temperature environment. I was able to, you know, integrate my Spotify app to play my music and the ride over. It was a lovely case.

Host:

There were no close calls like uh people honking at you or anything. No.

Chris Daggett:

Were you sitting in the actual driver's seat?

Patrick Hurley:

I was stepping back. I wanted to feel the real exclusive experience, like I was wanting to get on a very special rider.

Host:

Okay. I didn't mean to you know get out of the main topic, but I always see these things around town and I'm scared to death of them. But I don't think my kids are gonna have to learn how to drive, is really what I think this is all about. They're gonna be just doing Waymo's or getting driverless cars. So anyway, getting back getting back to the the the OT. I mean Chris, is this now a big part? And I don't want to just you know be make this an advertisement for HubTech or a Cronus, but it is it is this like now a big selling feature, like you're going in and and marketing and selling that you'll help people with their their OT?

Chris Daggett:

Oh, absolutely. I mean, it there's a there's a need out there for sure. And if you know folks are not looking at their OT environments on a regular basis, you know, to ensure that you know things are locked down and you know the appropriate access controls are in place and network segmentation and and things like that, you know, that's a major risk to not only you know to the to the company, but to potentially you know, millions of people. Um you know, it's it's a different day that we live in. You know, we there's a cyber war happening every day, all day, that people are not aware of. So they're they're casting a very wide net. And you know, these IoT the IoT and OT devices that are out there, they've kind of been um overshadowed um in many cases from a security perspective, than traditional IT is. You know, there's been this big spotlight on cybersecurity and how it applies to IT, but you know, it's really kind of status quo on the OT side of things. And with the IoT devices, nobody's really taken those into consideration as potential entry points for uh you know these hackers because they're not getting secured.

Patrick Hurley:

Yeah, ring doorbells, baby monitors, your refrigerator is now connected to the internet. Um, there's a lot of entry points. It just the the threat landscape continues to spread. The attack service gets wider and wider every day as we advance in technology.

Host:

So so without making it too much of a commercial, like you know, we we follow Acronis and you guys are into so much stuff. What what what does Acronis do? Like, how do they help organizations with OT? Because I know you guys are all over backup and and cyber protection and all that stuff, but is there is there a specific play for OT?

Ryan Davis:

Yeah, well, you know, Acronis helps our customers in a variety of ways. Uh, and and being that we have been focused on this space for you know, going on 15 years really gives us kind of some unique advantages. And so you reference the backup and restore um without going into too much detail, Acronis really has market leading capabilities for business continuity and fast recovery of industrial control systems. And this is played out by we have partnerships with almost all of the leading industrial control system manufacturers, the big global automation vendors that make uh distributed control systems, SCADA, HMIs, and the different devices. Right. And so there's a couple of reasons why Cronus has really become the default beyond just how fast and easy it is for a Cronus to uh recover these systems back to working condition. But because of our knowledge of the space and our understanding of the heterogeneous nature of these environments, we have maintained a very broad support for different operating systems and hardware types. And so most other vendors really have more of an IT lens where they're thinking about it from the traditional IT perspective. So they're trying to get rid of support for old operating systems as fast as possible because it makes their lives easier, right? And we're what that does to their end customers then, if you're looking at an OT environment and you're a manufacturer that's got 50 plants and the life cycle of a lot of those systems are 10, 15, 25 years, you've got a lot of legacy stuff. And so when they look at other vendors, those vendors are covering 50, 60, 70% of their infrastructure, right? Meaning they've got large percentages of their platforms that are unsupported, right? Meaning they would have to come up with alternative manual processes for large portions of their infrastructure. Whereas Acronis can cover pretty much all of it, the most of it. Now, you were surprised that you heard that the XP is out there. I still hear Windows 2000. I hear about random open VMS is one that I always like to talk about because I never heard of it before when a customer asked me about it. So we hear real legacy, really niche. So even a Cronus may not do 100%, but if we can get 99% of your system covered, that means you're having to figure out a manual workaround on much fewer, where you can spend your time on automation, on the actual production of your good and optimizing your operations, not figuring out how to secure it. Let a Cronus be that turnkey solution.

Host:

Wow, so that was a good plug for Acronis.

Ryan Davis:

I've been here about 17 years, like Pat, right? So we've been around a long time. And then the the only other topic that I think is really interesting, and we're seeing this more as uh as kind of a more recent uh evolution of our utilization within these customers. A typical OT environment, a lot of these systems are sized to serve a specific purpose. So what I mean by that is the amount of memory, the amount of CPU, right, processing, RAM, all of that is really designed for the purpose that that machine was was intended for, not to run anti virus and your patch management and your backup and restore and your EDR and your remote desktop and all that other stuff, right? So the modern stack has become much more robust than it was, you know, even five, 10 years ago, much less 20 years ago. And so Acronis's ability to deliver multiple services within a single agent utilizes a lot less resources on the machine, which impacts production a lot less. So we're starting to see that ability for Acronis to consolidate the stack into single solution has also been appealing to a lot of our OT customers.

Host:

Okay, I mean that that's great. Uh I mean, uh so I'm glad you told us all about that. I try I try not to do that, but I think it's it's worthwhile for people to understand uh what Acronis does. And so thank you for explaining that. And and so now here's a question for maybe Pat or or Chris, whoever wants to jump on it. But where where like you know, so the big buzzwords are you know cybersecurity and AI. Where does AI fit into all this? Like, is there a play with AI and and OT?

Patrick Hurley:

You want to go first, Chris? I got some stuff in my uh chamber here, but yeah, if you have some stuff in the holster, you can you can take it. Yeah, I mean it's definitely transforming the entire industry, it's transforming our way of life, right? Think about the things that we um do today that we automate in the future. So automate automation is certainly something that's gonna help um organizations streamline uh everything from repetitive tasks to very complex tasks for great proficiency. So Ryan mentioned consolidation earlier. I think consolidation and automation are two areas where um organizations are definitely gonna see that transforming. Um think about all the predictive capabilities that some of these um, you know, uh tools have, right? So using sensor data to predict when uh a machine is gonna fail, understanding what a hard drive might be ready to fail. So I think the predictive type of that uh type of capabilities that are coming out every day are gonna really transform the business. Um, you know, you guys mentioned earlier about threat detection, right? Identifying either unusual patterns or behaviors that can indicate that a cyber attack is imminent or that a cyber threat is currently happening, or there's maybe operational issues that you need to address. So I think you'll see more um advancements in terms of like real-time monitoring of those systems, the control systems, ICS, GATA, um, or other OT devices or assets for different anomalies. Uh, you're gonna be able to predict how to defend some of those machines where the potential failures or breaches uh might occur by analyzing historical data, but also the real-time live data that might be coming into those systems. And then you're gonna see a lot, and we talk about this on a different side of our business, our MSP business, is really the automation of response. So a gentic AI driving um workflows, they'll autonomously triage incidents. They'll check with the compliance requirements, they'll follow that disaster recovery plan that Ryan mentioned earlier. Hopefully, it's not written on a sticky note and it's actually documented in the system. Uh, it can simulate attack scenarios, it can eliminate the need for some human intervention. All that comes with risk, all this stuff needs to be vetted out, right? If an OEM that we work with is looking to even just upgrade something in their operations, operating system or move over to our new version of the software. I mean, Ryan can speak this, it can take them a year to two years to validate that and test it very rigorously across the different components that they operate with. So for me, those are the main areas that we're already seeing some of these changes take place. And I'd say the last part is really um AI forcing more of that conversation of pulling IT and OT together. You talked to some of these guys in the different departments within the same company a few years ago. There was not much communication happening between them. There's much more collaboration today, and you're seeing some of those processes, capabilities, um, um, best practices be imported to either side.

Ryan Davis:

And and something to just add on to that. So, not even speaking to the AI, you know, capabilities that maybe Acronis or HubTech has, but just the impact on the overall industry. So there's this concept uh called industry 4.0. And it's basically a reference to the fourth industrial revolution, which is ongoing now. And what they mean by industry 4.0 is essentially the utilization of uh AI or other tools to analyze big data. And in order to enable these Industry 4.0 initiatives, they have to do digital transformation to interconnect whether it's an individual factory or their set of factories. This is the concept of smart factories. And so the legacy way of completely isolating the environments and having no sort of networking or communication doesn't really work when they need to be able to extract the data to do analysis of your big data to identify areas for optimization, right? So industry 4.0 and the use of AI to analyze data to make better decisions, what that's doing is it's driving digital transformation initiatives to interconnect these different areas of their OT environments. And that's increasing the attack surface, right? That's creating more vulnerabilities in order to be able to derive the benefits of AI. And that creates a tremendous opportunity for a service provider community that can add expertise for these customers, right? And so as they increase their attack surface, they need to increase their investments in protection to be able to make sure that they're still as reliable in this new world. And so a customer previously that may have, oh, they're just gonna have their OEM come in, service that local network and leave. Well, they should still do that, but they also need to have someone centrally orchestrating an overall uh OT cyber approach to make sure that if something gets in here and now it has the ability to transition across their network other areas, they can respond to that appropriately. So AI has almost driven a lot of other infrastructure changes to allow them to analyze and extract the data that is driving other investments in cyber hygiene within OT environments.

Host:

Cool.

Chris Daggett:

So I think to add to that, one quick thing. Um, you know, from a compliance perspective, NIST has recently released some updated guide guidance on securing AI. And you know, I I highly recommend that folks are you know looking at that guidance and applying you know the these concepts to to their uh OT environments. Um you know, it's super, super important. You know, at Hub, we're actually going through an exercise right now around that NIST guidance, and it's it's definitely brought up some uh some some food for thought um you know regarding adjusting things on our end.

Host:

So okay. Well, I think you were talking about a little bit. This might be a little bit of a naive question. So most of my questions are probably naive, but um is there when you go into enterprises or organizations, is there a separate IT team and a separate OT team, or is it just like one group um together or are they separated? Depends.

Chris Daggett:

Yeah, it depends. Sometimes the maintenance uh team would handle the OT stuff, and I you know, the IT stuff would be handled by you know IT. Um, but you know, now that you know Ryan had brought you know brought to light that you know things are merging together, and what I envision moving forward is IT is gonna have a larger stake in you know managing those environments um and ensuring that they're secure and available.

Host:

So you you see it evolving more to I the the IT professionals there will start to take on a bigger role.

Chris Daggett:

Yep.

Host:

Okay.

Chris Daggett:

At least that's my two. I don't know if the other guys agree or disagree.

Ryan Davis:

Yeah, I like like I said earlier, I I think it's it's really about taking the best practices that you get in IT in terms of proper enterprise IT service management and all the principles that go with it, but applying it in a reasonable, rational way to OT. So not just doing what you're doing on the IT side and doing it to OT, but you develop a set of OT practices that works for OT, that you leverage as much of the principles from IT as possible. I mean, they want standardization, they want consistency as much as possible. That allows for scale, right? But you know the most effective uh OT programs recognize that you you can't just lift and shift what you're doing over here and try and apply it to OT. You need to customize it.

Chris Daggett:

So it's not a one-time solve kind of thing.

Ryan Davis:

Yeah, it's taking that expertise and then modifying it to apply it to the new environment properly.

Host:

So I I know the world is gonna look a lot different in five and ten years, but I mean, where is this thing going? What is the future of OT look like? I I mean, 10 years I'll probably be dead, so I don't know if it matters. But you know, like say say, like in in a few years, where's this thing going, guys? Like, you know, start with Pat. Like, what does the future look like?

Patrick Hurley:

Well, I mean, I think you're seeing it in the current economy, right? You're seeing the jobs reports come out, you're seeing all these companies announcing all their AI initiatives, the huge investments in NVIDIA that's been wrapping around to ChatGPT and all these other organizations. So I think at some point you're gonna start to see a uh a drill down in terms of the actual efficiency and productivity gains, right? And that's number one. Number two, you're gonna see a continued um you know, investment into reducing cybersecurity risks. So you're gonna see uh organizations continue to talk about that convergence that Chris and Ryan were just speaking to, and needing to still have some of that required um, you know, uh intelligence on either side of the fence, whether it's IT or OT. And then you need to consider the impact of the workforce in general, right? I think uh the next five years, AI is supposed to generate something like 170 million new jobs, but it's also gonna kill somewhere between 90 and 100 million jobs globally, right? And some of those will be in IT, some of those will be in OT because you'll see that convergence happen. So I think that uh economically is the major consideration um that you need to play in here, and AI is a major driver of how companies are making decisions today and how they're able to leverage all of that, not just to produce their widgets in a more efficient, effective, less risky manner, um, but also in terms of how they sell them, how they market them. Um it's really a very quickly evolving time we're in.

Host:

So so with AI, uh and and me, you know, I don't want to just focus on AI, but with all this stuff potentially eliminating a lot of repetitive jobs, what would you guys recommend kids focus on and study in school? Because these entry-level jobs aren't really there and I think they're suffering the most. I I mean that's a little bit of a political question, but what what do you guys think? Like where if you your kids going to college now, what we or about to store college, what would you tell them to study? Jump on that AI bandwagon. It's not going anywhere.

Patrick Hurley:

They've got to understand technology, right? And and AI is now a standard part of that conversation around technology. Um, and the speed at which is it it's evolving is only accelerated by AI and machine learning. So that's that's definitely an area. I think they need to be it's a bit off topic, but they need to be financially um educated. Right. I think when when probably when we grew up, home economics wasn't really about home economics, it was about how do you make a pancake. Right. And I think there's there needs to be more of that financial um education happening, starting at a very early age, so so kids understand uh the importance of that over the long term. Um but I think generally technology is something that kids need to be understanding and and developing their brains around.

Host:

Okay. I was I was gonna tell my kids to be drone pilots or something. I thought that would be interesting. But that's gonna go away also. We need drone pilots. They have trifle drones. No, you're right. You're right. It's uh it's interesting. So it's like, what do what are these kids? I guess that if they're not scientist, you know, if they don't understand technology, there's they're kind of screwed unless they want to become a plumber or something like that, which you know.

Patrick Hurley:

Yeah, the trades are probably gonna be one of the last impacted, I think, areas by that. But think of um like digital marketing creation, right? That seems to be an area that's gonna be quickly wound down. I think Coca-Cola this year had their first their Christmas commercial, was done entirely by AI. It didn't use a single human other than the person asking the questions and the prompts to build it. So I think you'll see that type of rejection. Certain industries will be impacted faster and more dramatically, but over long term, um, you know, you're gonna need those Elon transformer machines that your house and unplug your toilet for you. But that's I think another 10 to 15 years down the road.

Host:

Okay. So so then with that, you know, let we let's go around the horn here, though. Like, so so starting with Chris, what excites you the most about the future of OT? Like uh and NIT convergence, like so what's what do you see as the most exciting thing?

Chris Daggett:

I think just the adoption of you know AI and you know, you're gonna see more uh on a topic called quantum computing. Um, you know, that's That's going to be a big, big topic moving forward. And quantum computing is actually going to dwarf AI in many cases. So, you know, these supercomputers that are coming out that are going to be readily available to folks. Um, you know, the the level of automation and the amount of uh data processing and data mining and you know that all will assist in providing great outcomes uh for businesses. And, you know, we'll be able to get you know to our desired state quicker. Um, but you know, it it comes with a learning curve. You know, everybody's gonna need to reskill, um, you know, including everybody on this call. You know, it's we will all leverage AI in one way, shape, or form to help with our job. And it's just gonna get easier and easier, you know, as we understand these tools. But, you know, the evolution of AI is uh probably the you know the big thing that I'm most excited about. You know, it's really taken our industry and our everybody's day-to-day lives by storm. Um it's a huge topic. We're all in the thick of it, we're all figuring it out together. Um you know, there's a lot of opportunity um around artificial intelligence and how it's applied to our day day-to-day life.

Host:

Okay.

Patrick Hurley:

Pat? Yeah, I mean, all the stuff that Chris mentioned there is spot on. All of the all of the AI stuff that's happening, all the machine learning that's happening, um, it's creating massive, massive amounts of data. And all that data needs to be protected. So for us, selfishly right now is the reason why we've been here for so long is because we see that opportunity, we see uh data exploding in growth and the need to protect that data becoming a priority for organizations, uh, specifically within OT. Uh, you're definitely seeing that they're becoming increasingly exposed to cyber risks, which creates an opportunity for us, it creates an opportunity for hub tech, that creates an opportunity for the workers um, you know, at those organizations to be ahead of the curve in terms of their understanding of what they need to do to protect it. Um, so I think from that perspective, we're kind of in the right market um to be able to capitalize on that. I think the OT cybersecurity market is supposed to be growing about 15-16% over the next five to six years, which is obviously faster than the convergence is happening. So that to me is exciting, and that just creates opportunity. Whether or not AI is going to replace all of our jobs later. Right now, we have an opportunity to I think go and uh and leverage them.

Host:

Yeah, I mean, chat GTP became like my friend. It's my only friend at this point. It's it's it's really been nice to talk to you. Always nice to me, always super cool. Yeah, yeah. Well, it just is you're you're no, uh Adam, you're a good guy. You're not a bad guy. So, so Ryan, what excites you the most?

Ryan Davis:

Well, I you know, I I referenced the industry 400, fourth industrial revolution earlier, and you know, all the possibilities that exist from it, the quantum computing, AI, I mean, all ultimately, you know, this is unlocking a new era of efficiency production, and it has the potential to impact almost every single industry, right? So you we may talk about how it you know impacts more efficiency and you know, power production or manufacturing, but you know, you just walk into a Burger King and now they've got kiosks instead of people taking your order, right? So the ability or the potential for it to impact like point of sale, um, those systems need to be protected. Smart cities, not just a building, now as they're building highways, they have sensors where they can monitor the traffic, right? And they can analyze if we change things here or there, how is that gonna impact traffic flows? So all of this IoT and smart computing needs compute behind it, and then they're running applications to analyze it, and those applications need to be protected, right? So I believe all of these trends are gonna drive both an increase in infrastructure that needs to be protected, and more important, infrastructure that they're going to protect because of the cost if it goes offline. And so I think this is a great space to be in, as you know, not only do we have great technology and great partners, but we're in a great space where we're gonna be able to ride that wave of growth for the foreseeable future.

Host:

Cool. So, with that, we're gonna have to start wrapping it up, guys. We really appreciate everything that you guys have been talking about. I think it's an important topic. I think it's super interesting, and you guys are saving the world, protecting the world, and we really appreciate your advice today. Um, I also wanted to make sure that the folks that are listening understand that Acronis is a great partner of HubTech and they're also sponsoring this. Uh, so thank you very much for today's help. And we wanted to play a quick 15-second video and then we're gonna end it. So if we can get that teed up, Maria, uh, it would be great. People can go crazy trying to stop a cyber attack. A cronet take the headache out of IT security. Wow. Awesome commercial. So thank you very much, and um and let's uh let's keep on going and growing.

Announcement:

Thanks for having us, Venom. Thanks, everybody. Thanks for tuning in to the Beyond the Firewall podcast powered by HubTech. If you found this conversation useful, follow or subscribe wherever you listen to stay updated on new episodes. For more information about HubTech's IT solutions and services, please visit hubtech.com.

Head Shot

Adam Shaffer

Host
Head Shot

Chris Daggett

Co-host
Head Shot

Patrick Hurley

Guest
Head Shot

Ryan Davis

Guest