Andrew Rose (UK)
Appearances
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
My role in that is understanding what those threats may be and putting tabletop and field exercises on and I have a particular fascination with agriculture for many reasons.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
Well, there's actually two parts to that question. One is the ag tech adaptation by farmers to begin with, and that's a It's something that a lot of people need to understand, and it boils down to one simple question. How does this make the farmer more money? Not that they'd spend money to save money. How will this adoption of whatever this technology is make them more money behind the farm gate?
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
Their margins are so narrow right now. As I mentioned in Montreal, most agriculture professionals and farmers get paid once a year. Everything they own is collateral for that paycheck, and it's dependent upon that crop they're growing right now. So they're rolling really heavy dice. Usually it's a multi-generation.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
So they not only have their ongoing business and their families to support, they have the weight of all those generations before them that gave them that land to produce something on. So there's a huge psychological weight on that. So when you come along and say, hey, we need to give you a new bolus or a new ear tag or a new mesh system for your farm because it'll help reduce methane.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
Or it'll help sequester carbon. OK, how does that make me more money without me spending money to get to that point in time? The cybersecurity overlay into all that technology that plugs into the Internet is a whole different question. And, you know, number one, there's already the resistance to spending a lot of money on technology that may or may not be beneficial. Now, how do you protect it?
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
Who's responsible for protecting that? Is it the vendor? Is it the John Deere that's selling the tractor? Or is it the farmer? Where does that liability ultimately fall? I know it's a hot potato, but someone needs to figure that out. Because farmers, that's one more headache right now in an over-regulated environment with climatic impacts, geopolitical impacts.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
It's just one more thing that's just going to be on their shoulders. So I would love to see us adopt some sort of policy very similar to crop insurance. that can give us some sort of backstop, some sort of reinsurance agent for the agricultural community in the event that these cyber attacks happen. I mean, that's just us sitting back and absorbing these blows.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
Again, you know me, I relate to CSGO a little bit more on the offensive side of things too. I think that we have under, our adversaries have obviously dominated the other attack surfaces other than the kinetics, you know, bullets and bombs, they're sabotage, espionage, cyber information warfare. They view those all as domains of warfare. We don't.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
And so we're then left to absorb these blows, pass the pain on to the farmers and business owners and others out there. Our cyber community is just under so much stress right now because they're constantly having to put fires out and stomping on moles rather than having the ability for us to slap back a little bit and get some breathing room there.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
But again, these are Andrew Rose's opinions, not the BioISAC's opinions.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
And that ties back into something you said before, too. One of the things that I spoke about when I was in Chicago on the future of the food supply chain was that a lot of companies these days do what I call chasing nines. They got 99.999% efficiency, and they're chasing that next nine in there. And they're building these tech stacks on top of tech stacks.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
And for me, the more agile you become, the more fragile you become. All it takes is one little piece of that now falling apart and the entire tech stack then collapses. And what is the point? What added benefit and efficiency is that really going to do given how fragile the system is, complicated the system is in a complex world?
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
Well, Darren, there's a simple answer to that. I mean, we're just following the path that politicians have laid. I mean, most politicians are lawyers, so they're risk averse to begin with. They don't want to get ahead of a known issue that's going to explode on someone's watch until after it explodes. If they get ahead of it, they could be wrong. It could be used against them.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
If they wait for that explosion to happen, now they look like a hero. They pour buckets of money on it. and they build regulations around it so it won't happen again. So they're incentivized on paying the price later on rather than, again, we're talking rational sentences here in an irrational world.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
Well, I think also reframing that question a little bit. I don't think anyone needs to die. I think all it's going to take, and you've heard me say it many times, if your kid goes five days without food, you're going to break a law. In three weeks without food, the government's going to fall. I mean, you're still technically going to have a pulse in your body. I mean, you'll be dying.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
Andrew, why don't you go ahead first? Sure. I'm happy to take that one as well. And that would have to be pancakes. Every year for my birthday, we get to choose, well, all of us get to choose which restaurant we go to. And mine is always IHOP because you are always going to get a good pancake at IHOP.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
You'll be starving. But, you know, it can happen so fast. So fast. Yeah. that there's no time to even rally around it. And once it stops, it's kind of hard to restart.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
And when I was up in Montreal on the way back, I stopped at a little town called Grafton, Vermont, and I got a little thing of maple syrup. So I'm going to sneak down into IHOP next time I go in there and have those pancakes with IHOP syrup on it. But that
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
not a recent memory that's just more my obsession at this point in time my recent memory it goes back to montreal as well before i got up there a friend of mine had done some consulting work for a company that sold montreal bagels in the united states i asked her so what is a montreal bagel i come from where i went to high school in north jersey we have a certain standard for bagels that we appreciate we look scornfully upon anyone else in any other state that tries to sell something called a bagel so this montreal bagel intrigued me
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
Sure. I mean, and you also asked, what is it that's going to get us more allocations of cyber resources for the food and ag community? And that's pretty simple. It's an attack. You know, it's a high profile of JBS type of attack. Everyone will come running to us. All the agencies will come running to us. There will be opportunities for grants and other dollars to address things that happen.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
And, you know, I'm not being facetious either. For a long time, agriculture and water fought for the bottom of the list of resources available. But some recent attacks in the water...
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
system have given them some more of the resources they really truly needed so i'm glad that that they're being paid attention to but you know simply put unfortunately it's gonna it's gonna take some some devastation for for folks to react to something like this um but right now there are businesses in the united states that are going naked without cyber insurance because they can't afford it because the questions are too onerous because it's too expensive doesn't pay out what it should pay out relative to what the cost is so i don't know what is the cost of doing nothing we're going to find out aren't we
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
And when I got up to Montreal, I find out it's not really a bagel at all. It's kind of like a bagel where you chop the top and bottom off and you're left with that little skinny middle part there. And it was difficult for me to find a Montreal bagel that would hold an appropriate amount of anything, meat, cream cheese, lettuce, tomato, anything on there. It's more like thin toast. than a bagel.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
Well, that sounds like the whole country of Estonia back in 2007. It was the first cyber war that Russia launched. They had their new weapons, new cyber warriors. And Estonia as a country then put cyber hygiene through their higher ed system. In high school, you refight the same cyber battles they fought back then. So it works as making your populace your most secure level of defense.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
Oh, it already happened. We just don't know about it.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
And I think that they almost shouldn't call that a bagel at all, but, um, and, and really no offense to the folk, good folks up in Montreal and our friends up in Canada, but I don't think you should really hold that out as a brand of choice for you guys. So that's my recent food experience.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
Well, that's a heavy lift right there. I guess I'll share what I shared in Chicago, that our adversaries, whether they're North Korea or Iran or China, and I don't know if Russia's going to be an adversary or ally now with our new administration, but regardless, they view us as their adversary. They view us as already being at war with them.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
They view the warfare, like I said, the domains are sabotage, espionage, information warfare, cyber, everything but kinetics like that. If it becomes a kinetic war, one of the first things our adversaries will want to do is blind us by taking out our GPS systems.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
So for anyone out there in the food and ag supply chain, if you have drivers or you have trucks or vehicles that are on the road, make sure you've got paper maps and make sure that the person who's driving the truck is under 30. They know how to use a paper map. That's just a good little bit of resiliency there.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
And I had this conversation with the... Well, let me ask you, was it just undercooked or was it just a piece of offal that's always going to be red anyway?
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
Well, you did Nashville wrong. I mean, if you were Nashville hot chicken, I mean, you got to go to Hattie B's, stand in line or go to churches and get that scorching chicken. And the only thing that really I think stands out was the banana pudding I got afterwards there.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
They do banana pudding well down there. And two other restaurants of note in Nashville for any loyal listeners that do go there. One in East Nashville is called I Dream of Weenie. It's the best hot dogs. And you want to get the Rebel Yelp with the jalapenos in there. That's a good one. And then, Darren, to your seeking ribs, Uncle Bud's Catfish and such.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
That's the all-you-can-eat place over there in, oh, goodness, East Donaldson. Donaldson, I think it is.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
Well, they have vanilla wafers in there, too.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
Typically, well, I shouldn't say typically. Many times when I'm giving presentations, it's to CPAs, certified public accountants. And they come to see me speak because they get continuing education credits. And it's part of the 40 credits they need every two years to continue their licensure. So they're coming to me because they have to. And typically when I speak, about one third will nod off.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
One third will do work. And then one third typically has kind of eye contact. I'm not sure if they're even understanding what I'm saying or not. This was a whole different audience. They were engaged. They made eye contact. They nodded at the appropriate times. They laughed when it was a good line or they were serious when we had other lines, too. I like that a lot.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
One thing that kind of stood out for me there, too, I know being inside of a conference space with pipe and drapes separating people and just, you know, all the hard angles for sounds to echo off of and all that. It was a good job and kind of keeping the music where it needed to be. I thought the food was a little bit better than average. You know, we had to figure out where it was coming out of.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
And make sure we position ourselves in a place where we got the full trays around the empty trays going back into the kitchen to get refilled. But I think that one day we positioned ourselves really well. They were just putting food in front of us left and right. And I had a lot of really good one-off conversations with people too. Many of them because of your introduction.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
So I appreciate that as well. You're welcome. Fantastic people. And I've got several follow-ups I'm working on right now based on that. Good. I appreciate it. I also like the fact that it wasn't just the cyber community, commercial community, the government cyber communities were there.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
And I don't normally see that type of representation at events like every once in a while in the US, maybe there's an NSA person or something like that. But here they were full-fledged in uniform, ready, apparent, and wanted to talk. And you saw me, I made a beeline right to them. I'm like, ah, government's here. Thank God. Let's tell them what's going on.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
Sure. I am Andrew Rose. I am an advisor with the BioISAC. I represent the bioagriculture work group there. How we help people is basically to... trying to ensure they have food that they eat in a reliable consistent manner. Who we help are the agricultural community and bringing awareness mitigation response to cyber and related threats that they may encounter.
Bites & Bytes Podcast
Cyber Resilience in Food and Agriculture: Andrew Rose & Dr. Darin Detwiler (Part 1)
And loyal listeners out there, if any of you have IHOP coupons, I might have a copy of that picture for you.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
It really is. Well, coming from the UK, absolutely it is. So that's my favorite food. I think my favorite food memory actually relates to what used to be my favorite food, which was pizza. I spent many years as a complete pizza nerd because we used to live in New York. And whilst we lived there, we went on a pizza tour. And this pizza tour still happens.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Gosh, there's so many. There's so many lessons. That's the problem. When you look at the control stack that a CISO would look at for an enterprise, there's generally about 130 controls. And however you break it down, it turns out to be about 130 controls, whether it's ISO 27,000 standard or the NIST standards. So there's always a lot to think about.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
But I think, oh gosh, there's lots of aspects to think about. One is the evolution that I think we've seen in the industry moving from IT security, where you're just protecting the box to stop malware getting on it, to information security about, okay, now we've got to protect the value of our information. and the integrity of our information.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Then moving on to cybersecurity, where it's actually, okay, well, this is going to affect our service and our service is going to be down. So we were built to deliver our value proposition. Where organizations are moving now is into cyber resilience, where actually if they have a cyber breach, it doesn't disrupt what they do.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And there's certain aspects, there's a chicken sort of growing company that I've been working with as well a little while ago. And they were talking very much about how the need for resilience is paramount to them. They need to keep their systems running. They need to keep the whole process running through. Otherwise, things get pretty horrible.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
So I recommend it to anybody who goes to New York, Scott's Pizza Tour. I am not sponsored by Scott, but he did do the tour. And it's incredible. He takes you around all of the old pizzerias in New York and he explains the history behind New York pizza and the science behind it. How about the pH of the water, how that affects the pizza and all sorts of stuff. And it's thrilling and amazing.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
You can't back chickens up and keep them in the same pen longer than they need to be. So I think certainly focusing on that resilience journey, which many big enterprises are going through too, is a real big focus that agri-food should think about. And I think the post-child for doing this incorrectly is the colonial pipeline system. American guys will all know about that one.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
But they had their billing system get some ransomware on it. And because the billing system was infected, they shut down their operational capability. And that's entirely the wrong thing to have to do. So I think in agri-foods, the people there need to realize that the service needs to continue.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
They need to get sort of, they need to be able to continue to produce and continue to move the produce around and get it to the right place. So they need to focus very much on resilience or rather, sorry, resilience rather than recovery. You can't be down for two weeks and then recover it and go, well, fine. That's two weeks of produce loss. Goodness only knows the impact that could have.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
How you get around that is, well, I think you just have to look at all the normal controls that people focus on these days. So how am I going to prevent ransomware? How am I going to keep my network segregated and safe from different external threats? And if we do get a breach internally, how can I make sure that other aspects of my network are segregated away from that?
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And finally, I think probably the key thing to think about is, how most of these attacks start, which is very much the space I'm passionate about right now, which is the human side of the risk. It's really interesting to look at enterprises and what they do is they seem to spend about 90% of their security budgets on technology.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And yet when you look at the statistics, about 90% of the threat comes from people who will click on links, who will open attachments, who will do silly things, send information to the wrong place. So actually there's a real imbalance there. And normal large enterprises are still dealing with that themselves.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
So I think as the agri-food industry starts to really get in and tackle cybersecurity, they need to think about this education and awareness to change the behavior of the people who are involved in the whole end-to-end process. Because that's where many of those vulnerabilities and those issues will begin, but they can be cut off with some good education and training.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
It's interesting to sort of have the analogy with air traffic, because in air traffic control, I didn't care about confidentiality one jot. And we all talk about cybersecurity being the triad of confidentiality, integrity, and availability. I didn't care about confidentiality. If we lost our HR database, sure, that was a rough day, but hey, it could be so much worse.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
We had to focus entirely on integrity and availability of data so the air traffic controllers could do their job. And if that dot was on the screen, we knew that was exactly where that dot was. And they'd rather have no dot than an incorrect dot. So integrity was vital and availability was vital. I think those aspects actually are true with the agri-foods as well.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
The confidentiality is not that much of a big deal, but the integrity of the data to prove the provenance of their foodstuffs and the availability of their systems to process it and bring it through from farm to fork is really key for them so that they're not just a normal cybersecurity journey. It's slightly different. It's much more critical national infrastructure thinking.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
It's much more about safety level thinking.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And he takes you around and talks about all the different types of ovens and you try a slice in all these different pizzerias so you can compare and contrast. It's an amazing experience. I absolutely loved it.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
It is, and I think that chicken company I was talking about, they actually went through all of their processes and they worked it out that if they had no computers at all, they could still do it. They went back to the paper process. How would we do this with no technology? How could we know what we were doing? And I think that's a very wise thing to do.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
We've seen other organizations do that when they had ransomware. There was Norsk Hydro, an aluminum or aluminum, sorry, smelting factory. And they again had to go back to manual processes because their computer systems wiped out by ransomware. So we do need to think all the way through how could we keep our services going when everything is gone and certain industries really need to do that.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
My wife did say that she'd never actually seen me have such an immediate bromance as I did with Scott when I first met him, because I was just like on his shoulder all the time learning about pizza and hanging out with him. But it was really good. So if anyone goes to New York, I'd definitely recommend that. That's my probably favorite food memory.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
I think agri-foods is one of them.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
I think on that one, I think a lot of the cybersecurity people out there, most of them are very focused on that CIA triad and confidentiality is everything. And integrity and availability is probably IT operations problem. So they come at this from the wrong angle straight away. And I also had to retrain people who joined my team to sort of refocus them on the key things.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
So I think they come at it from the wrong place. And I think there's a perception across society that agriculture is not technology based. You know, it's probably the one thing that's not technical. They see it as, oh, there's wheat in the field. Okay, that's not going to get, you know, malware. It's not going to get ransomware.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
But actually, it's all the process of the technology that puts the wheat in the field, brings the wheat out of the field, and gets it to your store. Absolutely, that's technology-based. So I think there's just a perception that this is different, that this isn't at risk from those cybersecurity issues.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And with the lack of cybersecurity people focusing on the right aspects of it, I think that puts us into this really poor position, which is, again, why I got involved, because I... perceive this is the most critical national infrastructure. And yet it just gets so underserved in terms of commentary and governance and oversight and support generally.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
I've been there. I've been there. Yes. I heard about it. It is weirdest down this little corridor. Uh-huh. Exactly. Yeah.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Andrew? Probably about 48 hours due to food poisoning. I just couldn't keep anything down.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
I absolutely learned it on the job. So I came from a legal sector, which was entirely different, entirely, couldn't be more different. And then I was an analyst for five years. So this opportunity just came along. And it's the sort of thing you just can't say no to because it's a security world that means something. You know, working in the legal sector is fine. You know, you're keeping one
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
very rich company, you know, rich and helping them make a merger and acquisition to make them a little bit richer the next day. And that's fine, but it doesn't really mean anything. But air traffic control and those critical infrastructure things really does make a difference to you keeping people safe. It's all about safety. And so for air traffic controllers, I had to learn that on the job.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
It was very much about sort of transferring my knowledge into the operational technology environment, creating a culture within those operational technology engineers to make sure that they understood that cybersecurity applied to them in their context.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
and and then started to wrap controls around all of those those pieces uh to make sure that we could be safe but it's it's interesting andrew talked about sort of anarchy and how long it takes with air traffic control we didn't worry about that too much but certainly when i was at mastercard um you know we were doing all these interbank transfers and we knew that it wouldn't be long if that's those systems failed you know if you couldn't go and buy you know food for your children how long would it be before you were smashing down the windows and just taking the food 48 hours something like that and so we knew that we were running systems which were critical
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
and had a really short time base before we created anarchy on the streets of our society. So it is something that people can build up a knowledge of, certainly, but it's not a natural thing. This OT security piece is still pretty rare. We talked about it at RSA, and there's not that many people around with this disability or this way to think through these situations from that angle.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
what they do and they're really good at it they have a long memory and they have a long reach to do so so don't be afraid to report if something happens so in terms of future threats from my perspective i think there's there's a couple and we've touched on some already actually i think the global threats the the nation-state threats against uh critical infrastructure are escalating um we're seeing you know nation states looking to impact the economies of the competitors and the the enemies as it were
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And this is being done in a multifaceted way, whether it's political intervention using disinformation, whether it's attacks on systems and capabilities just to undermine the trust in that society and create division. But I think, as Andrew mentioned, the food, agriculture environment is vulnerable to this and could be such a force multiplier.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
So we can expect really competent cyber attackers to start looking at this space. And that worries me because obviously the new technologies are coming out right now. And we've all talked about AI and all those sort of things in every other conversation we ever have. But those things are going to enable the attackers to amplify their capabilities.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And we'll start to see hyper-personalized attacks coming in. So today that's always been talked about spear phishing. figures out that Kirsten likes skiing. And so we're going to invite her to the local skiing club or whatever it is. But that takes time for an attacker to do. So it's relatively rare.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
But actually with AI, hyper-personalization delivered in grammatical perfection with a really compelling lure and a compelling push linking back to news stories that you're interested in because they know what news stories you follow. That's Now that's on the verge of coming out.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And then that could be supported by a deep fake video, which is your partner or your boss or someone like saying, you must do this. You must click on this link. So we're going to see all those new technologies being utilized in the next wave or two of cyber attacks being utilized by these very competent nation states to disrupt our societies. And again, agriculture is right in the middle of this.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
So I'm worried about where that goes. And I think the thing we need to do is we need to start raising awareness of the capabilities first. Because if people understand what a deep fake is, they understand what AI can do, then they're much better protected about it. They're more inoculated to the possibility because they go, oh, I've heard about it. This could be really weird, couldn't it?
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
It doesn't look quite right. So we need to educate, definitely. But we also need to start building those controls in. Because Andrew and I have done a podcast together before, or a webinar, I think it was. And there was lots of discussion about all of the innovation that's going on in the agri-food environment. All of these startups come here with brilliant ideas for improving our capabilities.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And that's awesome. Love it. But I'm really concerned that those guys are doing this with not enough of a focus on cybersecurity. Very early on in sort of the physical security phase, when suddenly everyone realized that you could actually connect your iPhone to your front door and you could actually open your front door with an iPhone and you could sort of have a doorbell.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
pushes that all those products, the first wave of those products came out, no security embedded because it just wasn't seen. They just wanted to create functionality. That was key. First to market with functionality, all they wanted. And I'm concerned that perhaps that happens again in this industry. And that would be a devastating mistake.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Because if those are adopted and put into systems, put into processes where we know critical infrastructure has a problem with legacy tech, you buy it once and you keep it for 20, 30 years and you don't change it. If they're going to embrace these new technologies and put it on their farms, it's going to be there for a while.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And if that's not capable of being secured properly, then we're building huge problems for a long period of time here. So there's a lot here. That's a lot that concerns me, which is why I think it's great that we have this podcast and other conversations to try and raise awareness.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
So those startup companies can perhaps think twice when they're creating this great new function and thinking, well, perhaps I should build security and perhaps that will enable us to be better in the future. Absolutely it will.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
We absolutely do. And there's one sort of incentive to this because there was a product that was released into aviation and aviation is very picky about products, but this was released into aviation and it was put into pretty much every jet and every airliner. but it wasn't really built with security in mind. And so it can do its little function, its little dumb function, and that's all it does.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
The problem is if they built security into that from the off, then that would have had so much more potential for growth. They could have got that little system to grow and do more functions and bring more functionality and more operation capability to the cockpit if only they built security in from day one.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
they never did and so now it's hamstrung entirely to only do a dumb job so think if you're a product developer and you're in the space think very much about if i want to create the the length of delivery to create a value chain that can get longer and longer with my product then i need this to be secure it needs to talk in a secure way to authenticate correctly using zero trust principles
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
It needs to be able to be scalable. All of these other security things need to be built in. And if you do that, then you have a product which you can maintain and build upon for years. And that's where your company will grow.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
We have to find the other Andrew Rose. Yes.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Well, I think there's a definite answer to that, frankly. From an English perspective, it's obviously cream first, jam second. And what we all steer clear of is the tea situation, whether you actually put the milk in first or the milk in later, because that's equally contentious, but also has a very clear answer from my perspective. It's first. Oh, I just didn't know. Oh, good grease.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
If you're asking a British person about tea and they just say a cup of tea, they mean English breakfast tea. Yeah. Which is the same sort of standard hot black tea, which is Tetleys and PG tips and things like that. If they're going off piste and going for something a bit more sophisticated, like an Earl Grey, they will specify.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
So yeah, just English breakfast, just default to that and you'll be fine.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
You just make the whole language up. It's a bit sad, really, what you've done to it, frankly, but hey.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Oh, absolutely. It's a very British thing. It's like a skill. Yeah. We can write emails like you wouldn't believe. You'll just get to the end of it and go, was that nice or was that really mean? I can't tell. I don't know what they were trying to say. Yeah.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
way beyond that. You take it to a whole new artistry level. It's incredible.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Okay, so I'm currently the chief security officer at SoSafe, which is a German company which is involved in human risk management. So we talk about changing the behavior and the culture in an organization to really sort of minimize the human attack surface. But I've actually been
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
employed in many organizations before this so i was the cso of two very large global law firms i was the cso of uk air traffic control cso of mastercard in the uk and also was a forester analyst for about five years in the middle uh quite a quite an extensive experience of security in large enterprises and critical national infrastructure which is what sort of brought me to this topic that we're going to talk about today really because i think this this topic area is very underserved and under talked about which is great that we're talking about it today
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Hi there. Thanks for inviting me on the podcast. Lovely to be here. Favorite food is probably lasagna. I do love a good lasagna. Oh my gosh. And I'm not sure if this is weird or not, but I do love it with fries. Like in lasagna or on the side? No, on the side. Okay.