Andrew Rose (US)
Appearances
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
and that they would do a YouTube video, a case counterpoint, here's what you do if this happens. And that was my first experience with dealing with the public facing information from the FBI. There is a process and procedure, it's very difficult, it's like threading a needle to get them to say anything in public, but there is a way to do that.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
I put on a series of national seminars to bring awareness to the ag community that, hey, you are a target. This is a threat. We need to be aware. And I did those starting in 2016, 2017. And then probably by 2019, we'd done several very large conferences. And the time demands for me as a volunteer were so great that I needed to focus on what I was best at.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
So I migrated from being everything to everybody to focusing on the emerging threats. And now and I do want to give a shout out to the FBI. They've been they've been supporting me the entire time. Whenever I need something, it's there. Whatever information needs to be shared with an audience, a speaker, what have you.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
They've stood up and to their credit, they always apologize afterwards saying we could have done more, you know, and I'm always like, well, at least you're there for me. I do appreciate that. But one of their concerns is when they're called is after the incidents occurred. So the right of boom and the lack of preparation by many companies to what that looks like.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Not only are you dealing with the emotion of it, why was I attacked? Why was it me? You know, why was I singled out? Now you're going to make payroll with no records. Now you've got to send invoices out with no records. Now you've got to receive invoices with no access to your financial systems.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
So I've been working on small, private-focused meetings with groups in the agricultural industry about, okay, it's not if and when, it's when and again. So let's just start planning for these things and getting ahead of these attacks. And that's my cybersecurity contribution.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
What I also do, though, to keep my lights on, I work on projects that benefit our species three generations from now, primarily in agricultural production. And a lot of that's technology transfer from other countries that will then benefit soft landing. It'll benefit the U.S., but it'll also benefit them.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And then I also work as a fractional chief of staff for a variety of different companies across different categories, mostly in the agriculture sector, some in the IT sector. So that's a long-winded way of saying me. I'm in Baltimore, Maryland. So if anyone's out here in the area, I'd love to treat you to a crab cake and a cup of coffee.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Yeah. Well, to get really hyper-focused in the agriculture production side, I specialize in novel plants and proteins. And that's going to be a micro or macroalgae, seaweed or a microalgae. It's going to be duckweed. It's going to be insects, space agriculture, recirculating aquaculture systems. And I do have an affinity for insects in particular. And of those, I have an
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Real affinity for mealworms. I love the protein emulsification. They're cold blooded, like the five to nine harvest a year. And they're fine. They're two dimensional. They don't hop. They don't fly. They don't complain. They don't make noises. They just eat their carrots and apples and whole wheat and just do their mealworm thing.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Indeed. Two years ago in Fargo, we ran a tabletop around resiliency in a big part of the agri-supply chain. And to Andrew's point, resiliency, not only in an organization, but in an entire supply chain is the critical piece because you've got competitors that if one goes down, it's either wolves on the carcass or everyone bands together and makes sure that our citizens get fed livestock gets fed.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
We ran through the what if. What if the computers go down? What if there is an attack here? And Andrew, to your point, paper was the way that things are going to move around. The issue was there was no more paper because everything had been transferred to digital. And the people that knew how to use paper have either all retired or almost are retiring.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
so there was the human element of how do we move things as well as the the physical how do we record things as they're moving down the chain here we are going to meet in fargo on june 11th and part of that conversation is two years later where are we you know has have things been solved is there more communication between competitors we are bringing in the association heads as well so it's not just the companies it's the we won't call it oversight but the group that keeps them together and i think sometimes it's better to have them say hey this entire sector needs to function the way it should
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And the other piece, Andrew, I'm going to talk about is the integrity of data. You mentioned that part there, too. This is public. Back when COVID hit and we were racing to get vaccines done, there was a cybersecurity incident with the calibration of the thermometers. And much of the vaccine was lost because of that attack. And it was an integrity of data.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
The data readout looked good, but it wasn't. And it was done in such a way, in such a minor way, that would have been missed. And that's just another issue that, you know, Andrew, going back to the integrity of data is...
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Critical critic is otherwise, you know, if you're reading your screen or you're going to print a report, everything looks good and you can't figure out why things aren't matching up or correlated. And the last piece, too, and this is what I'm really excited about, is the social engineering piece of it.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
You know, again, we spend so much money on blue team, red team, pen testing and all this stuff, which, yeah, you should patch your stuff. Things should be updated. There should be somebody watching over all your credentials. But social engineering, especially AI and enable social engineering is it's here.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
I mean, we were warning about it 18 months ago, but now it's here full force and we are not prepared. I mean, the tsunami came in and we were still sitting on the beach with our lawn chairs.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Thank you for having me here. This is a huge honor. I can't believe that I was mistaken for someone else, but it certainly has aided me here at this point in my life. And then for the two of you, one of the best pizza joints I've ever eaten at is in Vegas. It's called Secret Pizza. And there are no signs. You have to be able to find this place.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Number one, you touched on is awareness. When you look at Maslow's hierarchy, I've been involved in this for eight years, and I can state with a fact that food, agriculture and water fight for last place in terms of resources from our government for protection. Yet absent water, you live three days. Absent food, you live for about three weeks.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
You know, if your Internet goes down, the life's going to suck. But, you know, we got by in the 80s and it worked out right for us. You know, yeah, you take, and I mentioned this at a high level briefing, you know, if we go five days without food, you're going to break a law if your kid's hungry. And three weeks without food, that's the end of the government.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
I know some other people have a slightly shorter timeline than that, but I think I give our government three weeks without food before everything falls off. And back to the initial question that you asked, I think the real issue is that we generally, as a species, take our food for granted.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
That the availability, at least in the first world, maybe the second world, we just go to the store and get it. There's a complete disconnect of all the different pieces that it takes to get it from the farm to your plate and all the intermediary steps in there. And if you just take that for granted and you remove the foundational piece, there's going to be we're on demand.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
You know, this is there's not like there is a warehouse full of bread that's going to be shipped if you're unable to produce more to go with that. And then and just
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Yeah. I've been there. And you only go there after 12 o'clock, you know, like 2 a.m. There's a line out the door, but it's an amazing place. Anyway, my favorite food and the favorite food memory are both linked together. And my favorite food is lobster.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
From the existential risk, you know, we talked about bugs and other things that, I mean, the one that really took us by surprise was the solar flare knocking out all the GPS systems, all the John Deere tractors in Canada right before planting.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
You know, you get a short window for planting, you disrupt that, and all of a sudden, if you lose a crop, you can't plant it tomorrow and hope that it comes back in a day or two. I mean, it's like trying to raise a teenager. It's going to take 18 years to get that person to adulthood.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
You do. Agronomy is so advanced right now that we are planting seeds at depths. within millimeter calibrations, spacings of the same. These plants are engineered to grow at a certain rate. Their leaves will shade out the weeds. Their spacing, everything is down to the nth degree. And that's not even taking into account the soil moisture, any kind of inputs that need to be done like that.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
But it's incredibly precise. And if you think about all the money being poured into ag technology, it's all about that data. The more granular you can get on that data, you did mention data and data is a huge concern. Obviously, we're mutual friends with Pablo.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And I love Pablo's idea of creating an ag data lake that some sort of oversight will administer and can then take parts of that data, share it with somebody, but make sure that the farmer gets some sort of reimbursement for that data. Because there's so much that's being put on farmers these days. I mean, forget about environmental regulations.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
I was at an event recently, a very large event, and someone made the suggestion that we should blame farmers if there's a cybersecurity attack on They're far. No. Exactly. And I said, I stood on stage. I said, no, stop. Do not even go down that line of things.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
I've often thought if I had done something really, really bad and I was locked in a cell and have one last meal to eat on this planet, it would be a lobster and not just a lobster. It'd be boiled in the seawater from Bar Harbor, Maine. When I was a kid, I spent several weeks on a boat, sailboat off.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
One question I do have for the two of you. So Kristen, what's the longest you've gone without food for?
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
My record was five days. And I did it as a dare because a friend of mine told me he did 10. And I thought that I could maybe do 10 too. I got to five days and it was so painful. I mean, physically painful. It felt like there was somebody inside my stomach with razor blades just slashing at me night and day. You couldn't sleep with that kind of pain.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And when you hear this term, the gnawing hunger from Appalachia, that's what it felt like. It felt like something was trying to eat me from the inside out. That disconcerting feeling after four or five days, you're desperate. You're going to do a whole lot of things.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
So, you know, if anything comes out of this, I do hope cybersecurity community and the regulatory community understands how important food is to us as a species. And if we're not learning lessons from the war in Ukraine, Russia is going to take out electricity in the winter. So you freeze to death and you take out the food in the summer. So you starve to death.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
If we're not thinking that we're moving into wartime footing and agriculture is not in the crosshairs, shame on us because I guarantee your adversaries are well underway to whatever planning there is out there. So hopefully this podcast will put a few red flags in the poll as well.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
coast of Maine and we pulled into Bar Harbor and you get a $5 lobster and you boil in the water of the bay there with some clams and other things, a little bit of seaweed. And it's that, that, that right there is a memory in itself.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Well, I've got my opinions. I'll jump in here. So first of all, if we take a look at the entire globe, who produces more than they consume? Which countries are those? And typically you're looking at the US, Australia, and Brazil. And when the world is going into a food insecurity situation, the first thing you're gonna do is take care of your own population. I mean, that's just normal.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
If there is excess, we want to take care of our allies as well. Here in the US, we certainly have a geographic advantage of having moats to our east and west, and friendlies north and south. And if you look at where most of our food goes, it's keeping the people to our north and south very happy. Food insecurity roils the planet.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
There are going to be populations that are going to not stay within their borders, and there's going to be governments that will begin to topple. In order for us to keep our friends in different continents happy, if we can export some of that excess produce or excess production to them, that will help placate their populations and provide a soft power diplomacy.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
I kind of have to get too political on this one here. What does it mean? It's going to mean, well, there's 8 billion people on the planet today. Today, there's not enough food to feed all 8 billion people. And that's just a given using traditional conventional methods of production.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
If you look at a country like Sri Lanka, they went and politically made a statement that they will no longer have anything other than organic non-GMO production. And within, it was less than a year, they went from an upper middle class country, by definition, everybody
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
person in the country was upper middle class to having the politicians swinging from lampposts everyone starved now the country's in receivership just because of a political dictate and if you look at what europe is doing with a lot of their standards too they're they're removing the ability for them to feed their own populations they're going to become dependent upon other people for food and that's
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
you know they're putting themselves in a weird position mexico's playing that that same way it's it's more of this this this dogma this mythology that genetically engineered food or gmo or anything like that which are scientifically we need them there there is no other way to to avoid that but i don't know it's a conundrum and again this is andrew thinking out here i think we've kind of reached the bounds of um upper ends of intelligence as a species you know we basically we're primates you know so maybe this is the the furthest that we can possibly go and it this is the next 18 months
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
months are going to be terrifying. With the Ukraine situation, they were very fortunate to get a grain corridor put up in the Black Sea. As you can see, they've been spending a lot of time on their aquatic drones and making sure that's secure. So they're able to get grain out more than we thought.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
The issue was when they were doing it over land through Poland and the rest of Europe, all that glut of grain then drove prices down. So there was some reluctance to accept that grain coming across the borders. We'll see. It's not necessarily the food. It's the inputs. It's the fertilizers. And where are the precursors of those fertilizers coming from?
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
The majority are from Ukraine or Russia or China. So the next 18 months will be a little bit bumpy. I'll leave it at that before I get too dystopian.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
nostalgic moment you just described is how childhood was and you know we've reached that point in our lives where they will crack the shell for us and take the meat out so we don't have to do all that work you know the way it was very manual back in the day when i was a kid
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
One thing I do want to add to that, in terms of the heat and the environment and what's going on, there are some really interesting advances in genetics, both for proteins as well as for plants. I think it's probably common, we've developed a short-statured corn, which has a thicker stalk, same ear yield, but it resists a lot of those wind storms that come across the Iowa and Illinois and Indiana.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And Illinois came out with a strain of corn, I believe it was about two years ago, that requires 25% less water because now there's an abundance of carbon dioxide in the air that it can absorb. And it doesn't need all that water, but it hasn't evolved fast enough to reduce its water uptake. So through engineering, we're able to assist it in that function.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And I'm sure you've heard about the slick gene that we've got in the beef cows. So now we can have beef cows existing on a planet with an ambient temperature of 120 degrees. And I've heard rumors that dairy is not far behind on that one. So the piece there is making sure that we've got soy and other crops that can then feed the livestock that can exist on that planet as well.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
So again, going back to science, because we're not going to be able to selectively breed ourselves out of the way of climate change. It's just not going to happen.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
All right. Well, that's a bone with a lot of meat on it. So I'm going to pause here and think. One thing I do want to mention, too, for anyone who's listening who is in the agriculture sector, if something happens, please report it. There is an easy website called ic3.gov. You can report anonymously.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
The government will use that information to both triage and identify trends, and it'll be a multi-agency response. If you file something and it's a low dollar amount, obviously the federal government has budgets. They need to justify the expense of going after something. But if you're
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
report it and someone else reports it and a third person reports it, all of a sudden the aggregated amount gets to a level where they can respond. So please report to ic3.gov, report on behalf of your friends, yourself, anonymously again. The FBI is there to catch criminals. They're not there to victim shame.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
If you call the FBI in, they're going to get it in and out as quickly as possible with full permission from you to access whatever it is they need. And then they're going to go catch the criminal, but they're not going to fix your systems. So I did talk to a large pork producer who was upset the FBI didn't fix his computers. I said, that's not their job. And he was,
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
I couldn't placate him, but I at least stated that as a whole.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Make a friend before you need it. Yeah, make a friend before you need a friend. That's usually my first bulleted point. But in the ag community, there is a little bit of trepidation about the FBI. There are certain sympathies for what happened on January 6th.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And the FBI will be the first to tell you everyone in this country has a First Amendment right to wave a flag, to have a bullhorn, to ring a cowbell. But once you take an action, that's when risk and consequence occurs. So sympathies are fine, you know, and they're not there to judge you on anything like that. They're there to catch criminals. That's
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
I do want to give an amen to that. I've been preaching the secure by design principles to robotics and ag tech companies, and it's not a resistance. Oh, didn't think about that. So it's not a... It's worse. Well, I mean, they're concerned with interoperability, exchanging information, flow of data. So security is obviously an afterthought, if it's thought at all.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
But by putting that in the top five on their list, now it's there. I'm also coming from the investor standpoint. So an investor is not going to want to put money into a company that's going to have a lifetime of patches and upgrades required because they weren't thinking about security on the front end. That's just going to degrade their investment dollars, too. So there is no pushback from that.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
It's just a lack of awareness, which is the first step in anything. Another piece that I mean, this is more of a global piece, but as a species, we rarely will fix something until it's been broken. So we didn't even understand how significant this was until the JBS attack.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
So Andrew, I'm just hoping that somebody someday will come back to this podcast and say, oh, all those things Andrew said, yeah, we're going to implement them now that something has occurred, you know, rather than getting ahead of the attack. So I'm not, I mean, I don't want to be overly cynical, but it appears that's typically the way that we operate.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
The thing that we haven't talked about here, and Chris, maybe you'll cover this in another podcast, was the Microsoft hack of all the executives. And there's a lot of speculation that the source code is gone and that the Russians now know every zero day vulnerability before Microsoft does.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
I don't know if you've been watching your Microsoft updates lately, but every day now there's another patch coming in. And again, Microsoft, I'm just speculating. No one's admitted anything yet, but I have a high suspicion that some of that could have been compromised. And then going back to the secure by design is the liability piece.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Let's say that there is that one little thing that everyone's using that isn't secured. What happens if that's a conduit from a tax? Then who is going to hold the liability? Is it the end user? Is it the farmer or the agribusiness? Is it the manufacturer? Who knows? Are they still in business? There's a lot more questions there than there are answers.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Amazing.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And as I mentioned before, we need to understand we're in pre-war footing here. Our enemies are already pre-positioned into our critical infrastructure. If we're not aware of that, if we're not mitigating and responding to that, shame on us.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And with the, and again, this is Andrew just speculating out there, with the number of onslaught of attacks and the increase in velocity of these attacks, we still are playing the nice guy. You know, we're still putting the fires out, fixing things, and whatever offense we're taking is shrouded in opaque for certain reasons.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Well, I do have a bonus answer to that one too, because I was on the fence. The other thing is I love scones. Two years ago, I spent six months working from the road just to see if I could pull it off, working little tertiary towns. And when I go into one of these small towns across the US, the first thing I try to do is find a coffee shop, a local coffee shop and get a cup of coffee.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Yeah, but we're going to reach a day when this crescendo is so great that we're just going to take the gloves off and start hitting back. And, you know, I'm kind of looking forward to that. I mean, just... They said that a cyber attack could constitute an act of war. And I know that's been said, but I haven't seen it acted on yet.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
But it breaks my heart because for every ag hack that you see, there's probably another 90 that I hear about that aren't seen. And it breaks my heart what's going on right now. And I really would love to punch back a little bit.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Or Kristen, I mean, the easy answer there, at least the normal reaction is let's just fire the CISO, you know? Absolutely.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
So Kristen, are you setting up the next podcast? Because we ran a field exercise recently in Pennsylvania that is pretty much word for word what you described. There were two identical companies, agribusinesses. They both got hit almost on the same day, the same ransomware, same actors. One paid ransom, one didn't. And we were able to do 18 months later postmortem on what that was.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And if they have a scone, I buy a scone. And then I listened like a thief to the conversations around me to get a sense of the vibe of the town. I checked the corkboard out to see what kind of things are being advertised and up there. And after six months of eating scones, I got back and said, boy, there's a few of those I miss. I don't even know how to make a scone.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And it is amazing. We haven't released a white paper yet, but that was part of the volunteer work I do for the Bio-ISAC.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Well, it echoes what you said. The CEO, they didn't even think that this was anything other than why us. It was emotional. It was tears. It was employee tears. So they felt personally attacked. They didn't even think about law enforcement or anything. They just wanted to get everything cleaned up and get their systems online. It was a significant financial hit, a significant timeout.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
time hit and they are a major player in the country for the sector they serve, as was their competitor. So yeah, affirmation to what you just said.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Oh, I know where he is. It's just a matter of getting him on here. He's defense, so he's often kind of reticent about talking in public.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Pretty much.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
It's been wonderful. Thank you, Kirsten. Thank you so much.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And so I went on YouTube and started teaching myself how to make scones. And for the last about 18 months, I've been baking scones and people love them. People more than my friends and family love them. So I don't take that sort of feedback with any kind of any weight or measurement of how good they are. But it appears that my scones are a hit. So I'm becoming known for my scones as well.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
well you know yeah those are fairly pedestrian shapes um i uh i also like to go to uh antique malls and i look for the cookie cutters that are deep enough so i've got any shape you can imagine i like the hearts a lot because i figure if you make a heart-shaped skull and if someone has a broken heart you give it that two of them and they always feel better about themselves but i've got cats and cows and flowers and stars like any shape you can imagine so no not not those mundane pedestrian scones you might find in the stores
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Well, you know how our friends are over the ocean there. They have words for things that are inappropriate. So what they might call a scone, we might call a biscuit, you know, and one might have an egg in it. The other one might not have an egg in it. And I'm not that pure. I just want to go with taste best. You know, this is my palate I'm concerned with.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
So I'm going to I'm not going to touch that one. Yeah.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Yeah, point of play here. Me and the viewer obviously raised in the southern part of the United States where sweet tea is the beverage of choice.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
It was too sweet. Well, the thing there is, do you put the sugar in when the water is hot or cold?
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Put it in when it's hot. Otherwise it gets cloudy.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
That is a good question, and I love them all. They're sweet scones and they're savory scones. My personal favorite is a candied ginger butterscotch scone with a light green sugar glaze on top. That is my favorite sweet, but for savory, I go way off the charts. I like an anchovy sun-dried tomato caper with a pickle cream on top.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
So you get that sort of punch, that little, that tart bite, and it moves into more of a salty, um, unami flavor, but you get a full rich flavor. And I might throw some smoked cheddar, smoked horseradish cheddar cheese in there too, just to give it an extra oomph.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
But it's certainly a confusion in the palate, but all of a sudden the flavors dance together and then you're left with this wonderful taste there. But it's, you know, I'm, I'm a, I'm kind of a backyard chef, so it's an acquired taste at times.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
So last night I baked mangoed candy ginger caramel scones with a simple sugar glaze and then dark cherries dried and dark, really dark chocolate with a sugar glaze as well. Heart shaped for an event tomorrow.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
I'm going to have to report back if people liked it. Wow. Andrew, I will hold you a plate and then Kristen, I'll find a way to get you some.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
I don't, I'm going to push back. You're a problem solver. I bet if you put your mind to it, you'd be the best scone baker we've seen.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
All right. Well, thank you. Appreciate that. I am the other Andrew Rose, the US version of Andrew Rose. And fun fact, there is another Andrew Rose who does cyber, but we'll eventually get him into one of these podcasts. Yeah. So, I am an accidental cybersecurity advisor, expert, what have you.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
I was working for a large bank that does agricultural financing and had just come off of helping stand up the Cybersecurity Association of Maryland as a favor to a friend of mine. It's not that I have any coding or cyber background, it's I know how to start nonprofits and write bylaws and put fiduciary responsibilities and governance in there and bringing sponsors.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And we hired an executive director, got an office location, got programming up and running. At about that time, I went over to the bank and I inherited a large team that was geographically dispersed. And I figured a great way to do a team building exercise was do a tabletop exercise.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
And since I'd just come off cybersecurity, I figured, well, let's just do a nuclear internal disgruntled tech employee that bricks our machines, exfiltrates data, you know, the whole nine yards. And we ran through that exercise. And I won't really go into what our findings were, but it gave us 18 months of work to patch. over a few holes that were uncovered.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
One of the issues going into this, and for anyone out there listening, is we had assumed we had a playbook. We had assumed that whatever the crisis was, there was protocols and procedures in place to follow through that. And that was the pushback I got when I was pulling everyone together. And I said, well, we'll do this from muscle memory then.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
We'll run through it just to understand what this looks like. And then we obviously identified some gaps and blind spots. What that that gave me a lot of pause. And I reached out to a friend of mine who was very high up in the U.S. Cybersecurity Command and said, hey, I'm in agriculture now and I just found something I'm a little little concerned.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
Would you would you look around and just let me know what you see? And he got back to me about a month later with an OSSHIT type of email saying, hey, this is not good. And, you know, I'm just doing this as a volunteer. I'm a regular guys, but I know a lot of people. And at the same time, and I can share this publicly because there is a YouTube video.
Bites & Bytes Podcast
The Double Andrew Rose Special: Insights on Cybersecurity in AgroFoods
One of our clients is a very large poultry integrator on the Eastern Shore, and their contract growers were getting hit by a variety of business email compromises and rerouting transaction numbers. And it was in the tens of millions of dollars were the hits. And no one knew what was going on. No one knew what to do. And I thought I'd be a superhero and I called the FBI.