Networking and security experts from TOSIBOX are here to share their insights about industrial and operational networking in many different verticals, including building and traffic automation. They share some of the most common pain points in cybersecurity and building global networks, discuss successful IT/OT convergence, and automating networking to make secure remote access much easier. We learn about securing OT networks, take a more technical dive into technology standards for automating infrastructure, and hear a story of a joint project with an oil and gas customer.
“Have the courage to get beyond traditional IT and look at the new technologies that are out there.” – Bill
“The pace at which these operational networks are connecting, and the growing and essential need for cybersecurity, finding the right combination of technologies to get these applications done is essential.” – Jerry
William Behn is a founding member of the TOSIBOX global executive team and President at TOSIBOX, Inc., leading the charge in enabling Industry 4.0 initiatives in multiple verticals in 150 countries. Prior to this, Bill ran a national staffing and banking consulting company and trained fighter pilots in Asia for over a decade. Bill has spent the last 15 years working with innovators and high-performing organizations around the globe to connect dots and solve modern problems with modern solutions. He’s also a fan of breaking old habits, reality, extreme efficiency, maintaining an effective cut and draw in golf, geo-politics, self-expression, understanding how the brain can move us forward and hold us back, the US Air Force C-130 Cadre, technology, innovation, and elevating everything.
Jerry Reeves is the VP of Engineering and Global Product Management Team Member at TOSIBOX. Jerry is a Georgia Tech engineer and spent most of his career as a system integrator. For the past four years, Jerry has been helping organizations leverage TOSIBOX in their Industry 4.0 initiatives. Jerry is highly experienced in organizational and business process improvement related to high technology, cybersecurity and interoperability. Not to mention, he’s figured out how to combine deep system integration and engineering with the ability to communicate through all levels of an organization to get stuff done.
Kevin: Hello and welcome listeners to Inductive Conversations. I'm Kevin McClusky, Co-Director of Sales Engineering here at Inductive Automation, and it's a real pleasure to be with you today. We're going to be talking a bit about industrial networking, operational networking, security and some other exciting topics. We're joined today by Bill Behn and Jerry Reeves from TOSIBOX, sharing some of their insights. So welcome guys.
Bill: Thanks for having us, Kevin.
Jerry: Yeah. Thanks, Kevin. This will be a fun conversation.
Kevin: Yeah. I'm looking forward to it. So for our listeners who may or may not be familiar with the concepts that we're going to be talking about today, I wanted to make sure that we introduced them. Industrial networking is one of those hot topics overall right now, where we're seeing a real IT/OT convergence, we're seeing a lot of these technologies coming together in a way that we haven't seen before, and historically, industrial networking might have just referred to the pieces of the network, that were on a local network right next to PLCs and SCADA systems and HMIs. And at this point, one, the definitions increased a little bit, and, two, there's a lot more in terms of considerations when it comes to industrial networking for customers. So there's a lot more focus on things like security, for example. From your perspective, can you talk a little bit about industrial networking, what it means to you, and maybe the concept of operational networking as well?
Jerry: Absolutely, you're spot on. Industrial networking historically is typically meant the local network that just interconnected our machines and people local to the plant floor, but in today's world with people being distributed, especially in our environment, these days, people being distributed, plant locations being distributed, operations and corporate environments being distributed, there's a need to move data across multiple locations. So industrial networking really has expanded beyond that local plant floor level and really gone global, in the best sense of the word. So we're finding many operations out there connecting these people, connecting these devices globally and needing the network infrastructure to do so. And we're seeing this in multiple verticals from a TOSIBOX perspective as well, that's why we tend to gravitate towards the term operational networking. But we see it not only in the industrial space, but also building automation, traffic, security, IP cameras, you name it. So across many different verticals, we'll see more and more of these operational networks being built and utilized.
Kevin: You know, I think that's a great point about the globalization of all of this, the fact that some of these networks that traditionally might not have been connected to a central location, maybe even cross country or across different country lines are all coming together, we have a whole variety of customers who are using Inductive Automation’s products, who will have an Ignition installed in different locations and countries, who are these multi-national companies that have 50 locations, 100 locations, 1,000 locations around the world and are connecting back to a central location. I think that's a great point that with all of these new needs, and especially in today's climate, there's a real need for security along the way too, and that security has become something that at least from my perspective, we're talking to customers about all the time, and I know that you're talking to customers about that as well all the time, because that's a key piece of what your offerings are. At this point can you actually give us a little bit of background on TOSIBOX, including the major services that you provide and the vertical markets that you serve?
Bill: Yep, thank you. This is Bill, I'll take that. TOSIBOX re-imagined operational networking or OT networking, we actually design network, we're a cyber security and networking company, and we redesigned it from the pumping station up, the factory floor up, the traffic intersection up, even the building HVAC up. So now, as the folks on this call, who are building these large scale, local, regional global infrastructure, are now having technology that's evolved where it's built for them, not having to bring in traditional IT and somehow make it work in the operational world. Again, verticals, we touch them all, smart AGs, smart buildings, smart factories, we're a seven by eight-year-old company out of Oulu, Finland, Northern Finland, up by the Arctic Circle, we're now in eight years in 150 countries, and like I mentioned, there's not a vertical that's gone untended by TOSIBOX technology. Networking is networking, folks.
Kevin: Based on that, you have a lot of experience in the topics that we're going to be talking about here today. I'd love that we're going to be hearing more about what you do, what you've seen, that's out there in the environment and learning more about your products here. Yeah, so at this point in the conversation, let's actually take a step back, Bill and Jerry, we've heard from both of you at this point, can you actually give us a little bit of an intro to who you are, what are your titles and what are your roles within the company.
Bill: Sure, I'll go first, Kevin, thanks. My name is Bill Behn, president of TOSIBOX. Responsible for things like awareness and partnerships, and mostly staying out of the way of the folks like Jerry Reeves on the call, our chief engineer. My previous experience is quite diverse, I used to train fighter pilots in Asia, and I ran a banking consulting company. I came to this operational networking world quite by accident, and I will tell you in my 50s, this is the most fun job I've ever had.
Kevin: More fun than training fighter pilots.
Bill: Can you imagine. More fun than training fighter pilots. Here's why, here we are in 2021, everybody's connecting everything, and we've now automated a way for them to do it. So the business models that we bring for and enable, it's just fun to be in service to this community.
Jerry: Yep. And Kevin, my name's Jerry Reeves. As Bill mentioned, I'm the vice president of technology here for TOSIBOX Inc. And I was just checking my calendar before we started this podcast, and realized I've been in the automation space basically 20 years, last week, so two decades now where I've been in the water/wastewater space, power technology space. And about five years ago, connected up with Bill and he and I have been working on the Americas markets for TOSIBOX. So while Bill's all things awareness and partnerships, I've been the one behind the scenes with the crew, making sure that all this gets connected up and customers get serviced, and our technology works as advertised, which has been a great ride because now I've really been looking forward to working closer with our teams in Finland on product management, product development and what's coming next, so that's a little bit about me.
Kevin: Well, thanks for this quick introductions, guys. TOSIBOX has a kind of unique technical partnership with IA as we try to explore some of the areas that we can work together to lower the barriers to entry for customers, some of those customers, which we share, of course. Can you tell us about how you were introduced to Ignition?
Jerry: TOSIBOX and Ignition have really been working together for a number of years, we've had customers in common that have already been deploying and growing their Inductive Automation applications and enterprises across our networks. I would say that we've probably recently found a critical mass where it made sense to explore the collaboration of y'all’s application technologies in combination with our networking infrastructure and bringing these together in things like podcasts and marketing arrangements for our joint customers, sharing our abilities to work together and provide these solutions that our customers can in turn provide to their respective industry. So we've been working together for a while, but looking forward to more and more of these formalized marketing developments.
Kevin: Great. Great. And I know I've worked from a sales engineering standpoint at Inductive Automation. I've worked directly with a few of these customers, who are using some of that TOSIBOX hardware. We all know that remote connectivity and secure network infrastructure for data and devices, especially in today's world, is critical. On your website, your CEO has a quote that says, "People should enjoy the benefits of technology without having an IT degree." What are some of the ways that TOSIBOX make secure, remote access much easier for customers?
Jerry: So really it boils down to, Kevin, TOSIBOX has automated networking. What do I mean by that? The technology that TOSIBOX has put out in their products, whether it's their locks or their keys or even virtual central locks, has created a platform that has allowed our common user community to automate the networks needed in support of applications like Ignition, that automation is what's really saving time, saving energy, and making it easier for people to get to the real value propositions of their overall operational systems, such as things like remote access, data, analytics and business intelligence. So that automation that TOSIBOX brings to that fundamental networking layer, is enabling those higher-level applications to be more and more successful.
Kevin: So the idea would be if someone has a degree in OT, not IT. So someone's a process engineer, someone is a controls engineer or someone is working on the plant floor and they want to set up some of this connectivity, that they wouldn't necessarily need to hire a network engineer to make this happen, they could take some of the hardware, roll it out, configure it themselves, and they'll be standing on the shoulders of giants, so to speak, in terms of getting benefits of TOSIBOX's experience and technologies that are underlying that are some of these standards that help do the security and the connectivity there automatically in a way that they can trust.
Jerry: Yeah, no, that's a great summary, Kevin. Because as we all know, more and more connections are being made, whether that's a PLC into a SCADA system, or whether that's an operational technician into the operational network and operational system for support or troubleshooting, more and more of these connections are being made and that demand on IT staff really is not sustainable, especially in today's cyber environment, where threats are coming at you from every vector, IT teams are really focused on a lot of these malicious actors and malicious events and things like basic connectivity, basic VPN security are getting pushed to the back, which affects operational performance. So now if our technology is able to push some of this capability down into that OT space, as we talked about, and our IT gurus can start building these networks for themselves without compromising security, it's a win-win across the entire enterprise.
Kevin: I know for a lot of companies who are implementing some of this security or needing to set things up in a way that has these secure connections, they'll need to work with their IT department in order to validate any system that's put in place. Am I accurate in assuming... Or maybe I should just ask the question, do you have a set of documentation, other things that can be provided to an IT security team in order to... Validate, in order to share and give confidence to the IT folks that going with a solution like this is going to check all of their boxes and be a secure solution and be a solid solution for the things that they need and maybe beyond even the minimum requirements, but maybe even a higher level than the IT team requires.
Bill: This is a great question, and it's actually the other side of the coin to the last question you asked. Gone are the days when you'd tiptoe past the IT department and go right to the controls engineers.
Kevin: Yeah, that's really true.
Bill: Yeah, that's so 2015. Nowadays, you can get with the technology that's out there today, you can get the IT folks, in fact it's a must to get them on your side. And with TOSIBOX, because we use... You get to build traditional IT networks using RSA, using PKI, TLS, OpenVPN, all the same things that an IT professional would build, they get to bless these operational networks, because it's the same type of network he or she would build on their own.
Kevin: Great. Alright, well, let me jump to the next question here. What are some of the most common pain points that you're tackling with regards to cyber security and building global networks?
Jerry: Sure. So this is always a great question and let's start with cyber security, it's the big one that everybody should always have in front of mind. It's amazing how rapidly this has evolved over the years, where security was a bullet point on the list and now it's its own document in the front of every bid package. Authentication is a big one. In a lot of cases, it's about connecting people, it may be connecting people into your Ignition software for analysis of an operational network, but ensuring that it's the actual correct person with the right credentials getting there is of a critical nature. And so with TOSIBOX, we deal with authentication as one of our big features, and two-factor authentication is mandatory for all TOSIBOX networks. Two-factor authentication is really the go-to standard these days for personnel authentication. A lot of people are like, "Oh, we have strong passwords and we still use usernames" or, "No, we have SMS, text messages that come in to authenticate our users," but even some of the largest companies out there, Microsoft just recently said that SMS is no longer acceptable for two-step authentication. We're promoting authentication security heavily, and we make it mandatory on TOSIBOX networks with physical first multi-factor authentication, so cyber security and authentication is a big one.
Jerry: The other pain points that we look at is scalability, Kevin. A lot of people, especially in the OT side, will say, "Alright, I'm gonna build my first little SCADA network," and they put in maybe a single VPN to make that work, but it took him a few weeks to do so, and now they have to connect 50 other stations, and they're sitting there pulling their head out going, "That's a lot of work. I'm not sure we have the time or money to scale that out." With TOSIBOX's automation, we're able to address those issues by making that an automated process for scalability. And then the final bit here is, and it's always a pain point for every operation, is cost. If it takes a lot of people to do it, if it takes a lot of equipment to do it, if you're relying on third parties for static IPs or private APNs, you're introducing cost into that scalability proposition, and that may not be feasible for your operation. Again, the same benefits that people find in automating their industrial or building enterprises, they're able to see a lot of those cost benefits in automating their network infrastructure with TOSIBOX.
Bill: And Jerry, I'll also remind the folks on the call, one of the largest oil and gas companies in the world... Really they have plenty of money, but there's another hidden cost, and that is, as they're growing their global OT infrastructure, they don't have the manpower to do it. IT guys are not a dime a dozen anymore, so it's the cost, but then there's also the manpower, do you really have the manpower to get some of this stuff done on a global scale?
Jerry: Good point.
Kevin: Yeah, related to all of that, can you talk in some more detail about some of the ways that TOSIBOX is securing OT networks, taking care of security on the OT side of things, so that integrators don't have to?
Jerry: What TOSIBOX builds as part of its platform is an encrypted tunneled network infrastructure. And by doing so, rather than having to worry about, "Is my transmission protocol or my data streams secured with certificates and encrypted, so it can pass through a public space?" We provide the capability for these operational gurus to create these encrypted tunnels, almost like... We like to say on our marketing spiels, virtual patch cables, where they're able to interconnect the PLC at that remote pumping station back to that centralized SCADA system through an encrypted tunnel, as if that PLC was in the same network. So that encryption and that encrypted approach allows them to create almost... As we said, in the beginning of this call, Kevin, local networks, they just happen to be geographically diverse. Couple that with, again, with TOSIBOX's automation, you now introduce simplicity. So with that simplicity and with that automation, we take out that human error issue, so that the OT technicians out there don't have to worry about, "Oh, did I select the right security box, did I put in the right configuration to make this secure?" TOSIBOX has automated that into our system. So whether you are a mom-and-pop integrator, all the way up to as Bill just mentioned some of the Fortune 500, you get the same standardization, same simplicity, same scalability without compromising security.
Kevin: You know that leads me into my next question here, where you're talking about OT networks, but you're also talking about things in the IT side. IT/OT convergence is a subject that's dear to our hearts at Inductive Automation, how is TOSIBOX helping to bridge the IT/OT gap.
Bill: I'll start by saying, one of the cool parts about TOSIBOX is... If you're an enterprise organization, you no longer have to redesign your entire IT space to bring your operational systems on board. TOSIBOX will create separate OT networks or it will feed right in, work harmoniously with your large-scale existing IT platform framework, whether that's the factory floor up in the cloud, your Cisco environment, you name it. It's not either/or, it can be either/or but mostly it's together. Jerry, anything you wanna add to that?
Jerry: That's absolutely right, Bill, it is together. And it's the type of thing where, because it's an automation of the technologies that the IT teams would use themselves, it checks those boxes, so Bill, as you mentioned earlier, you no longer have to whistle past the IT group, it's now a technology, TOSIBOX is now a technology that the OT stakeholders and the IT stakeholders can collaborate on and work together with, which only makes the enterprise stronger. So it's been a real fun journey watching these conversations between integrators and their end customers and their end customers' IT departments get to solutions to support applications like Ignition.
Kevin: So in addition to some of the industries that are very commonly used with Ignition, like general manufacturing, oil and gas, food and bev, water/wastewater and a variety of other industries, but I'm interested in talking specifically in addition to those or the fields of building automation and traffic automation. You have a fair amount of experience inside there, and I know about a number of Ignition integrators, companies who are doing integration with Ignition, are starting to move into this building automation space, and are interested in traffic automation as well. What opportunities do you as TOSIBOX see inside the building and traffic automation spaces?
Bill: I think that's an interesting question for the folks on this call. First of all, networking is networking, alright, we've taken a number-one position inside of building automation, networking is the same. What I find most interesting to connect the dots between the different verticals is, it doesn't matter whether you're connecting in one of those silver boxes at an intersection. By the way, there's a half a million of them in the United States. Or a building automation system. It's the same thing, controllers, switches, devices, they call them controllers in building automations, you guys call them PLCs, so the network is the network, the devices are quite similar, and what customers are asking for in 2021, remote maintenance, remote troubleshooting, data collection, AI and machine learning, is the same in all verticals. So no matter where you are along your Industry 4.0 path or no matter who your customer base is, just know that there's expansion opportunities, and it's not that big of a jump to go from water/wastewater into building automation. Jerry, is there anything you wanna add to that?
Jerry: I think you're right on, Bill, and I would say that all the drivers for each of the verticals are absolutely the same, so personnel connectivity under the constraints of cyber security and the need to scale. I'll go back to, again, the pace at which people are trying to connect their devices personnel for the purposes of remote connectivity or data acquisition, that case is only rapidly increasing, and so having standardized networking platforms like TOSIBOX that can go across multiple verticals, is only gonna make things more efficient.
Kevin: So I have one very technical question, I'm kind of a rubber-meets-the-road kind of guy, I'm an engineer by training, and I've worked on numbers of customer projects, and I was doing design services before I came over to the sales engineering side and worked for an integrator before that. So I know that some of our audience is in the same space, they're very technical, they come from a background of understanding some things about networking and setting some of these things up. These folks may have the skills to set up and manage their infrastructure, but there's definitely a benefit, as you've been talking about and having it automated, like your offerings provide. Can you talk in a little bit of detail about some of the technical details that a network engineer would care about in terms of the technology standards that TOSIBOX employs inside their products?
Jerry: Sure, absolutely. So, as we mentioned throughout this podcast, TOSIBOX creates automated secure network infrastructure, okay, and that network infrastructure, Kevin, can support not only Layer 3 connectivity like most traditional VPNs can support, but we also have the ability to support deep Layer 2 connectivity that a lot of our customers enjoy, so people that are working with SIMAS automation or Rockwell Automation and need to say broadcast and find new devices or configure new PROFINET names and that sort of thing. They have the deepest level of connectivity in TOSIBOX networks, and that's been one of the hallmark premises of TOSIBOX, is having that deep Layer 2 connectivity. But all of that connectivity is also very well secured, and we use technologies that the IT teams are already familiar with today, so our cryptographic architecture is all PKI with RSA keys, and those keys are all the way up to 4096 bit with a physical key exchange. We use TLS and Diffie-Hellman with client certificates, our locks themselves and even our virtual central locks that run data centers and cloud locations come with full-blown firewalls.
Jerry: Some are Linux Netfilter and others, okay. We can support IP and MAC filtering across our networks, one-to-one NAT, and then finally, we have a full-on encrypted connectivity between our devices and the TOSIBOX backend that provides, say, the automatic software updates for each one of our devices. Okay. Automatic software updates for features and security patches are on by default to create that cyber security best practice, but even those connections back to the TOSIBOX repositories are secured and encrypted for a holistic secure environment. So as always, because of cyber security and because of networking changes, TOSIBOX evolves their technology, and we plan to stay on the forefront of each one of those features and technologies to bring the best possible platform to our customers.
Kevin: Jerry, that's fantastic. And for those of you who are controls engineers, I think that one thing may have really stuck out to you, which is that Layer 2 connectivity, which in my opinion is just fantastic. To be able to sit as if you were on that local network and have those connections, and to be able to do all the things that you would on a local network just remotely is just fantastic. Program the PLCs, do your local searches for... "Local searches for," you know, different devices that are on their pieces of automation hardware. All of that is something that can be really hard to do and it sounds like this makes it very easy. I appreciate all that detail as well. And I apologize to any listeners who we lost there a little bit, that does get into the weeds. So as I said, that was the one deep technical question. So if your eyes glazed over a little bit, come back to us, we're wrapping up with a couple of higher-level things. Second-to-last question here actually is that our company and your company have been working with a joint customer, and actually several joint customers, but one specific one in the process/oil and gas industry I wanted to ask about. Can you talk a little bit about that? Share a little bit about that with us.
Jerry: Sure, absolutely. The company that we're talking about today is Integrity Control Services, and we were introduced to them recently through some of our partners down in Texas, and ICS picked us up and is working on a very large mid-stream project with Ignition.
Jerry: I've talked recently with Mark Whitley at ICS, just kinda getting a status check on his project. And it was a very positive conversation, because his project's going well, but it's not just that his project's going well, he was able to share with me the efficiencies that his team was able to pick up by coupling Ignition with TOSIBOX. He was able to not only create a SCADA platform for his customer, okay? But he was actually able to provide a full turnkey solution that included not just the Ignition application, but the server hosting, the networking infrastructure to support the entire application across many different locations.
Jerry: So, all in all, his ability to expand his business beyond just application development into more of a holistic SCADA turnkey solution was a big benefit for the ICS team. Not to mention, you know, the efficiencies they picked up in not having to wait on a third-party IT person to set up the infrastructure in anticipation of deployment of Ignition. Right? He was able to provide all this turnkey, which provides more efficiency for him, more projects faster. It's only a win-win for ICS, coupling Ignition with TOSIBOX.
Bill: These integrators, also as you start to do more you become stickier with these customers and they really appreciate that you're solving three or four problems beyond what they thought you were gonna solve for them. And that really helps the brand management of the system integrator community around the globe we see.
Kevin: Yeah, that makes a lot of sense. Going with a standards-based solution also is something that a lot of integrators, customers really appreciate. And, you know, from your answer earlier there Jerry, it sounds like everything that is really being done behind the scenes inside the TOSIBOX infrastructure there is standards-based, right? It's all based on standard IT technologies that are automated in a way that makes it really quick to set up, but they're technologies that IT departments will appreciate, and they're also technologies that just companies in general will appreciate. That they're not seeing vendor lock-in with all of these things that you're offering, but at the same time, they're able to get started and get going right away.
Jerry: Well said.
Kevin: On to my very last question, and this one is more just around general conversation. We know that inside this space, Jerry and Bill, you have a fair amount of experience as you shared at the beginning, inside industrial networking, operational networking, and connectivity and security. And I just wanted to ask you, what are some of your final thoughts that you'd like to share with the community?
Jerry: You know, the pace at which our customers are connecting, and when I say customers, I mean our joint customers with Ignition across multiple industries. At the pace at which these operational networks are connecting, and now the growing and essential need for cyber security, finding the right combination of technologies to get these applications done is essential. You know, Ignition has a great portfolio of integrators that are putting together solutions and they're using Ignition's technologies and as well as TOSIBOX technologies to do so, but we'll find that that is only going to increase under the guise of cyber security and automation and TOSIBOX will be there to help and collaborate. Bill, any other final thoughts from your side?
Bill: Yeah, I'd like to say it was pretty easy for me to think about, you know, why we do this? It doesn't matter if you're dealing with Dubai, or Sydney, or... I'm in Atlanta; Cleveland, Ohio. Our entire team wakes up every morning to be in service to the system integrator community, to help you do things that your customers had no idea their systems could even do. I mean, I think about it, you had the courage at some point in the past to get beyond traditional SCADA and look at Inductive Automation. Have the courage to get beyond traditional IT and look at the new technologies that are out there like TOSIBOX that can take your business from the last decade, or the last century, to where we are today. And Kevin, I just gotta say thanks for the time today. It was fabulous.
Jerry: Yeah, thanks so much, Kevin.
Kevin: Absolutely, I wanted to say a special thank-you to both of you as well, Jerry and Bill. It has been a true pleasure to have this time and to be able to pick your brains a bit about this industry, where we're at, and where things are going. And also to understand and learn a lot more about what your offerings are in this space. As I mentioned, I know a number of Inductive Automation customers are seeing success with projects that include your hardware, and we look forward to continuing to work together.
Kevin: For you the listeners, thank you so much for joining us here today. We'll see you next time. Keep innovating. Keep doing amazing things. Take care, everyone.