Webinars sample

Um, so I'd like to first introduce myself, Joseph Giampapa from Lindon AI and my partner Ana Maria Berta.

She's online as well.

He also from Linden AI.

If you have any questions while I'm on a slide and before I make a pause, please feel free to type it into the chat.

And Ana Maria will look for those chat messages and if it's something to intervene and ask me a question, she'll she'll ask away.

Also, David, if there's something that you think I'm missing, feel free to intervene.

Otherwise, I would say I'll be making pauses between major sections so that people can have their questions then, and then we'll have a discussion afterwards.

Um, OK, so David, could you advance to the Excel slide, please?

So as I said, you know, the goal of this is to Reorient your, your way of thinking about AI for your organization.

Um, so in the media, we hear a lot about large language models, um, and, and the need for server farms and how we need more power generation plants.

Uh, we're hearing about a very distorted image of AI.

Um, it's an image that adds value to one sector of the AI ecosystem, but it's grossly overlooking everything else and that everything else is very applicable to small companies.

So that's what I'm focusing on here.

Next slide please.

So, Most, you know, the first part of this is going to be a definition of AI and related key terms, and I hope that it will be entertaining and something that you can operationalize.

Uh, then, uh, go into some parts about the business, um, uh, cases for AI, uh, and then a little bit about the interplay between AI and robotics for manufacturing.

Um, and robotics is huge and could probably be its own webinar in its own case, but there's, there's a special relationship that I want to emphasize.

And if there's and if people don't have any specific questions, we can go into more detailed questions about robotics for manufacturing during the discussion.

Next slide please.

OK, so, um, what is AI?

Uh, you know, my operational definition is human knowledge and reasoning in useful digital form.

this is critical because you don't know what the form is of human knowledge.

We already encode it in a variety of different ways in the ways in which we do things.

It's carried about by the personnel in our company, in our companies who have specific expertise.

It's documented.

It's institutionalized in our processes, the organization, the tools that we use, the ways in which we do things.

Uh, these are all the different ways in which knowledge is stored and distributed throughout a company so that you can use it to your advantage and to the end of creating your product and being responsive to a market.

Um, so that's the first key point that I'd like you to take away from this is that it's going to exist in a lot of different forms and you have to think about how to access it, how it's going to be useful, and what is the, and then eventually if you want to actually put it into digital use, what is the computational machinery that you can use for doing that?

And there are lots of tricks.

Part of the science of AI is discovering the tricks in which you can do that.

Um, if AI as a concept distills into a well-known discipline, it gets a name, and nobody thinks about it as AI anymore.

So you know how everyone uses Google.

Google is, you know, it's a nickname for, um, or there's a more accurate term for it, but I can't remember, for information retrieval.

Information retrieval was an AI research topic in the 1990s.

So that's an example of how when an AI topic becomes useful, you don't call it AI anymore.

It just has its own name, and then when a brand.

Um, you know, it becomes a film associated with a brand who use a brand to cover it.

Uh, next, please.

So, uh, robotics is primarily about control theory.

That uses AI for perception, state estimation.

And planning, you know, deliberative and reactive planning, um, deliberative is where it's thinking into the future before it actually commits to a plan.

Reactive plan is a controlled response type of activity.

Um, in scheduling, so if you have deliberative planning, then you have your scheduling which is prioritizing the task and trying to attain some efficiency from that.

Robotics exists in many forms.

You have the mechatronic implementation of a robotic platform, which is the mechanical and electronic control of the mechanics.

And there's some control theory baked into the mechatronics, but AI allows you to explore a broader representation and more variability in the way in which that control loop is implemented.

Next slide, please.

Everyone has heard of big data AI.

In the 2000s, it was the biggest thing that everybody was talking about, and it has given rise to, you know, the large language model type of AI that we're hearing about in the media now.

A big data AI is just one form of AI.

Um, and it has, it has its essential role, but it's not the only one.

So think of big data as where you have a lot of data, it's unstructured.

It would be very costly to try to add structure to it and you don't want to do that.

You have a very large number of known and unknown characteristics all mixed in, and trying to distill all of them would be just too much effort.

Um, it doesn't begin to work until you have um.

Orders of magnitude of data samples, like, you know, millions as a minimum, it begins to work, but you usually have to have 10s to hundreds of millions if not more, and they're usually used for one type of problem, such as the identification or classification or the programming of robotic behavior.

There's a technical difficulty.

They did somebody complained that they can't see the slide.

OK.

Um, we're still seeing data AI slide.

OK, so Does anyone else have this problem?

Yes, I only see the big data AI slide as well.

All right, but that's the one that we're on right now, OK.

OK.

So yeah, so big data is used for one type of problem like classification or programming the the trajectory of a manipulator and detector in space.

Um, it is something that would take a very long time for humans to characterize.

Uh, so for example, um, you know, how humans would do it is they would do a lot of statistical analysis on the data set.

They would say, OK, I hypothesize that the data can be characterized in this way.

And they create a selection criteria for selecting the data.

They get a certain quantity of data that conforms to that hypothesis, but then there's another, and then they have to keep on trying to determine what are the characteristics of the data by doing a variety of statistical analysis on the data set to be able to access sections of data that Relevant to solving the problem and that takes a very long time and it's not a very accurate process, whereas big data AI is actually computational machinery that first of all it makes the hypothesis about what are the features of the data that are important to comprehend and to model, and then it also determines what is the Um, the frequency or occurrence of those features in the data set to for indicating the saliency of the underlying process.

So you look at data as an indication of what's happening underneath the scenes, underneath the hood, um, and so big data AI is a way for Identifying the symptoms and the behaviors that you need to look for.

The thing about big data AI is that from a computational perspective it's very expensive.

That's where you need the GPUs because you're usually doing a lot of numerical computation, a floating point arithmetic, and um.

You're the other big expense is sometimes collecting and labeling data.

Now, as I said, this might seem a little bit contradictory, but part of the collecting and the labeling is to first of all, reduce the, the noise, the number of parameters that are unrelated to your problem, and labeling is to ensure that you have reliable data for predicting an outcome.

Uh, within the type of responses that you want.

So for example, if I, if I'm trading an algorithm to to identify house pets, if it, if you know, on the presentation of an image of a cat, it replies gorilla, that's clearly a mislabeled data item that shouldn't have been in there, and that's, that's noise.

So part of the process of big data AI.

is to curate the data so that your labels are consistent with the types of outcomes that you want to achieve.

Next, next slide, please.

So, uh, for manufacturing, uh, big data is usually used for predictive maintenance based on motor vibrations and power draw.

Um, and you need it for determining what are the states, the operating states of the machinery based on the microphones that you're using.

There's going to be a variance in the signal that they provide.

You have a variety of signal strengths and filters, and in the real world there's lots of noise, so big data AI is good for finding the signal in all of that noise.

It's good for inspection of defects in visible light, primarily because you have atmospherics, dust particles, a lot of dust and particles in the air that have an impact on a type of lighting system that you're using.

You have a variety of the surfaces of the pieces that are being examined.

You have a variety of lighting sources.

There, there's ambient light.

There's structured light.

Um, you could be using X-ray imaging, other types of imaging devices, and you have a variety in sensor performance.

Sometimes just a sensor being out of configuration is enough to send an algorithm and a data model in very wrong predictive capabilities.

So you have to Uh, you have to carefully check the calibration and that's called the intrinsics, the, the internal performance characteristics of your sensors to ensure that they are providing reliable data to your algorithms and um.

Uh, even then, there's going to be a lot of variances in the, in the signal that they provide.

Uh, so big data helps solve that problem.

Uh, next slide, please.

So small data is something that everybody is used to.

Uh, we've already been using it for a long time.

Uh, it's often, so, um, you want a reason.

So small data AI is reasoning about a state it's either a reasoning problem or a state exploration problem, and you're using structured data that's known.

You can label it.

You know very well the variables, the data types, you know where they're coming from.

The meaning and the interpretation of the data is clear and well understood, but the difficulty is in reasoning about the combination of the data because you have a what's called the state state space explosion that's combinatorial.

So think of an example is game playing like chess.

Um, you have, um, you know, just a few types of pieces that are well known that you know what their behaviors and characteristics are, but the range of all their possible moves makes a very large search space, and solving the problem of playing chess is a type of small data AI.

Now, related to your, your enterprise, it could be that, um, I think that's next slide please.

Some examples of small data, so this clarifies.

Yeah, for example, maintenance and troubleshooting guidance.

So for example, manuals.

If you have manuals and PDF form, small data AI would be a help desk that has that incorporated for doing, for example, a search over those data.

If it's structured, you can search record books, um, and it's not just doing the search and retrieval, it's also reasoning about that.

Um, you can use it for production.

Well, small data is planning and scheduling.

So if you're using a manufacturing system, it probably under the hood there's a planning and scheduling small data AI engine.

You can use it for weld planning.

You can use the information that's in a CAD design for determining what the assembly sequence is for components.

Um, you can use small data for casting inspection of CAD design.

So if you have an X-ray image of a CAD design, um, it's a combination of big data and small data in which you, you might use the big data for being robust to the variances in, um, in the images, uh, and in the, um, uh, the contrast of the images, but you use A very simplistic way to find the contrast and outline the border and then you would use a small data AI for then reasoning about the significance of the defect in the cast in in that casting and small data is also used in project planning and costing based on existing inventory and whatever other criteria that you have.

So think of small data as being able to Take into consideration your known knowns and more reliably, accurately and quickly reason about the the complex constraint space in which you're trying to optimize something.

The optimization could be you want to reduce your production times.

You have a limited workforce, you have very tight production schedules of multiple types of products that you have to get out.

AI can help in that respect if you're not already using it for for those types of problems.

Next slide, please.

So, um, a critical concept that, uh, isn't talked about much is the digital thread, and this became, um, This was the biggest proponents of this are the US military Office of Secretary of Defense Mantec that they, they are very much concerned about how, how weak their defense industrial supply base can be in time of need.

So I think at the time of production during World War II.

We were able to scale our industries through through human workforce.

We don't have that luxury anymore.

We don't, we're not able to scale production through hiring people, um, so, um, they're very concerned about what are, what are the pieces, how, how rapidly can we produce things.

So the office of the Secretary of Defense has this program.

in a working group to reduce rework and scrap in the production process because rework and scrap means delays.

Uh, it also means that there could be negative consequences and further delays if pieces are not inspected earlier in the production process.

they get further down in the assembly of the final component and then they realize that the fault is that one piece and everything else has failed because of it.

So they've been pushing this group to come up with a theory of the digital thread.

which is an abstract representation to integrate all of the systems in production from the time you take a customer order to the time that it's shipped and you're actually getting reliability information from the product at the customer site.

Um, so that's, that's where, you know, you have the performance data over the course of the product's lifespan.

And this is, this is important because the digital thread enables your little data reasoning across the whole enterprise.

Uh, so if you need to rapidly program a robot to learn how to perform an activity based on a type of part, one of the things you're going to need is the digital design of the part it needs to manipulate.

And if you can share that with the robot, that's great.

You already, you already solved a significant hurdle that somebody is going to have to program.

The other thing is.

If you need to inspect a part, your digital design is going to be the guidance by which the inspection takes place.

There are going to be other standards that come into play, such as the performance, the tolerance, and then there's also the contract which would have to be in digital form to determine what is acceptable and what isn't acceptable.

But all of that, if it's in digital form can be automated.

And doesn't require a lot of human concentration to analyze.

So thinking of the digital thread is the key insight that I would like everybody to take away from this presentation and that going from start to finish is going to be really tough.

It's something that you can do, you can get little islands of opportunity but within an enterprise there are islands of opportunity, low hanging fruit, as we like to say, that are that lend themselves to digitization efforts much more rapidly, and they're going to give a minimvalue product immediately to the operation as you begin to set up those little islands of digitization.

Um, you'll be connecting pieces.

You'll be making small modifications throughout your, your, your processes and your your tools that allow you to make those modifications, and you're going to be assembling a digital thread to be able to give direction and vision to what you're doing, just keep thinking of all the other things that could benefit from the knowledge that you're capturing in digital form and how you're using it.

and it should become a background discipline, something that you think about consistently as you're looking to improve your operations.

Um, now, having said this, uh, I think I have another slide.

The next slide please.

Right, so, uh, that's right.

So, the importance of the digital thread, um, it's the ultimate goal of a digital transformation, and business schools are beginning to talk about digital transformation, um, but they're not, they don't know anything about AI and robotics for manufacturing, so they're not completing the the fulfillment part of it other than just warehousing.

But our counterparts in Asia who have been customers of mine through Carnegie Mellon University have contracted me to develop automated manufacturing robots that take advantage of orders from the time that the customer places an order digitally online.

Uh, to the, um, uh, the engineered drawing in digital form that they then shipped to the robots, uh, for the robots to, uh, to manufacture according to their processes.

And it's a very cost effective means of maintaining human knowledge.

It's the best way.

And it's something that can be archived, retrieved, used, recombined in ad hoc novel ways.

Um, you see this in the apparel industry with the ready to wear industry that the Chinese implement.

So, um, the Chinese, um, Apparel industry, they follow social influencers and as soon as there's a social influencer who unveils a new type of garment, they they capture that design and they put it on their website for sale.

Even though they don't have anybody to manufacture it yet.

And based on the bids that they get for that garment, um, the, the Chinese websites will then access a network of apparel manufacturers who bid on the cost of making that.

in an auction, the apparel manufacturers, you know, what an award is granted, they get the contract, they manufacture it custom order according to what the person, you know, made, and then it's shipped immediately.

So you can actually offer a, a wide array, a pallet of a variety of different products to your customers without actually having to have them in inventory in a warehouse, depending on how long it takes for you to do that.

Um, and, um, well, the Chinese, they have a, um, a large, uh, human labor force.

They're also investing heavily in automating their production, and they've been doing a lot of research and application of AI to robotic manufacturing.

Uh, next slide, please.

So, this is a project I worked on in the 1990s.

I don't know what state it is, but this is something I did in Italy.

Um, Italy has a very tight labor force.

The labor unions are national.

Companies declare the type of labor force they're going to hire and to the national government, and then they make a contract.

Then there's a base contract that they make that's according to the guidance of the National Labor Union.

Uh, and then there's the private contracts.

So, um, one of the side effects of this is that they cannot fire people very easily or at a time they could not fire people.

So they cannot do surge hiring in times of large orders.

They cannot lay off.

Uh, so, um, they have to be very judicious in the way in which they hire people, but one of the things they've been doing with the help of national, regional and local governments that make available funds for workforce development.

they developed a mix of engineers through apprentice programs that integrate computer scientists with the mechanical engineers, the material scientists, the chemical engineers, the process engineers working on real industrial problems, and this was a problem that I worked on for the shipbuilder Finanieri and Lloyd's Register, the insurance company based in London.

So an oil tanker has to be certified for the waters in which it's going to be carrying its cargo.

You cannot um.

You cannot use an oil tanker for the Atlantic to carry crude oil in the Indian Ocean, for example, or, you know, there are certain restrictions about the safety given the types of weather conditions that the tankers are going to be encountering.

So one of the, the first considerations that any that the shipbuilder has to go through is.

Given the inventory for the types of steel that they have in-house, and you guys would know this better than I would, um, given the quality of the steel, um, that makes a difference on how the structure of the hull is designed.

Uh, so in a double hulled oil tanker, there's a reinforcing rebar that is welded between the two hulls.

And depending on the quality of the steel, there's a regulatory requirement about the spacing of that steel.

So in the left part where I have the inventory body of water and regulatory, those, that was the first interplay of considerations that they wanted their small data AI system to address how to help them figure out what the requirements would be.

Uh, for inventory of a certain type, what would be the time and the cost of producing that hall.

And then once they, once they had a rough calculation of the time and cost they would take and what their inventory and supply chain requirements would be, then they began to reason about the planning of the manufacturer, the tools, the fixtures, the dry docks, the workforce skills.

Um, and, uh, scheduling, and those two had an impact on the time and cost and they wanted to do all of this, um.

Across the wall type of engineering and design up front, uh, so that they can offer the most efficient cost ship design to their customers before they even commit to building it.

This was a project that we began working on in the 1990s, and I believe it's still ongoing, but you know this was the, so I was working on the part on the left, reasoning about estimating the time and cost given inventory, the regulatory restrictions for insurance purposes given the application of the of the ship.

Uh, next slide, please.

So, um, at this point, I'd like to take a break and open the floor if anybody has any questions about what what I explained so far.

I put people asleep?

No.

OK, so let's continue.

The next slide, please.

OK, so, um, you know, what's the business value proposition of AI?

Uh, the first is mechanization of mechanized production.

Um, so think of, um, the industrial revolution.

I mean, we, you know, people have probably heard about Eli Whitney and Colts firearms.

Uh, basically, the mechanization of production was a defense industrial, uh, type of, uh, problem.

Um, the, um, We were inspired by the French, uh, French advisors at West Point, um, inspired, um, uh, somebody at West Point to write a military manual about the need for, uh, mechanized production of muskets.

And that became a joint research project between the Harpers Ferry Armory and the Springfield Armory in Springfield, Massachusetts to try to mechanize the production of muskets as much as possible so that the components could be uniformly reproduced, they could be truly interchangeable, and that you can achieve scalability.

And in the process of trial and error, which took took the course of about 100 years, there are lots of things that derived as a result of it.

One of them was the recognition that the tooling and machining of the tooling and the creating of the machines for the production of the components was a large upfront cost which required the government to actually invest ahead of time in the the tooling and the setup of the machinery for the production.

Which up until that point, that point hadn't been a way in which the government did contracting.

Uh, so, um, in the early days people didn't, they discounted that.

They actually didn't think about it.

They said, oh, we'll just do it and you know, we'll pay you on, on delivery.

Well, um, so that was one of the things that changed.

Um, it's not going to change the contracting requirements, uh, but, you know, what, what you have is the possibility of creating new machines with software.

And you know, this became very clear from the time that we had the PC revolution and computers became more accessible at a low cost.

Everybody's writing their own software.

You have a limitless possibility of creating a new software machine.

Um, what AI does is allow you to apply that same flexibility to, um, mechanical production, uh, because now you have, um, AI enabled perception.

AI enabled planning and AI-enabled control that that allows for the complexity and variation of creating real mechanical artifacts.

So, um, abstractly, you're just, you know, saying, well, we're, what we're doing is we're putting knowledge for how humans do things manually in this in the production and using our machines and tools, and we're transforming that into software and digital forms and we're creating limitless number of production machines that we can configure very quickly just with, you know, just as long as we can hook up the connectors and get the data flowing.

And then have it, um, you know, attached to the manufacturing machines that can be reconfigured based on those parameters.

Now, you know, I understand that I'm oversimplifying, but the vision is there and you see this with CNC machines and that that have automatic tool changers, those are very flexible.

They do a bit of adaptable fixturing.

Uh, even with the additive manufacturing, it's basically a robot arm within within an enclosure.

So we're seeing that concept appear in types of islands.

So you know, now that you have these digital islands, think about how you can reconnect them to other components and other steps in your manufacturing process and the value that your company is creating.

So you know, number one value proposition is the mechanization of your mechanical production processes.

Next slide please.

A right size production and you know, high mix low volume, we want to be able to go from high mix low volume to low mix high volume.

Now, so we're already oriented for low mix high volume, and the reason for that is the upfront overhead cost of tooling.

Um, Now understanding that you have that, the question is, uh, can that be lowered anymore?

Can you, can you repurpose it for creating a new variant of your product that addresses a different market sector that you're not currently addressing?

Um, our counterparts in Asia are investing in that significantly.

One of the things that Americans complain about when doing business and contracting with the government or even defense is they'll get an order for something in a very small bot that's experimental, and then over the course of a couple of years they'll get an order for hundreds of those or something like that.

So for a very rapid rescaling of the production, so.

You know, the value proposition is, if you think about an AI control of your mechanical production process, that should enable you to more effectively respond at those types of situations.

Um, and it should also allow you to respond to Um, uh, prior production that perhaps you produce a large, uh, quantity of items and you need to rapidly switch, uh, between that and multiple, um, product lines.

So, um, next, next slide please.

So, uh, again, higher precision production.

So in the introduction of mechanical means of producing goods.

Uh, increase the, um, the requirements for metrology, reliable mechanical metrology.

Um, if you begin to manufacture things through automated means, um, you even have, in some cases you have even more requirements for precision above and beyond what you're currently used to dealing with.

Um, some of the cases could be, well, you know, if I, if I need to, uh, program a robot to have a behavior of removing so much welded material.

Uh, perhaps the issue is not so much the weld material as it is the fixturing used for creating the weld in the first place, because if the fixturing or if the production of the pieces was within tighter tolerances, there would be less, less of a gap to fill with weld material and so there would be less need for grinding and removing the excess weld material.

So that's, that's one example.

Um, the digitization basically gives you a review.

It gives you an opportunity to review your production processes and make improvements and tighten to tolerances and also to parameterize your process and discover that you can do things a little bit differently or with more variety and possibly offer that as as a product for your customers.

Uh, next slide, please.

Um, AI adds value to your workforce.

Uh, so, yeah, robotics, um, Robotics is good.

It addresses the 3Ds, dirty, dull, and dangerous.

Uh, it also replaces unhealthy, highly repetitive tasks.

Um, um.

My partner and I were at a conference a couple of weeks ago in which food production, they have workers holding boxes, putting boxes on a conveyor belt as machines are automatically filling the boxes with food.

After they place the box on the conveyor belt, they have to go take a box that has already been filled, close it, tape it, and put it on a palletizer.

And they have to do that at a rate of speed that doesn't give them time to scratch their nose or change a roll of tape.

It is incredible, and they have turnover and burnout.

Um, workers don't stay in that position for more than 10 days.

Uh, so, um, you know, that definitely can be automated through, uh, through robotics, um, and, um, you know, People are happy and my father, for example, who has worked in as an inspector, he was happy when I told him that his job was replaced by a robot.

You know, it's not that he wouldn't be an inspector anymore, but he changed to a more higher level and fulfilling job.

So workers acquire market relevant skills.

They have less motivation to job hop, and the skilled workers, the people with the know-how and the experience, can be more appropriately tasked to problem solving, which is what humans are really great at, and, you know, thinking about the best way to solve solve new problems for your company.

You don't want to have them bur burdened down into something that could be replaced by automation.

Um, and then from the perspective of your labor, similar to what I explained in Italy, um, automation within the workforce allows the company to manage the cost of labor for the company.

They don't solve their problems through surge hiring.

They don't lay off, which also makes for stronger loyalty and permanence of the employees toward the company.

Uh, next slide, please.

OK, so I'll pause there if anybody has any questions or comments.

I'd only just I don't know how much more you have, but we're already 3/4 of the way through the time slot longer, but I don't know when you want to really have a discussion.

OK, I think I have about 4 more slides, so we're close to the end.

I have a question though.

Oh, sure.

Yeah, this is Joe Korff.

Hey, have you been in a steel foundry and and actually walked through the processes of a typical jobbing foundry to, to consider what applications you may see, uh, may be the quickest and best to incorporate?

I have been through a couple, yes.

And which processes in the jobbing foundry would you say have the most fruit to bear?

Um, well, yeah, first off, the first one that I saw was inspection, uh, inspection of steal castings, and there's one that David and I discussed, which was spraying of moldings for either for coatings or for quenching.

OK, thank you.

Um, OK, so why both AI and robotics?

So you know, we're used to, you can think about a robot just as a mechatronic device without any AI.

Um, if you program it by a, a teach pendant, uh, that's, that's the way in which you're using it.

Uh, you're not really using it, it's not AI enabled.

Um, and when I was speaking with Yawa.

They were talking about the latest brand of robot that's going to be AI enabled.

I asked him, Well, what does it mean to be AI enabled?

He says, Well, we're attaching a computer to the controller so that you can program it.

Uh, so that's, you know, basically they're talking about software enabled robots in which you can introduce more elaborate and robust reasoning enabled by AI.

And the whole point is you want to be able to program behavioral skills for the robot that are robust to variations in the environment, the workpiece, the tools, and where there's feedback and, um, uh, you know, um, any, any sort of variation that you can't necessarily control by giving it, um, mechanical instructions through through a teach pendant.

And once learned, the skills can be copied to multiple instances of the robots, so you have a scalability that is really enormous.

Next slide, please.

So, um, you know, if you do not think of integrating your robot in a digital thread, you're basically creating a monument.

Uh, so, um, you, you want to avoid that, and the reason is because knowledge capture the first time is expensive.

If you're programmed by teach pendant, that's what you're doing.

All of the time you're waiting is for the programmer to capture the knowledge for doing the things you want to do, and um, you know, you, you're, once you have that encoded in that in the, in the code that's flashed into the memory.

Uh, it gets very difficult to be able to use that, uh, and reuse it and combine it in other types of programs.

Um, so put it in software and have software control your robots.

A knowledge maintenance, that's another costly aspect of AI.

It's not just a matter of encoding knowledge the first time.

It's also maintaining it because the world changes.

The world changes because your end factor changes.

You get a new application.

The environment changes.

There are all these things that have an impact on the behavior of the robot, and you have to adapt to that.

Uh, it gets very difficult if you do not already have, um, an AI enabled process by which you can maintain, uh, maintain the adaptability.

Um, so, you know, the whole goal is facilitate a cost-effective capture and maintenance.

Um, next slide, please.

So, uh, yeah, this is, this is concluding, uh, the presentation.

So there's a lot more that can be covered, such as, you know, if we can talk about robots specifically, uh, how to select a robot, uh, how to create a cell types and safe of safety and their considerations, tooling, fixturing, um, we can discuss them now, um, next slide, uh, David, I don't know if there's anything else.

So, right, just a summary and key takeaways.

So, um, I gave you 4 compelling business reasons and I hope they were convincing.

Uh, to introduce AI and robotics into your manufacturing.

Um, without AI manufacturing robot, risk becoming a manufacturing monument, and you want to break that mindset.

You want to, you want to think of digital threads and how rapidly you can reconfigure.

Um, aim to, and you know, you want to aim to create an enterprise manufacturing digital thread for the capture and maintenance of your knowledge.

I'm Brian Reed.

I have been on a really kind of interesting cybersecurity journey for the last 20 years.

I've been in mobility, IoT cyber, now doing some interesting things around physical AI, and I'm going to talk about what that is today.

So I work with companies who are manufacturers or in the manufacturing supply chain.

Helping them figure out how to build and run cybersecurity programs, what technology to bring in, what skills, what projects should you be considering, how to afford getting invested in that, and I've been doing that for a long time and many, many years ago some of you may have used a BlackBerry and so my, my mobile cyber adventures began with BlackBerry and I've worked with all kinds of technology ever since, so.

Going to share some best practices today kind of in two parts.

So the first half is going to be some practical introduction to OT security today.

You know, what are some basics that you should have in your organization?

How do you go about thinking about maturing a program?

What are some investments in people and technology you might want to make over time?

And then I'm going to give you a blast to the future.

There's some really interesting things going on with AI and robotics in this category called physical AI, and that's where AI is running physical machines, and they may show up in your foundries in 5 or 10 years.

So we want to talk a little bit about what's coming there and what happens in a cyber program when you're in the world.

And so I would encourage you to think about, you know, this very challenging question for anyone in the manufacturing space.

Which is, you know, what, what are you more worried about the risk of cyber causing downtime or the risk of a human causing downtime?

The reality is that most cyber downtime is also caused by a human.

Inadvertently or intentionally, but you know, we want to think about, for many of us we understand cost of productivity, we understand, you know, you know, per hour per day, how much revenue or product are we generating and so on and so forth, and we think about things about downtime like what happens in a power outage, what happens with supply chain disruption, etc.

but not everybody thinks about what happens with a sort of cyber disruption that is very much happening now.

I'm show you some stats that are sort of scary.

Um, so as manufacturing adds IT technology, right, the propensity for a bad thing to happen with IT and OT technology blended together grows.

In many organizations for years, they basically had an air gap model where a plant or a piece of infrastructure was never connected to the internet.

And now that we're bringing in OT sensors, now we might be bringing in like computerized CNC machines or 3D printing machines or what have you, that sort of OTIT technology that we need that's really cool and modern, we wind up having to connect to the company network or the internet, and that's where you create new risks, right?

And the attackers are actually targeting these intentionally.

I'm going to show you a little bit of that data, not to scare you but to socialize you to recognize the attacks are out there and the surveillance is occurring, and we need to be ready for it, right, whether it's downtime, safety events that get caused, lost production runs, you know, whatever those things are, they clearly are business impact.

Some of my slides are kind of dense in content, and that's really so you can read it later.

Um, so I'm giving you all the full slide deck that way you can click on the links, use the resources.

There are a number of slides with lots of links in them for future learning.

And if you come from the IT side, right, it's always been about protecting the data, right?

And you might know the CIA triad and you, you've got IT on your network and you've got end point and you've got firewalls and you've got maybe multi-factor authentication and identity tools and so on and so forth.

And a lot of IT is built for security or has security built into it.

If you're in IT and you're new to OT, right, so OT is about safety and up time.

It's about basically protecting production, not protecting data, and the OT world has been largely insecure.

Most of the common protocols used by OT technology to talk to each other don't even have the notion of security built into them.

They don't have encryption.

They don't have access control.

They don't have anything.

A lot of OT systems are really old like the Windows 98 machine.

And how can I keep using a Windows 98 machine but plug it into some other piece of modern technology or some database system if that thing is known vulnerable and could easily be hacked, right?

Um, and so all these moving parts in OT, if you're new, if you're in IT and new to OT, takes some time to learn about what really is different.

There's a fair number of resources, including some I'm going to give you that will help you kind of think more about that OT side.

Right?

So if we, if we think about sort of, uh, I use the word modern steel plant attack surface, I tried to customize this a little bit and excuse me if I get it wrong, right?

But um If you have IT oriented technology or IT oriented technology where vendors have to remotely log in or come in and do work on site, every time they access it, they could be exposing that to other attackers gaining information about that or even stealing their credentials to log in.

In many instances you've got the aging technology, you've got unmonitored access going on.

There's no centralized tracking of what is all of the technology that's talking on these different OT protocols to each other.

Um, for a lot of organizations where there is digital assets, there's no backup or configuration storage, because one of the things to think about is, you know, you may have redundancy when it comes to your physical equipment, but what happens when the data or a cyberattack, you know, blocks a piece of equipment from operating or ransomware comes in.

If you don't have backups and all the configuration data stored, you can't restore it very quickly, right?

Um, and again, part of the rise right now of, of the risk is around plugging in IT infrastructure into the OT world, plugging in business applications like, you know, SAP manufacturing and various historian tools to track all the data, all those things basically give you the chance to have a ransomware hit, to have a plan outage, to have a human accidentally issue commands.

That could stop or damage something or intentionally issue commands.

Right, and there's this thing called lateral movement, and if you're not from IT, this might be a new phrase for you.

Lateral movement is what happens when a bad guy gets in at one weak spot and then navigates their way around your network and finds their way laterally from, say, a PC, you know, in an office all the way through the network and jumps over into your plant or your lab and is now actually able to touch equipment in the lab.

That's kind of lateral movement.

And there are ways to block that, very simple ways to block that, but not everybody has that turned on, which makes it really easy for the bad guys to do their bad things.

So, um, not to freak you out, but this did freak me out.

Um, I, whoa, sorry, hit a button.

I, um.

I've only been in OT for a little bit over a year, and coming from mobile, I used to be able to talk about mobile and IoT tax, and ransomware is grown dramatically in manufacturing in the United States, criminal gangs and otherwise.

In the average quarter in 2024, there were about 293 ransomware attacks in the manufacturing sector.

In Q2 of 2025, that number has almost doubled.

And so the frequency and volume of these different types of attacks is going up and largely if any of your equipment is on the internet, likely, and if you're bigger than like 5 people and you generate more than like a million dollars, it is highly likely these criminal gangs have already tried to figure out how to scan your network and see if there's something interesting that they might want to attack.

So while in that same period of time there are only say 63 equipment attacks or 20 chemical plants attacks, 428.

manufacturing ransomware attacks in Q2 of this year is kind of scary, so the trend curve is not very good.

Now the good news is if you're small, you're probably less likely to be attacked unless they think they can get a lot of money out of you.

So the attack patterns aren't how big or how small are you.

The attack patterns are based on how much do they think they can extract from you from ransomware.

And if you need an example of something bad, I encourage you to Google on the ransomware outage at Jaguar and Land Rover, and I'm not going to go through the whole story, but effectively they were taken down for 5 weeks.

Can you imagine being an automotive manufacturer that doesn't produce products for 5 weeks?

They lost all their data.

Um, they paid off the ransomware and still had to rebuild everything again.

It damaged their supply chain, billions of dollars in financial loss.

Now obviously bad guys will go after where the money is, meaning they go after the bigger companies, but there is clear malfeasance here where there was almost no security controls at all in Jaguar Land Rover that made it very easy for bad guys to sit and lurk and eventually the criminal gangs extract.

Now the other reason ransomware is so rampant right now besides the insecurities we find in manufacturing is they're using Bitcoin for payoffs, and when you use Bitcoin, you can't track who the other party is.

So it's much harder to catch and find these ransomware gangs when they're using Bitcoin for the payoffs.

We'll talk a little bit about that here.

So as we think about, you know, we want, we want to run our foundry business.

We want to grow our foundry business, right, at whatever size we are, right, what are some misconceptions that whether I'm a new OT security professional or a new IT to OT security professional, some of these myths.

So the first myth is our network is isolated.

You'll be shocked how many companies we go into and they'll tell us they're air gapped or isolated, and we find a bunch of different things talking to the internet.

Maybe one of your service providers has connected something in.

Maybe you have cameras or sensors that are IoT or IAOT that are plugged into the internet.

Whatever that is, it's highly unlikely you really are isolated.

Second myth is segmentation.

So when you, when you move on a network, there's this thing called lateral movement that I talked about a little bit, and while VLANs can block activity in the IT world, VLANs can't block that activity in the OT world because they target different protocols.

So there's a different kind of firewalling that you need to do in the OT world that doesn't work the same in the IT world.

Um, patching is everything, right?

And, and there's this goal, for example, in IT security that you want to at least have patch Tuesday or you want to patch every 30 days or what have you.

There's a whole lot of legacy technology um or proprietary technology used in OT that can't be patched.

They have non vulnerabilities, they are known insecure, they don't have passwords, and there's nothing you can do to patch them.

So you have to figure out how to deal with those old Windows 98 unpatchables or what have you in your environment, or you have to replace the equipment.

Um, the other thing that's very interesting is that most OT attackers, they use 99% the same tools to attack OT that they do to attack IT, and so a lot of it is just common remote network access type scenarios, navigating and figuring out the processes, figuring out the data flows, and then finding their way in.

So don't think just because it's OT and specialized technology that they can't get there.

So, um, there are some simple gaps we can identify.

There's basic understanding of the realities of OT that we can bring to the fore, and then we can focus on some straightforward best practices to make it work and I, I, I use this little, you know, ball here of you don't have to read a crystal ball to figure out how to do this.

There are documented ways to get there.

You just have to determine where you want to start and what things you might want to focus on.

So as a learning vehicle I have sort of 8 steps of what good security looks like and then a path to using them.

You don't have to do them all.

You don't necessarily have to do them in the order that they're in, but these are the things that would go on a checklist that says, if, if I want to plan to build out a good OT security program over the next 12 months, what things should I put on my checklist of things that I would want to do?

So the first thing is know what you've got, right?

So what, what is, what are all of the OT and IT things in your foundry that are talking to each other, possibly talking to PCs on the network, um, and what are all of those things, right, and look at, you know, the HMIs, the PLCs, networking gear, whatever that is, um, make sure you understand what can talk to what.

Right, and there is software you can use that will discover this like Porsche and others, but one way or the other you really ought to have an inventory and as new things come in, make sure you add the new things as all things roll off, make sure you take them off the list, right?

You know, if you think about it as from a disaster recovery perspective or a business continuity perspective, you may already have a decent inventory of the heavy duty industrial equipment that's that's in your, your particular facility.

Um, you may have some redundancy in that as well, right?

We take the time to think about the ITOT technology side and make sure you capture that information as well.

Um, the biggest thing you can do to prevent bad guys who typically use this lateral movement is to physically segment the network of any kind of technology that's talking on the OT side to stay on the OT side.

So you can, for example, have a process cell that might be a line, you can have an entire rolling mill, what have you.

There is a firewall segmentation that you can use to make sure that nothing from IT can get to OT and nothing from OT can get to IT except for the things that you want to permit to go across those zones.

What that means is that um I was on a data briefing on Tuesday this week and one of the organizations that tracks this stuff said that last year 99% of all um Ransomware and OT security attacks that they were brought in to research and resolve started on the IT side.

Meaning they came in, you know, spear fished some white collar employee found their way into a PC, and then they navigated around into the physical plant setting.

And so block that lateral movement by putting in a firewall effectively to segment your networks between IT and OT, and that can immediately have an improvement in your security posture.

Now, when you, when you think about some of these systems now running, right, you should probably have some access control that restricts whether people can access them.

And there's different layers to that to think about, right?

So you have plant staff, you want to make sure your staff in the plant, the right people can access the right machines at the right time and the wrong people can access the machines, and you may have some restrictions on that already.

Um, if possible, there ought to be a passcode or a password, but there may not be.

Um, we do see password sharing happening where you might say, OK, every piece of equipment is going to have the passcode or password 1234.

That's not a great idea, but at least you have a little bit of something.

Um, where the second most prominent sort of attack vector into OT is actually remote access.

So if you give your vendors and suppliers the ability to remotely access some piece of equipment using the internet in their remote laptop, well, that means that that piece of equipment is exposed to the internet.

And so when those people come in, they may not be coming in securely, so they may actually cause a problem inadvertently or unintentionally, but the bad guys could be monitoring and see that a remote service provider is coming in and observe how they come in and then clone the path they came in and now the bad guys can ride in on the same path uh that your, your vendor did.

So some things to think about there is you ought to have a machine identity and access management, so you may have MFA for humans.

You want to have MFA for machines, whether you're using an Octa or something like that on the business side, there's capabilities on the machine side, and then you want to make sure you're really careful about that remote vendor access.

A lot of vendors just open that port.

They have insecure mechanisms for using it.

Bad guys surveil it, they find it, they jump on board, and now they're on your network.

Um, V management is often as you mature your program, that's really getting into not only are you patching, but what are you doing to deal with compensating controls for things you can't patch like that old Windows 98 system.

So there's there's firewalls, there are segment.

and other technologies you can use to kind of isolate those legacy systems and keep the bad guys out.

If you're doing the segmentation we talked about in #2, then this is called microsegmentation where you can take individual pieces of equipment and very much construct or restrict what can talk to what.

Again, you don't have to do all of these, but these are all the things that are on the what good looks like, and I'm going to give you kind of a checklist of where to start and kind of how to grow here as I get to the end.

So monitoring, now you're maturing your program, now you actually want to monitor behavior on your network.

You want to monitor who's coming, you want to monitor your unusual traffic, um, the Jaguar guys, they had 0 backups.

They also had zero active monitoring, so they had no idea somebody was on their network.

Um, and then there is threat detection platforms that you can use that can help you in that space.

Backup and recovery is another one that a lot of people don't think about, right?

So, um, you may or may not have role played, you know, what happens if you have a power outage, right?

How do you restart your plant?

What happens when you have supply chain outage?

What happens if you have a major equipment outage?

Maybe you have some redundancy for that or not.

Well, backup and recovery is really important for these OT systems, right?

And it's not like backing up a PC sometimes.

But you want to make sure you back up all your luggage, logic, your images, your configs, and everything else because sometimes what happens in a cyber or ransomware attack is the equipment the equipment is damaged or you can't regain control of it.

And if you think about startup time, how long will it take to reinstall a new piece of equipment is one thing.

How long will it take to reconfigure a piece of equipment is another thing.

So if you even back up once a year, ideally once a quarter, or anytime you make an update and have a program for that, it sounds time consuming.

It will be the first time if you don't have the program, but after that you're just backing up any changes over time and a lot of these systems don't change very much over time.

Then it improves your ability to be able to restart if you need to in one way or the other.

If you're more mature in advance, store them offline.

If you're more mature in advanced, try to test the restoring, um, but you know either way, make sure you have some backups of this much in the same way you're backing up other parts of your business.

Um, Think about incident response.

You know, some of us on the IT security side do run incident response programs.

You may already have them there.

Um, if you have an existing IT security incident response program, you want to take that and think about what does that mean for the OT side.

So take everything in your IT incident response list and say, OK, what's the OT equivalent?

You'll discover some are the same, you'll discover some are different, right?

Um, some of the more interesting things I've witnessed are the first tabletop exercise when IT and OT get together and try to run one of these.

There's, there's resources you can use online to help you with them, but you know, if the PLC is compromised during a melt cycle, now what happens, right?

Bad guy gets in, freezes it, freezes it open, freezes it closed, you know what's going to happen there and do you have an ability to Respond quickly when it happens.

I think that early on we were seeing more and more of the remote attacks were around IP theft or around just simple probing or you know finding and stealing people's credentials.

With the rise of things like ransomware now, right, the notion that they're just going to try to shut your business down for a period of time until you pay them off, that's a primary motivating vehicle for some of these guys to try to go do this, so.

Um, whereas in the past you may not have had any incidents.

You've never had an incident response plan.

I think if you, if you look at those statistics of the 500-ish manufacturing ransomware attacks last quarter in Q2, it says that the likelihood of getting hit is much higher now, maybe 10 times higher even than last year.

And so you really do need to think your way around what happens if we get hit with ransomware and we're down for some number of days.

Can we recover ourselves?

Do we have to pay them off, you know, etc.

and related to ransomware, just, just more recently I'm seeing this trend around using OT security to save on insurance.

So any business folks that might be on this call, you will be familiar with, you probably have some cyber insurance, you have industrial insurance.

You know, beyond the, the things that maybe as employees we know from the HR type of insurance.

And what we're actually seeing is the insurance providers are recognizing the spike in ransomware.

And so they're now going and making business manufacturers prove That they have good ITOT security programs and if they do, the insurance premiums are low or go down and if they don't, the insurance premiums go up.

Um, I was talking to someone on Tuesday this week who said that they, they are a very large organization, large, large organization, revenue is um Oh, I don't know, maybe a billion, $800,000 800 million dollars to a billion, and their cyber insurance quote just went up by over $10 million.

That's not a small number even for a billion dollar company, right?

Um, and that's because of the rise of ransomware.

So if you're in your head thinking, wow, this is a lot to do, I'm going to show you don't have to do it all at once in a minute, and then you're also thinking, wait a minute, how am I going to pay for it?

Well, actually there may be a way to lower your insurance costs or prevent insurance rate increases by making some small investments in this.

So we'll show you a little bit of that here.

So, um When when I'm in a room, I'll say show of hands, what concerns you more the time to tackle this or the cost to tackle this.

I know time is money, and we're all very busy people.

Um, you might be an IT security person, you might be IT security, you might be a business leader, a technical leader.

I want to make this practical of now that I've given you sort of 8 things to do, or I think it's 8 times 3 is 24 things to do with 3 to 4 in each category.

What's the reality of doing any of this?

So there's a couple of things I'm going to give you to think about, right?

So, um.

Anyone who's been hit with ransomware or anyone who's had a cyber event that caused downtime has recognized that the cost of the downtime, the lost productivity, the lost manufacturing production time, the lost revenue that comes from that always costs more than whatever their OT security investment was.

So thinking about what are some basic things that we can do with the people we have and the infrastructure we have is a good place to start, and then from that working on how do we build out the rest of a formal program and how can we do this and kind of offsets or offset our insurance costs, for example, or our liability costs while we go down the path of doing it.

So I'm gonna give you a little cookbook that's sort of a good better best kind of model here and we'll look at resources from staff perspective and we'll look at some resources from a cost perspective, right?

So, um, if you're like some companies I talked to, right, basically some IT person, IT security person maybe was given the, the secondary title of OK, you're ROT security lead.

So let's get that person involved, um, they're going to help determine what the access control is going to be.

Um, they want to work with the maintenance and equipment teams on changes, upgrades, and installs, and they can help with managing like firewalls and access across that boundary to kind of segment the networks apart.

And if you're an existing IT person, depending on how big your infrastructure is, it's not a lot of time to create your policies and then do the active work around change management, firewalls, etc.

Um, now, as if you're on the OT side or if you are in the engineering and maintenance side, right, there's a little bit of work that you can help, right?

You know, partner with your ITOT security people and explain how the plant actually works.

Remember, IT and IT security people know how a network works in a business, but they don't necessarily know, um, and you know the power of walking the plant, the power of showing diagrams of the plant.

Uh, those sorts of things can very much help bring perspective to your IT OT security pier and help them understand.

Right.

Now, if you're in the engineering maintenance side also, you can help with the inventory of what's all this other non-IT stuff that the IT cyber guy is not used to.

Um, and help them understand who your other vendors are, right?

So which are vendors that should have remote access capabilities, or should they only be restricted to on-site?

What kind of resources should be allowed to plug into our equipment or how do we do maintenance on equipment?

Um, and then bring in a consultant, right?

So there are a variety of different consulting groups on the on the cyber side or the automation side that can help with things like segmenting your network, uh, mapping the topology in a more complex environment.

Um, they can run the tabletop exercises and help you form an incident response plan, things like that, right?

So you could You can do a spike of work, bring somebody in for a week to get you started and bring it back periodically during the year.

Um, it's not a huge amount of money.

You're not hiring a new person.

And so when you take all of this together, maybe 25% to 50% of an FTE equivalent in current humans and some consulting dollars could kind of get you off the ground with your starter plan.

Right, so that's kind of a staffing.

Obviously if you're bigger and more complex networks as you mature the organization, you want to have OT security dedicated people, but that tends to be tied, you know, to how big and complex your environment is, but also how risky your environment is, how likely is it for you to have downtime or an attack.

on the side, right, and then based on that risk is how you choose to invest on it.

So some tech low cost stuff.

I'm not going to go through all of this.

There's a lot here, but kind of a tier one model.

There's some cheapy things you can do using what you've already got and some free tools.

You can move into modest spend, so tooling anywhere from 10 to 20K up to maybe 75K.

That's where you're you're, you know, installing a true industrial firewall.

You're bringing in identity controls and things like that, and then kind of a full OT security stack might be 100 to 400k depending on the kinds of equipment you bring in, how much instant response capabilities, how much automated patch management, vulnerability detection, all those kinds of things, right?

And so you don't have to jump to tier three again we talked about people maybe.

quarter to 4/10 of a human here we're talking about, you know, 5 to maybe 100k to get going in your first year if you don't have much, and then you can increase incrementally if your business is generating a couple million dollars and it's all dependent on on reliable uptime in a production environment that's more and more digitally connected, you know, on a couple of million dollars, maybe it is worth $50 to $1000 to go invest people in time and some technology in this.

And again, this fact that I've mentioned before, this has been really interesting in the last couple of months.

This rise of cyber insurance costs or funding by not paying cyber insurance increases is an interesting thing going on and some of the industrial.

Companies are recognizing this as well, right?

So when a ransomware attack hits, what are downstream impacts that might also there might also be clauses in your industrial insurance that can either drive up your rates or not be covered.

So anyway, enough of the insurance thing.

So what could you do Monday if you haven't really started, right?

So sort of zero cost, get started Monday looks like I forgot a word.

You know, consolidate all your vendor documents and data and access paths, um, start to restrict vendor remote access and only allow it via MFA, create an OTIT management meeting every month, build an inventory, start a backup programs, lock the cabinets, make sure there's passwords are multi-factor off on engineering laptops and PCs, try not to.

You shared passwords and default accounts.

Bad guys figure that stuff out quickly and find their way in.

All this stuff here is just a little time and labor cost.

You don't have to do a massive amount of work, and this is kind of get you off the ground and really thinking and learning about the space.

Now obviously as you mature, you might want to learn more.

I can't stress enough, Mike Holcomb, if you're new to OT security and you want to learn your way through, Mike Holcomb is a rock star, he's got a newsletter.

He's got a ton of free training on his YouTube.

He loves to connect with people on LinkedIn and answer questions, and I have done a lot of work with Mike.

I've seen a lot of clients to work with him.

He's not a consultant to bring in.

He's a teacher of what to do.

OK.

There's other consulting firms that you could hire to come in.

There are some industry standards around manufacturing 62443, as you get bigger and bigger and mature, you might want to look at that.

There's also something called the SAS 5 ICS controls.

Regulated industries have to use those or most likely using those.

We encourage you to have a look there if you if you're on the more mature side as well.

So, um, I hope you found our journey through OT security helpful.

Again, I realize we have people on a wide variety of levels in the spectrum.

My goal is to kind of give you kind of an overview of what could be and wherever you are, you can do nothing, you can do something, you can do a lot.

This isn't a, oh my goodness, stop everything, drop everything, go spend a million dollars on cyber, you know, that's not practical reality for most organizations.

This is more like if you haven't started the journey for OT security and you've got any kind of industrial equipment that is likely to be connected to the internet or connected to your corporate network, you have to do stuff now, right?

The reality is that if you are a valuable target.

The bad guys might hit you, but there's also the potential that some human does something accidentally, right?

And that could cause downtime as well.

So, um, I'm going to shift gears a little bit.

I am also happy to talk to anyone offline.

We'll take some Q&A at the end.

I want to take you on a journey of some really cool new innovative things we're doing, um, and you know, uh.

Ah, David and I met actually at the Arm Institute event in Pittsburgh a while back and I was just starting to do talks on this stuff around physical AI.

Um, and so I'm going to jump over this, but when you get the deck, you'll have links to it because the videos don't always play right.

Um, this is a factory in China that produces a car every 72 minutes and it is 90% robotic AI driven.

There are very few humans in the factory.

They have created a video of how they build the cars and all the machines and robotics that are used in an automated fashion of how they build the cars.

And when I'm doing a big stage presentation or an on-site training, we watch this and then we watch it again and talk about what are they doing here?

What are they doing here and how do they figure out how to do this and so on and so forth.

It really is quite amazing.

And so um if we think about, I'm gonna just take you on a small human journey, um, AI is interesting, right?

AI is like this brain in the cloud, right?

And we have brains in our head.

And if we think about human evolution, right, you know, from the ape to the tools to today walking upright, we invented tools along the way.

We invented language and communication along the way, and we live in a very sophisticated kind of world these days because of this human evolution.

And we can parallelize this with like computer and AI evolution.

There's a method to my madness here.

Now, in the physical world, part of what enables humans to interact with the physical world is the idea we can see and hear and touch and taste and smell, right?

The senses we all know about the senses.

And we can argue whether there's 56 or 7 senses, but I'll go with the 5 most common ones we learn as kids, right?

So, um, so while we got all these really cool AI in the cloud things and like Chachi BT and everything else, if we wanted to enable AI to operate in the physical world, they would probably need to be able to do some of these senses, right?

So that's an interesting evolution as we start thinking about this thing called physical AI.

I'm going to define physical AI in a minute, but I want to show you an example of evolution in an industrial setting.

So early on we have power tools.

You got a guy here with a compressor and a power wrench, and he's installing tires, you know, they kind of have these mega tool things.

So now I'm in a car, a motor factory, they got this piece of assistive equipment that screws all the bolts in at once, right?

And then we moved in and that mega tool and the power tool used by human.

then we moved in like robotics in a factory setting, and those robotics may or may not use AI.

They might just use some automation, right?

And we use them basically because they weld the same way every time or they stamp the metal the same way every time.

We use it for consistency and reliability of production and there may be a speed or a throughput effect, right?

Well, now we've got these really cool AI things happening in manufacturing like AI inspect.

So here's an example of an inspection tunnel where a car comes off the production line and instead of 5 humans scurrying around it and disassembling it, they drive the car through it and the optics of the equipment looking at the car as they drive the car through it and some sensor testing that they do allows AI to analyze the car and decide whether there's anything defective that it can detect or not.

They plug a bus.

They plug a piece of bus computer equipment into it, detect the electronics.

They roll it.

It looks underneath.

It looks at the wheels, it looks everything around it, right?

So there's really interesting things now where we can automate some fairly complex tasks using AI, but that AI interacts with the physical world.

So there's this cool thing going on in the world that we saw a lot of at the armed conference around physical AI, and that's basically artificial intelligence that controls machines in the real world.

Now, I'm not aware of any physical AI going on in a foundry sense yet, but it may be coming your direction, right?

So you can think about robots on the circuit line, you can think about autonomous vehicles.

So Scanner has an entire dig site, um, in Europe, where most of the equipment is drones and robotics, which is really kind of cool.

Um, so that's actually a drone tractor dumpster thing.

Um, drones are being used a lot in farming now, um, and, and in various other kinds of industrial settings for a whole variety of reasons, right?

So, So this is where AI isn't just making decisions, it's moving things, right?

It's not just analyzing data, it's moving things in the field.

And so there's some interesting things about this, right?

So if you think about like what what's really cool of some of the examples I gave you, you know, what's what's interesting to you is that farming robots that boost food production or surgical robots that can extend human life, right?

So robotics, AI, physical AI kind of, kind of are all converging here and sometimes AI is doing a lot and sometimes AI is doing a little.

And so I thought I would talk a little bit about it and what a world of what it can do and what security might mean might mean to you.

So there's some great things when you look at how AI in a consistent repetitive way can help make sure that things are done the right way all the time, right?

AI can find a person lost in the woods by analyzing optics.

AI can help detect defects on a production line that a human can't see.

All kinds of interesting new capabilities that improve innovation, improve life saving, you know, what have you.

But AI has some pretty scary things that can do wrong.

Um, you know, is it possible that through AI's motion it could damage property or a human?

Could that then lead to disruptions?

What happens if a bad guy gets into it?

There's just a story, I think overnight about the Chinese hacking an AI and doing some malicious stuff with it.

So there are, there are these interesting things where we work hard to do safety training for humans.

To make sure they don't do dumb things that lead to like damaging their body or damaging equipment.

Well, now if we think about bringing in AI and physical AI like a robot that uses AI or welding equipment that uses AI, how do we make sure they don't harm people in property?

What training do they need?

What physical restrictions do they need, and how are they going to interact with people if they need to interact with people?

And for me, like as a mental model, you know, having done All kinds of mobile security access control security, IoT security.

Now when you've got this big 10 ton robot doing something or a 50 ton vehicle, what does all that mean?

So as we, as we think about the brain now, the brain that we all may know if you're using chat GBT or not using chat GBT, a lot of the the AI brain is these cloud-based large language models that learn in the cloud, right?

Well, what we're doing with physical AI now is we're taking a slice of that and putting it on a piece of equipment.

We're putting it on a computer in a plant.

Right, so instead of these big general brains, now we have these smaller, smarter brains that are really designed specifically for for operating kind of at the edge in a plant in a facility or in an individual piece of equipment.

There's some good things to that, right?

And so when we think about securing in the old model, we're protecting data.

We talked about that earlier in the call and the new model, now we're basically controlling actions.

We're protecting that the right actions happen.

Making sure bad guys can't get in or even the eye itself can't do the wrong things, right?

This is kind of cool and kind of fun.

So I'm going to have AI powered robots who are allowing me to dynamically experiment with new products, OK, and they can talk to all kinds of heavy equipment or they are a piece of equipment.

And so now I need to think about when I think about what could go wrong in the plant instead of something slicing somebody's arm off or burning them, what happens when the AI's operating?

Could it break something, right?

Or what if it lies about what it sees like that optical sensor that's looking at the car?

What if it can't see or someone hacks it and doesn't tell it that the paint's damaged in every car, right?

So AI could lie or I could do the wrong thing.

So there's a group kind of working on a standard around this kind of stuff.

Many of these things are your classic security controls, access encryption, resilience, integrity, and failover, and all of these things need to be considered as these new systems get built and deployed.

Now the good news is you're not going to have to worry about making sure this is done correctly.

The manufacturer of the physical AI equipment like a robot is responsible for doing that.

You just need to make sure you ask them when you buy it, how they are handling security, what are they doing to protect the machine itself and then your humans and your other machines and equipment from damage when they've got a piece of AI powered physical technology in some way, shape, or form.

And one of the biggest things is what happens if something goes wrong, if the power is cut.

Um, it's, you know, something bumps into it, what have you, you know, how does it degrade gracefully to make sure it protects the physical world around it.

So interestingly enough, if you, if you just in your brain think about well what if physical AI was mostly like humanoid robots work with me, I'm going to go down a funny story, a little bit of a storyline.

So humans, we've already kind of solved the security access problem for humans using identity technology.

What if we had machine identity for robots in AI?

And so you may have your driver's license or your passport.

That's your identity like in life, maybe to get on an airplane.

You might have user ID and password to get on the company network to access access the network, log into your PC, access certain applications or what have you.

Maybe we should have that for these machines.

And so to take it back in history and to the IT security people you know who may be on the call, right, for years we used firewalls and network control, but eventually we didn't have enough there and we created human identity management, the octas and the pings of the world, you know, there were ways to have access control to make sure only the right people got to the right systems.

Well, there's new emerging just in the last two years machine identity technology that's actually designed for physical machines whether that machine is a piece of automation or one of those old Windows XP machines or a newfangled robot or AI.

There's actually identity access management for machines now that provides a lot of those controls.

And when we talked about the solving the security problem earlier and that technology stack that you can look at.

You can buy a 25K appliance you can plug into the plant that covers almost all of the security requirements you need in an industrial setting for segmentation, for identity access management, and all the rest and be off and running.

So there's economical ways you can buy a single appliance that brings machine identity management into your industrial setting.

So clearly there's a bigger versions, but Give me an idea of what one of these things work.

I didn't do an attack diagram in the OT section earlier because I knew I had one here.

So basically what happens, as I said earlier, is someone finds their way onto your network.

They might, you know, fish one of your employees, send them a bad link.

We know all the stories of how people get into IT.

If you don't have a segmented network, then the person laterally that guy criminal laterally moves across the network and finds their way to OT, and they're like, Oh, this is kind of cool.

And then they'll find like an insecure unpatchable device using sensor spoofing or whatever.

We've even see rogue firmware or downgraded firmware.

They'll use that to plant a beachhead and then they'll move further across and actually do a remote attack that could be damaged or ransomware shutdown scenarios.

Right, when you have machine identity management in place, what you actually do is basically drop a traffic cop into your physical infrastructure in a way that it manages all communications, all traffic, segments everything, verifies every connection all the time, and much like you've got human identity doing the work to protect your systems with the human side, now you get it for the physical machine side.

The machine could be a sensor, that machine could be a robot, that could be a piece of automated equipment.

Anything that talks in OT protocol can be protected with these individual machine identities, which for me is a really phenomenal kind of innovation in the world.

So my last talk was to a warehousing organization, so I didn't, I didn't convert this for the foundry today, but you know everyone can think about what a smart warehouse might look like, right?

And so you're using a lot of robotics to move, you know, packages around your warehouse and into your controller is exposed to the internet because a service provider came in and said, Oh, I want to have open remote access.

So they put it on the internet.

Bad guy comes in, hijacks the path, the same path that the service provider uses, moves around, now could grab control of a robot, shut down operation, damaged goods, you know where that's all going to go.

If you've got machine identity in place, then you're verifying the humans and the machines to make sure no malicious session could get started or move around the network.

And again, it's a pretty cheap and easy way to get started.

So we're coming up on time.

I have when I share the deck, it's going to have a bunch of really fun videos to watch, but I did want to show you one because it got me thinking about your world.

So I'm going to play it.

I don't think there's any sound on it, um, as I recall.

So I'll talk about it in the background, and this is called Spatial AI.

So what we're looking at here is this organization we've been working with takes manufacturing blueprints.

In this case it's an aircraft, a government aircraft, and the person is wearing a VR headset, OK?

And now they're looking at a piece of physical equipment and based on the CAD blueprints, the spatial AI is analyzing the actual physical piece of equipment.

And highlighting what matches the plans and where the edges are and what doesn't match the plans.

And so in a scenario here, what you're seeing is, is a person is now intentionally um damaging.

or improperly constructing the aircraft wing and now when they put the spatial AI on, look what you can see the red highlights show those objects or those places where it was improperly machined or um or something was improperly installed and added into the environment.

And so the whole world of spatial AI is super interesting.

And you know I would encourage you to maybe even consider that.

It's in its infancy now, but over time these guys are doing things like they can look at a piece of metal that's been machined to detect within like two microns whether it was properly machined.

When they're using it in like aircraft welding and other places like that, there's some really cool stuff.

The other thing that's in here you've got to watch.

You may have heard of dark factories in China where there's literally no humans.

I have a video of a real dark factory that really is a production high precision assembly line.

I realize that's not necessarily a foundry, but there's a there's a series of other presentations in here that are kind of fun.

So as you think about the future, there may be a time when equipment is going to come into your world that has physical AI capabilities where it's using artificial intelligence to make it run better.

The good news is the people that are building it are recognizing that there are security requirements that they need to meet in order to enable their physical machines to operate in the real world.

Most of them are doing the right thing.

My biggest thing for you, besides getting you excited or maybe concerned about the future, is to make sure when that starts coming your way.

You know, make sure that those vendors are doing the right thing for security, right?

Again, it's what you can, you can protect your humans with physical barriers, with training, uh, with, you know, things like that in your industrial setting.

When you get the physical AI, you want to make sure the AI itself is constrained in a way that won't hurt you or any of your people.

And so with that, just a quick, I didn't want to do a commercial course as a machine identity provider for the OT world and for physical AI so we can help you with easy to use technology to help you solve some of these problems if you want, um, but you know, let's, let's work at this in the world and um you know our job as security leaders to make sure this stuff is all safe and effective and um.

We wish you luck in your journey going forward.

All of these robots, all of this equipment needs to be secure.

There's a ton of learning resources if you want to go down the what's going on with the Army Institute and a bunch of other technology resources if you want to get really serious about OT and industrial control security, and I'm not going to bore you to death with those.

Again, I'm Brian Reed.

I'd love to connect with you on LinkedIn, love to provide advice offline.