What every SAM should know about cybersecurity: An interview with International Society of Automation’s Steve Mustard

Steve Mustard is the president and CEO of National Automation, Inc., a company that supplies automation products and services to customers in water & wastewater, oil & gas, transport, electricity and manufacturing. He is also the president-elect of the International Society of Automation (ISA), a non-profit professional association that provides standards-based technical training, publications, events, and resources for engineers, technicians, and management working in industrial automation.

In December, news broke of a major compromise of U.S. federal government and Fortune 500 companies who used software from a network-management software vendor called SolarWinds. The incident arose from a SolarWinds software update that contained malicious code. Users who applied the update from March 2020 onward would have been exposed to the vulnerability, potentially allowing attackers to gain access inside their networks. It is estimated that 18,000 users applied the update. As of January 2021, the full extent of the breach remains unknown.

This incident should cause genuine concern to all SAMA members. In my earlier conversation with Harvey, we discussed the fact that safe and secure products and services are crucial to strategic account relationships. We also talked about how hackers will target the weakest link in the supply chain. Here is a very real example with very real consequences. SolarWinds is now involved in a massive recovery effort, both technically and with its credibility. However, they are unlikely to be the last major vendor to be the focal point of such an incident.

Vendors will learn from this incident and address any known gaps that they have, but the next incident will be different and will leverage previously unknown gaps. The most serious threat to any SAMA member is complacency. Cybersecurity management is a continuous process requiring constant vigilance and dedication. SAMA members should constantly review their exposure to cybersecurity risks, with a focus on answering these key questions:

• How well do we protect our systems, intellectual property and other sensitive information? How would we have been affected had the latest incident hit us?

• Do we have effective processes for reviewing and updating who has access to our systems and information as well as the methods for doing so?

• How secure is our supply chain? How confident are we that we don’t have weak links in our chain?

• How well prepared are we if a cybersecurity incident were to occur? Do we know what we would do and whom we would contact? Does our incident-response plan cover our entire supply chain?

• How secure are our strategic accounts? Do we provide them with the necessary guidance, and are we helping them manage their cybersecurity risks?

One closing thought: The focus ought not to be on SolarWinds themselves but rather on the fact that attackers will look to exploit the weakest link in the supply chain.

Harvey Dunham: It’s my pleasure to be speaking with an expert from the International Society for Automation, Steve Mustard, who’s an expert in cybersecurity. Steve, welcome. It’s great to be speaking with you, and I look forward to the conversation we’re about to have.

Steve Mustard: Thank you, Harvey. I’m very happy to be here. I’m very happy to discuss cybersecurity with your members.

HD: And Steve, would you just give a brief introduction about yourself so they know a little bit about your background and how you earned your stripes in the cybersecurity world?

SM: Sure. I’ve worked in industrial automation and real-time embedded systems for 30 years, space defense and then energy and utility companies. In the last 12, 15 years, cybersecurity has become a big issue in industrial control systems. And as a result of my background, I’ve gotten heavily involved in that side of life, and I’ve spent a lot of my time these days consulting with asset owners about how to improve their cybersecurity posture in their mission-critical facilities.

Continue reading “What every SAM should know about cybersecurity: An interview with International Society of Automation’s Steve Mustard”

A co-creation expedition with a strategic account: Air Liquide and STMicroelectronics

By Lorenzo Castrogiovanni, Strategic Accounts Director, Air Liquide, and Mustapha Bouraoui, Vice President for Strategic Marketing, STMicroelectronics

In March 2019 SAMA honored Air Liquide and STMicroelectronics as co-winners of the 2019 SAMA Excellence Award for “Implementation of specific customer engagement strategies enabling, and successfully impacting, the value co-creation process.” What follows is the case study that led to the award.

This is the story of Air Liquide’s successful cooperation with one of its strategic customers, STMicroelectronics, a leading semiconductor manufacturer delivering solutions that are key to Smart Driving, Smart Industry, Smart Home & City and Smart Things. By establishing a structured framework aimed at innovating together in the sphere of Industrial IoT and Industry 4.0, ST​ now sees Air Liquide not just as a strategic supplier but also as a true partner and a potential customer.

Before the implementation of this customer engagement initiative, Air Liquide enjoyed an excellent business relationship with its strategic customer ST. And yet, their exchanges were focused on the ST’s manufacturing and purchasing organizations, leaving Air Liquide with only limited access to the product- and application-development groups of ST.

The co-creation venture began when Air Liquide proposed to share its technological “pain points” and “constraints” associated with its own digital transformation to ST’s marketing managers and product developers — an overture ST welcomed for the reasons visible in the following chart.

Objectives from the perspectives of both traditional supplier (Air Liquide) and customer (STMicroelectronics)

Ultimately, this mutual engagement allowed ST to support Air Liquide in its digital transformation, providing guidance, ideas and solutions in order to speed up prototyping of use cases while at the same time allowing Air Liquide to share its vision and requirements with ST to help them to develop technologies and solutions for the broader industry.

For Air Liquide, the engagement offered an opportunity to receive support for its digital transformation directly from a global industrial semiconductor leader while enhancing customer intimacy and positioning Air Liquide as a potential customer for ST. It also established valuable relationship capital beyond manufacturing and purchasing through a significant number of initiatives that are currently under development. 

This initiative sits at the intersection of account management, customer experience, digital transformation and cooperative innovation.

Air Liquide and ST rolled out this engagement in several steps, over the course of approximately 18 months. Below is a brief outline, which can be utilized by any customer and supplier with similar mutual objectives.

Step 1: Identify the right counterparts on the customer side, develop a trustful and fluid relationship, agree on development steps and align around the mutual goals for the initiative.

Step 2: Identify high-level sponsorship on both sides.

Step 3: Identify key stakeholders on both sides.  For Air Liquide, this included approximately 10 chief technology officers, for ST roughly 10 vice presidents of marketing and product development.

Step 4: Identify the key pain points and constraints of the customer’s current technological developments in the domain of Industrial IoT and Industry 4.0. For Air Liquide these included development of effective systems to track compressed gas cylinders, sensors to monitor the oxygen content in the blood, methods for measuring hydrogen flows in fuel cell vehicles and devices for predictive maintenance.

Step 5: Share pain points prior to the engagement to allow full preparation on the customer side.

Step 6: Run the“Innovation & Cooperation Expedition.” This full-day workshop provides a forum to exchange ideas and advice, and to collectively select the most promising elements for future collaboration.

Step 7: Establish a joint development roadmap encompassing additional networking opportunities, joint R&D activities and development of proofs of concepts (PoC) with the goal of eventually positioning the “supplier” to acquire the “customer’s” solutions.

Step 8: Present engagement outcome and shared roadmap to high-level sponsors to ensure support during the follow-up phase.

While this initiative has proven very successful, it did take time to implement because both sides had to enlist the participation of a relatively large number of executives, with busy schedules, and who needed to understand the project’s potential benefits. Additionally, Air Liquide had to engage all its chief technology officers and then formally identify all the technological constraints and “pain points” associated with every aspect of its digital transformation.

The project’s long horizon (18 months) also presented its own challenges, namely keeping stakeholders mobilized, motivated, open-minded and informed while the engagement unfolded. In the end, the results have proven extremely positive:

  • Relationships have been established between the various stakeholders on both sides, with the engagement followed immediately by a more in-depth exchange of information.
  • Air Liquide’s chief technology officers have received invaluable guidance in terms of examples, ideas and long-term vision from their ST counterparts.
  • Air Liquide and ST established a priority list of three potential PoCs, with accountable personnel assigned on both sides and a roadmap for future development. Moreover, additional ideas have been discovered in later discussions that may lead to additional projects.
  • ST has invited Air Liquide delegations to own initiatives usually devoted to ST’s own customers.

Ultimately, Air Liquide and ST plan to share the benefits of successful PoCs with other strategic customers of Air Liquide, thus leading to positive customer experience for Air Liquide, further customer intimacy between ST and Air Liquide, and new business opportunities for ST — a new virtuous circle of value co-creation among the three companies.

Ultimately, the progress of this initiative is monitored by both companies’ CEOs — a sure sign of a mutually beneficial customer-supplier relationship.