Let's Talk Cabling!

You Cannot Hack What Is Not Connected

Chuck Bowser, RCDD, TECH

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 39:44

Send us Fan Mail

We sit down with the Goldilock team to challenge the default “add more software” mindset and focus on a blunt truth: if a network is not connected, it cannot be hacked from the outside. We dig into how Layer 1 physical disconnection works with existing security tools, what it means for installers and PMs, and why protecting backups and controlling third-party access can change your blast radius overnight. 
• Physical network disconnection as Layer 1 defense 
• Why software-only security becomes an arms race 
• Picking disconnect points based on a risk register 
• Bulkhead and light switch analogies for technicians 
• Using APIs to trigger disconnects from existing security tools 
• Timeouts, default states, and safe reconnection practices 
• Ransomware reality and why attackers go after backups first 
• Retrofit and rack installation considerations for a 1U device 
• Manual firmware updates, maintenance windows, and validation audits 
• Third-party access windows with auditing and certainty 
• Coordinating installers, PMs, IT, and OT through labs and simulations 
• Future direction as AI speeds up attacks 
If you're watching this show on YouTube, would you mind hitting the subscribe button and the bell button to be notified when new content is being produced? If you're listening to us on one of the audio podcast platforms, would you mind leaving us a five-star rating? 


Support the show

Knowledge is power!  Make sure to stop by the webpage to buy me a cup of coffee or support the show at https://linktr.ee/letstalkcabling .  Also if you would like to be a guest on the show or have a topic for discussion send me an email at chuck@letstalkcabling.com 

Chuck Bowser RCDD TECH
#CBRCDD #RCDD

Welcome And Listener Requests

SPEAKER_03

Hey Large, welcome to another episode of Light Talk Hunter. In this episode, we're talking about Cody Locke.

SPEAKER_02

Stay connected.

The Big Idea Behind Disconnecting

SPEAKER_03

Do it right. Welcome to the show where we tackle the tough questions submitted by apprentices, technicians, installers, project managers, estimators, designers, even customers, sometimes even IT personnel. We're connecting at the human level so that we can connect the world. If you're watching this show on YouTube, would you mind hitting the subscribe button and the bell button to be notified when new content is being produced? If you're listening to us on one of the audio podcast platforms, would you mind leaving us a five-star rating? Those simple little steps help us take on the algorithm so we can educate, encourage, and enrich the lives of people in the ICT industry. Wednesday nights, 6 p.m. Eastern Standard Time, what are you doing? You know I do a live stream on TikTok, Instagram, YouTube, LinkedIn, everywhere I can figure out to send a live stream where you get to ask your favorite. Your favorite RCDD. You know that's me. Questions on installation design. I even do career path questions. But I can hear it. Check out my drug at Wednesday night. Where do I get a drug? Take a breathe in, breathe out. I record them so you can watch it when it's safe. So I got you covered. And finally, while this show is free and will always remain free if you find value in this content. Would you click on that QR button right there? You can buy me a cup of coffee. You can even schedule a 15-minute one-on-one call with me after hours, of course. And you can also even buy Let's Talk Cabling t-shirts as well. So today we're talking about something that most people in the limited energy integrating world, the low voltage world, the ICT world, rarely think about until it's too late. You know, it's funny. We design networks, we install racks, we terminate fiber, we terminate copper, we build pathways. But here's the uncomfortable truth. No matter how well you dress that cable, no matter how good your testing documents are, no matter how well your AS builds are, the network can still be reached, it can still be attacked. And in a world where everything, everyone is selling more and more software, more and more monitoring services, more and more dashboards, it's it's we're gonna flip the conversation on its head and ask one simple question. What happens, or could we just physically disconnect the network? Because you can't hack a network if it's not connected to the internet. So today we're talking to Team Goldilocks because I saw them at the Bixie conference, and it's like the most interesting thing that I saw there. So interesting. I invited him to come on the podcast so I can spread the word for them a little bit because it's a really interesting thing. We're gonna talk about installers who are starting with crowded racks running where this gear would even go. Okay, hey, but Chuck, I'm just a cable guy, I don't put in switches. My audience has integrators and cable installers, and cable installers today are future people who are integrators. This is gonna help the project manager to even understand if this is scope creep or is it just smart risk mitigation. Integrators are just tired of being asked all the time, just make it secure. Just make it secure. That's a very broad thing. So here's the thing we're gonna do. We're gonna get right into this, and we're gonna talk about how this cable can be physically disconnected so that way your risk of being hacked drops to zero. Welcome, team Goldilocks. How are you guys doing today? Okay. Excellent.

SPEAKER_01

Very good, thank you.

SPEAKER_03

Excellent. So we have several guests on today. So why don't we go ahead and do introductions? I'll let you guys pick who goes first. Tell me who you are and uh and who you work for, and just a 50,000-foot view so that way the audience knows about your background.

SPEAKER_01

Hi, Chuck. Thanks for having us, and thank you for the audience for listening. I'm Steve Brody, I'm the Chief Revenue Officer at Goldilocks. I'm based in the UK, hence the funny accent. Yep, but we are truly global, and we're actually really proud to actually manufacture in the US as well. I'll pass over to my team.

SPEAKER_00

Hey Chuck, I'm Michael Vallas. I'm the Steve's global field CTO. Um, I guess I'm kind of the plumber of the Goldilocks facility.

SPEAKER_03

CTO. That's an acronym for those who don't know. I'm the I'm known as the acronym king in this industry for some reason. Chief Technology Officer.

SPEAKER_00

Yeah, for the field. I'm more customer facing.

unknown

Yes.

SPEAKER_00

I got it.

SPEAKER_03

I got it. I actually just did a whole live stream last night on acronyms. Oh, acronym. Next one.

SPEAKER_02

Hey there, I'm Gavin Ray and I run the product. Uh hey, I'm Gavin Ray. I run the product plan and I run marketing. And my background includes uh many years at ATT in Cisco and doing all sorts of things since.

SPEAKER_03

Well, it's a pleasure having you guys on the show. And like I said, I really enjoyed talking to you guys at the Bixie Winter Conference. Lots of great conversations. In fact, it was only supposed to be a short 20, 30 second clip. And we had recording like three or four minutes worth. I had to break them into a couple clips. It's really, really interesting stuff. But let's start off with the basics because you know somebody listening to the show doesn't know what Goldilocks is, right? So I'll let you guys pick who answers this. Can you give us just a simple explanation what physical network disconnection means and why is it better than a software base for cyber defenses?

SPEAKER_01

Thanks for the question. So physical network connection and disconnection means the ability to truly control the path where the data transmits. So as you know, the cable goes across and connects the different items in the systems. We have the ability then to say, we cut the cable and we glue the cable. That's in effect what we're doing. So what it happens to be, it's the foundational element of the entire world that we live in in the digital space. So it's for those that are more technical, it's the first layer of the seven layers back. Yeah, where all the digital communication occurs and everything passes along that cable. The reason why this matters is software sits across that. And unfortunately for everybody, software is not infallible. Yeah, it does have faults, it does have the issues that sometimes cause these big press announcements to come through. Yeah. And therefore they have the challenges about whether it's a bug, a misconfiguration, or sometimes sadly something malicious. Well, we are operating at that physical layer that runs everything. We can say something is connected and allowed to be accessed or hidden on joined up so you can actually allow the data to flow through. After all, software and software attacks is the normal sort of way that cyber issues occur. And that's a constant arms race. So it's always again software defending against attacking software. So we're changing the game. We're changing that to be protecting the good software to another level by actually adding hardware to avoid any of those vulnerabilities.

Where Physical Isolation Belongs

SPEAKER_03

Yeah, software, it can be really good or it can be really bad. And I say that because I recently updated uh the software on one of my computers and it said it was only going to take 30 minutes, and it cycled through the whole process for two and a half hours until I finally got tired of it and stopped it and had to call support to get it fixed. So software can all can be our Achilles heel easily, right? So for as far as the ICT team, right? The technicians, the project managers, the designers, uh, those people who who they're they're not necessarily cybersecurity experts, right? Where should the physical isolation control be considered or be placed in the network architecture?

SPEAKER_01

Great question. And it depends on who you are. So if you're a product manager, yeah, or project manager, yeah, the first thing you're going to look at is where are my risks? Yeah, what do I need to protect the most? So if we're a water purification center, you want to make sure the water's pure, so the connectivity to it, or if you're in the data world, which database is protected. The beauty of our product is it gives you that flexibility in numerous different ways to protect key items in the organization that you choose has to be protected to the highest level. From a technical perspective, I'm going to pass over to my field CTO so he can uh he can answer some of the more technical aspects because he can describe it in a much better way than I can.

SPEAKER_00

So it's really about reframing the architecture when we're talking about really anyone, whether it be an engineer or it be a PMO or it be a CISO, it's helping them understand kind of the risk register of their environment, where their blast, the potential blast radius of any potential threats or kind of any kind of issues happen. Um, and really just having a true fundamental understanding of where their asset protection kind of lies and what they're trying to achieve, right? The one of the problems that we run into is that it's a very ubiquitous product, right? Because it's layer one. So anywhere that there's a cable, we can essentially play in that area and we have the ability to disconnect that. So it's about, I guess, I guess the golden reel is really about where, when, why, and how you disconnect. What is your risk register, what is important to you, and what's gonna stop any kind of operational or monetary or even safety features like in the in the OT world.

SPEAKER_03

So I want to paint a picture because I know right now there's a technician somewhere in a telecom room punching down cables or running cables, listening to the podcast on his headphones, and he's not quite grasping because we're talking at a kind of a high level here today, but I want to make sure that they don't get left out of this conversation. So and let me know if I'm wrong, okay? I I I like to talk in parables. This is very similar to like a corded drill. If you unplug the corded drill, the drill doesn't work. You are doing an actual physical disconnect so that way the the network, the hacker, physically cannot get not physically, but software can't get into the network. Does that sound about right?

SPEAKER_00

That's correct. Yeah, a better way to think of it is almost like uh the bulkheads within a submarine, right? Um, if that bulkhead is closed, there's no water infiltration that can happen, right? I mean, that's the whole point of having, you know, a submarine is not just a blank tube. There's bulkheads in there so that if there is an incident, you can seal that compartment off and you're still you're still up and running. But yes, essentially, when there is no electric, uh no electricity, then there is no physical network path, and you've essentially mitigated any kind of uh command and control, blast radius, uh lateral movement, anything like that.

Triggers, Policies, And Automation

SPEAKER_03

So let me ask you, let's ask you a question. This is not one of the pre-arranged questions, but I'm pretty sure you guys can answer pretty easily. I probably asked because at Bixie, right? So how does it know when to disconnect? Is that is that a is that an input driven by the IT department, or is there software that says, hey, there's someone trying to hack in and then it automatically initiates the disconnect?

SPEAKER_01

There's lots of ways to answer that. Um, first of all, it depends on how you want to allocate risk and the policy of who's allowed to disconnect. Because there's a great film, and I I won't quote it because I don't know if I'm allowed to on this podcast, but with great power becomes great responsibility. And that's what we start to provide. So therefore, we have to allocate that to the different engineers or to the different cabler or to the different management team based on the policies that we set out, yeah, and or sorry, the customer set out, yeah, on their sort of tolerance of risk. So that could be they have a threshold today where they're at the lower risk. So they're at sort of like DEFCOM one, therefore they actually have the tolerance today. We hear 10 alerts over here, 20 alerts over here. Now we isolate and then we remedy, investigate, and go through all the processes. Or they might be at a higher level when they go, no, anything that we see that's not quite right, instantly put the barriers up. So you can change it from a reactive stance to a proactive stance depending on the client's choice of the question.

SPEAKER_00

I I think though, Steve, what he's asking is is really dives more into our integration story. So Chuck, you asked, how does our system know, right? And the simple answer is we don't. We take controls from the already implemented security stack, which is it kind of delves into our integration story. But essentially what's happening is we're a light switch. The light switch has no idea that the light bulb is present or even cares, right? We take input from the already invested security stack that's in play within an enterprise or within a company, and we have the ability to take an API command to be able to shut that off, right? But as far as intelligence is concerned, we're just a light switch, right? We're we're we're a programmable light switch, and we can take input from our management connection to be able to turn that light bulb off. But in essence, we don't have any intelligence built into our box. It's simply electromechanical relay.

SPEAKER_03

Is there a is there a built another question not in the pre-arranged question? My I'm chasing squirrels now. Um once that once that disconnect has been initiated, can it reset itself? Can it be brought back and then reconnected after the thread is gone?

SPEAKER_00

Yeah, so there's there's a lot of different variables involved in that question, right? So we've built in a series of mechanisms within our interface. So we could have uh we could have a default power state of a specific port so that if if power was to be lost or anything like that, you could choose um enabled, disabled, or previous, right? So that's that's kind of one thing. And then we also have the ability to set timeouts. So this is this is of paramount concern when you're dealing with uh you know larger operations. And let's say that they want to enable a port, but then all of a sudden they get busy because they got 27 alerts coming in from three different other, you know, uh, you know, security applications and they forget to turn that off. You could actually enable a timeout window so that if that enab that port gets enabled or disabled, after a certain specified time, it automatically reverts to its last state. So we've kind of built that in. There's also, you know, as Steve mentioned, there's APIs so that if there is a monitoring infrastructure that knows that certain ports are supposed to be on or certain ports that are supposed to be off, it can initiate an API command to either recursively or to uh initiate that enable disable.

Real Attacks And Protecting Backups

SPEAKER_03

Excellent, excellent. That that now see now that's probably gonna make sense to the to the guy punching cables down in a telecom company. Uh let's talk about real world risk, right? We all seen the headlines. You know, you know, the the the government gets hacked and people's critical information gets let out, or you know, something happens, the the hospital gets shut down, they hold for ransomware. We've all seen this. It's happening right now. So let's talk about how how often do real customers need this physical disconnect capability? And is there a tipping point for when they when you should really start considering using the Goldilocks?

SPEAKER_02

I think one of the things that we've noticed with customers that talk to us about their fear of what happened to others, happening to them, is when you look inside the stories of what went wrong and why did a hack actually do the damage it did, you start to find out a few things that make you really think about how our product should be used. Because an attack doesn't happen on a day and finish. Attacks are usually based on a penetration of an organization's defenses. And the attacker was not there to do a quick piece of small damage. They were there to nest and travel and spread their capability around an organization. And what you hear people talk about now is this idea that they want to limit and control the way things move around the business. And for something that's really valuable, like your backup, you know that old adage, right? If you try turning it on and off again. Well, for everyone that gets hacked, why don't they go back to yesterday's backup? Well, the reason is that the bad guys know that. The first thing they do is take out your backup. And so you start to get a sense of what we do for customers. We say, Well, the things that you really need to protect, keep them safe forever. Only turn them on for the ten minutes you need them. And as you follow that, you start to see people say, Well, if I get really attacked, what do I wish I'd done beforehand? I wish I could have limited how they travelled and when they travelled. And from that thought, a lot of people start to say, hey, okay, now I look at my network, the cable's the hero, right? It doesn't matter what the software stack and it doesn't matter what the cyber defense is, it's the cables that are doing all the hard work. And that's why we work with the cables to cut them and make them in all the places you wish you could when you understood how attacks travel.

SPEAKER_03

So let's talk about installation considerations, right? To the technician out in the field, from his point of view or her point of view, I don't want to be sexist there. From the technician's point of view, right? What are the key challenges when either retrofitting that layer one or installing a brand new layer one with this type of a system in their network rack?

SPEAKER_00

Yeah. Um essentially, because we are layer one, there's a pretty frictionless retrofitting, right? As long as you have space within the cabinet. Uh it's a it's a one U appliance, you you throw that in, you screw it in, and then it provided that you've done any kind of bench, uh, that you've done any kind of bench config prior to it actually being racked and stacked, um, essentially all you're doing is you're plugging in the power and you're plugging in a patch patch cable. There's no software configurations on the front of our. There's no routing configurations, there's no IP address, there's no Mac address, there's literally nothing. It's it's it's a patch cable. Um so as long, I mean it'll take you longer to screw in the two bolts into the into the rack than it will for you to cable that in um and and and be able to feed that patch cable over to where where it's terminating.

SPEAKER_03

That's good because as you were saying that, I I had I had this vision going through my my mind because you know, my day job, I teach students all the time. And I teach, I've taught 20,000 students over the last 14 years. And you know, we switched a while back to instead of going from the paper attendance sheets to signing in on a spreadsheet on my computer. Do you know how many technicians I literally watch working in the communications industry typing with two fingers because they don't know the home row?

SPEAKER_00

Which, which is, which is why I said that like a bench config is is probably the best course of action. And that's what I I usually uh I come from a large enterprise background, so we always had, you know, we would do all of our uh installation, we'd do a bench config prior to it going into the rack. Um but just to dovetail on what I was saying, I think I think the hardest part of the installation would actually be making sure that the management infrastructure that you're connecting into the back to take those APIs to be able to access the GUI, that management infrastructure is going to be probably the the most difficult piece, which during your bench config, you would assign it its IP address, you would do your configurations of what ports you want up, naming the ports and stuff like that. And then the technician would go in and install that, cable it up, plug it in, turn it on, and you're ready to rock and roll.

SPEAKER_03

Right. So you did mention a couple things there that I want to make sure we clarify. GUI, that's an acronym, GUI, graphical user interface. Um that just means how easy it is for someone to look at the screen and interact with it. Is it really I'm so old, I'm so old, I remember the the Microsoft versus Apple litigation because of the GUI interfaces, because Apple had a way better system that you can easily navigate around. Right? Uh so that's what graph so think of when you interact with a tester. You know, some testers are easier to navigate around, but that's a better graphical user interface. Now the other one you mentioned was API. That one I'm I've I I've heard it before, but tell us what is it and what is it?

SPEAKER_00

I believe it stands for application programmable interface. Am I right, Kevin? I think I think that's right. So what the API is, is it allows us uh there's an open standard for API called open the openapi.3.0. Um and what that does is it allows for a standardized communication path for us to be able to receive a set of instructions, right? So in in an example, we could have a Palo Alto fire or a sorry, we could have a next gen firewall send us an API command to shut a port off, right? And it's a standardized format of how that is is processed in in on our device.

SPEAKER_03

So that way, just again, just kind of related to the cable guy. Um so that way, like for us, before the standards are written, there every computer system had different types of cable. You know, it could be type one, type three, it could be coax, it could be twin axe, it could be pod cabling. And then the standards came along and said, no, everything's gonna be done over balance to pair of cabling. So no, it's it's independent of the actual computers, it's just they all work the same. So it's nothing like APIs doing the same thing, but on the software. Exactly. It's making it so perfect. Perfect. See, I I I got it. Yes. Mark one down with Chuck.

SPEAKER_02

A great way of thinking about it from a cable perspective is you know when you go in a data center and you've got red cables and that's the fire control, nobody would ever mix the fire control system with the day-to-day data cables. The thing that turns the Goldilocks switches on and off is probably going to be a cable that's got a beautiful gold stripey colour like the back end of a bee, right? Because that's the cable that you never mix with anything else, because that's the cable that turns the really valuable stuff on and off, right? And and that's the way we're thinking. This is the control system for the whole thing. It will not be mixed with any of the other cables.

Working With Firewalls And Partners

SPEAKER_03

Yeah, I I I hate I hate the bursting bubble there. Um, I literally just had a an a conversation with somebody, an audience member yesterday, yeah, where the fire alarm piece. People were trying to put their cable mixed in with the high performance data cabling, and the electrician kept telling some just low voltage, it doesn't matter. It does matter. Fire life, fire. Data, you know, it's yeah, it's mission critical, but it's not life safety. And technically they can be mixed together, but it's not a good practice. So that's just so you know, that's a battle that I fight every day. People still think it's just case, it's electricity. It's not just electricity. Yes. Yes. Yes. So we so you you guys are kind of relatively new, right? You um but cybersecurity has been around for a while, and the the software tools have been around for a long time, right? Uh the next the next generation firewalls and and endpoint agents. So, how does this physical control that you're building now, how does it work alongside of those tools? Do you do you see them as complementary to those tools, or are you competing with those tools?

SPEAKER_01

No, they are completely complementary. Yeah, that they are they are an extra layer of defense that's never been available before. Um I say never, that they there's always been the chance that somebody can pull the cable and then plug it back in, but it's never been done in a way that's repeatable and scalable. So it's never been done in a product. Um so no, we we work with most of the cyber defenders out there. So we can work with firewalls, we can work with MFAs, we can work with uh the routine, the switches, all those different things in the stack that come together that people cable in. We work with all of those and we complement them to give a full package of defense.

SPEAKER_03

I like that. I I like when we all collaborate together. Uh just absolutely because it just makes it makes the it makes a better product, it makes the customer happier, and in the end of the day, besides making money, what are we trying to do? We're trying to keep the customer happy and keep the customer safe.

Compliance, Convergence, And The Front Door

SPEAKER_01

It's it's also a part of our core philosophy as a company. Everything that we do is through partnerships. So whether or not it's resellers that's out there in the US already that have got established customers, whether it's integrators, whether it's cablers, whether it's distributors, even our manufacturer, as I said, is based in in a key part of the US. Um all of that is about partnerships. Yeah, and we understand the value of working with the rest of the technology stack to defend uh the great places that we all live and work and breathe in. Yeah, and we have to fit into that. And we're very conscious of that, and that's the way that again we've made it easy to use, as well as then going through the part of easy for people to adopt and sell.

SPEAKER_03

So so we were just talking about standards and compliance, and you know, the there's a term that I've heard in this industry since almost since I woke up and started paying attention to the industry, and that's the term convergence. Right? Now the the first convergence was when we started doing voice and data over the same kind of cabling, right? But now we're starting to do other things across data cabling like video and and industrial cabling and building automation and stuff like that. So as more and more industries adopt cybersecurity and data protection requirements, do you see how do you see this physical isolation align with those types of compliance frameworks?

SPEAKER_01

There's lots of different ways that I see that happening. I mean, if you if you actually go back to how networking began, originally before Cisco became so dominant and so sort of well known to everybody, they used to have data networks and management networks or control networks, and they were two separate cables over two separate paths. What Cisco did very well when as they brought together the technology, they passed it all down the one cable. Yeah, and then they sort of came out, and that sort of grew and grew, and that became then into an environment that everything became over connected or hyperconnected because everybody thought everything had to be connected all the time. And then you what you've just said there is a perfect example. We have this infrastructure, so let's just use it. But there's no consideration for resilience, there's no consideration for security, and that's what we're trying to put back in. We're trying to give people that control factor to and and to actually go forward and actually drive something that can put the security posture back into the entire stack. One of the ways that I sometimes describe this is like the front door. Yep. Most people go to bed at night and they shut their front door, yeah. Or they open it and use it whenever they want to go to see their friends, when they go to the gym, when they're going to work, whatever reasons that they're leaving the house for. But they always then shut their front door. That's what we're putting onto the infrastructure. But there's an extra level of benefit. Nobody knows where our front door is. Yeah, only the customer knows where their front door is. So it becomes a really nice, easy way to understand how that data can flow and how you allow to put control in place.

Firmware Updates And Ongoing Validation

SPEAKER_03

Yeah. Yeah, there's a uh just as a side note, again, my here's my my ADHD kicking in again. Um for people who are listening, don't think that you know hacking or cybersecurities is is not really a big thing. Go to YouTube. There's a channel, like I wish I could remember the guy's name. He literally hacks in to the hackers' network and messes with them. And just stops stop them from stealing money from people. I mean, it is a big, big, big issue. So let's talk about the project managers now, right? So let's talk about uh the maintenance and the lifecycle of the of this cable plant that they get done. So when they and when they put this after the physical isolation hardware uh is installed and is part of the project, is there any considerations that the project manager needs to consider for maybe ongoing validation or maybe firmware updates or or lifecycle refreshes?

SPEAKER_00

Yeah, I mean, we obviously uh as a company, because as you said, we're we're we're fairly new to the to the uh to the to the market, we're we're constantly releasing new uh firmware updates with features that we're building in uh as our development process moves along. So for the firmware updates, um it's a strictly manual process, and we do that by design for security purposes, meaning that our device cannot download or call home or do anything automatically. And again, that is all done uh purposefully. So when we're talking about production network links, as we've already discussed what our product does, when you do a firmware update, there is going to be a reboot cycle, right? So there has to be an accrued maintenance window that you have the ability to take that device down, be able to run that firmware update, allow it to reboot. Generally, uh in my testing, and I've done probably 30 or 40 of them, it's from about five or six minutes, right? Obviously, your maintenance window would be a little bit longer than that, but it's about five or six minutes to be able to uh to actually update that. As far as ongoing validation, obviously there are security playbooks uh that need to be adhered to within an organization where you establish some sort of quarterly schedule to audit the authorized users, um, maybe do API bearer token cycling or evaluate the time-based access rules that are currently being used on there. So there's there's validation that needs to be considered. It's not a 100% set and forget kind of uh uh product. Um but as far as and and then as far as lifecycle refreshes, it's really it's really dependent on kind of like the deployment mapping and what their how their their system is growing, or maybe they have found a new area in their risk register that they want to be able to protect. So then there's you know kind of that life cycle development.

SPEAKER_03

That's that's actually I I love that. Um you you know I'm a knuckle-dragon cable guy, I'm not I'm not a network guy, right? But so as you said and you and you're talking about that, you know what goes through my mind is this is an opportunity for a company right now that's installing cable to sell integration services to help maintain this. Am I wrong or not?

SPEAKER_00

100% right.

SPEAKER_03

And that means more money for the uh for them. So let's talk about use case nuances. So beyond the the disaster response, where have you seen the physical connectivity control become a part of a company's standard operating procedure where they're doing this network segmentation that you're talking about?

SPEAKER_01

Thank you. Um so we have numerous customers in numerous different environments that use it in multiple different ways. One of the one of the things that's very common though across industry is where they use this for third-party access control. So we have a lot of organizations that have a lot of contractors that come in, they have third-party teams that come in from other vendors, and what they want to do is allow them to have access to do some work over the internet or the digital connection for a period of time, but they also want to then make sure that they are then removed from actually being able to access anything. So we see that as a very common use case is where they go in and set up the connections, allow them a maintenance window for two hours, four hours, which can be fully audited, fully tracked, and fully allowed, which then they know with absolute control and certainty that that person, individual company, whoever it is, is then removed. And it does two things. One, it means they they are protected, so they're not gonna get attacked from that person if they're there. But also, if that individual and that company has a problem, they are not gonna then infect anybody else. Yep. So it's also a nice way for them when they have that third-party access to control to make sure that they are not vulnerable to pass on any infection to anybody as as they go through.

SPEAKER_03

So I you know, I mean, I love talking about cross-discipline with teams, right? Um so we're talking about the installers, we're talking about the project manager, we're talking about the designers. They all have a piece in this pie, this installation for this physical disconnect system. What's the best way to educate them? Because this is going to be new to a lot of people. What's the best way to educate them and to help coordinate across the roles for physical layer defenses?

SPEAKER_00

Yeah, that's that's actually uh simulated realities, right? So um having a lab, being able to show what our product does and how it interacts with the corresponding systems that either it's attached to or that it's taking controls from. But really, um for clock cross-disciplined teams, when you see a simulated attack starting at something like an Nmap scan all the way to payload deployment or a data XFIL, right? And you see how fastly we can react to that. I don't know if fastly is a word, but how fast we can react to that. Um what happens is a lot of things click almost immediately. They see, oh, we recognized that there was a data XFIL, and our DLP server sent a command to Goldilocks, and now that XFIL has stopped in its tracks uh without having a thousand alerts come in, without having to dispatch somebody from floor five to floor two to go unplug a cable, uh, without, you know, it it just it it becomes uh the simulated reality becomes a really powerful cross-domain training tool.

SPEAKER_01

Just just to add to that as well, there there's one customer that we were talking to only last week. They have a massive plant where it takes them two hours to get from one office to the other side of their location. Yeah, they can't get there quick enough to even pull or plug a cable in. Yeah. So the only way they can do it is by that remote control that we have in effect to allow them to have that access to open or close. The other way. Sorry, go ahead.

SPEAKER_03

No, I was gonna say, yeah, while he was saying that, I I did a project for um Darden restaurants. They have a big campus over here in Orlando, and they have multiple buildings all over the place. And the only person has the key to the telecom room is the building engineer. Well, the building engineer is not just there to open up doors for telecom guys, right? So as he was saying, I was thinking, yeah, if I was a if I was a Darden, I said, hey, we need to get down to the closet at three right now because somebody's back in the system, it could be two hours before I see the building engineer.

SPEAKER_01

Absolutely. It's like, where's Dave? Oh, Dave Dave's on lunch break. Okay, so where who's else has got the key? You run after that that that physical lock. You've now got it down into the digital world at the physical way. So um, but what I was also gonna add was I was I was talking to somebody earlier today on this exact subject. Um if you think about every organization, they have one mission, yeah. They have it to be the manufacture cars, to dig for oil, is to ensure lives are saved at the hospital. That's not an IT issue, that's not a cyber issue. So they all have one objection, uh or one objective, sorry, um, and they have that objective to make sure they're doing the best they can be. So you then go down the chain and you'll get an IT team and an OT team that are trying to make sure their technologies are working in in different languages in different ways. We're we're often the peacemaker between the two as well, because all of a sudden you now have the way to control how those systems interoperate. You allow the IT team to operate and access when they need to, but they don't need to be in the OT world the whole time, and vice versa. The OT world don't need to be in the IT space the whole time. So you allow them their windows to operate in quite nicely, but when you need to make them shake hands and play nice, you can do so.

AI Threats And The Physical Future

SPEAKER_03

Let's talk about the future. Okay, you guys obviously are some pretty smart people, and you came up with some a really cool concept and a really cool product, and I know people who have that kind of creativity don't sit on their lull, right? They they're always thinking ahead. Where do you see the physical disconnection technology evolving to, especially when you tie in threats because not now cyber threats with like AI coming into the realm?

SPEAKER_01

Great question. So we're not gonna sit on our laurels, you're absolutely right with that. We are gonna keep keep driving forward. Um one of the things that we see is a lot of separation between insights, as we talked about earlier, those higher-level intelligence systems, and action. Yep. And the action has to happen at the cable layer. Yeah. So we need that partnership to work together. And and we're gonna continue to go along that that level. Yeah, so it's about how do we provide the action. So our roadmap will expand in numerous different ways, and I'm not gonna give everything away on on your call. Not today, you might have to invite us back. Yeah. And that some of that is about like the way that we speed up things, the way that we have more ways to access and trigger the controls. Some of it is about the type of form factors, but that that's all for future stuff. But but I'll I'll I'll actually turn that round and ask it a question to you in a different perspective. Most AI that's coming out there, people are fearful of, yeah, because they're seeing the way that they can drive attacks. Yeah, and then they're also saying that the current firewalls and software are not good enough. Yeah. Yeah. Not because they're not great at what they do, but just they're not quite quick enough in terms of how do you roll out the patch, how do you roll up all the new sort of technology bugs and fixes and the ways that people have gone through it. And the bad AI only has to be quicker than they can roll out the patch. So, how would you do that in a software only world? You wouldn't. You have to change your thought process to a physical way. Yeah, if someone can come up with another way of doing it, please let us know. Yeah, we can't think of it. And that's the question I would ask is if people can come up with that, we we've got a good way of working together, I think.

Demos, Trials, And Getting Started

SPEAKER_03

Yeah, there's a there's a people fall in two camps when it comes to AI. There's those who embrace it and those who fear it. Right? Uh and I will say this. People used to embrace typewriters and they feared computers. And I'll just leave it there. I'll just leave it there. You you can you can do the rest of that thought process all on your own, right? Um so let me ask you this. So let's say there's an integrator, somebody out there listening to this, and they like they really like what they hear about this physical disconnect system. Is there a way that they can test the Goldilocks system before actually committing to a purchase?

SPEAKER_01

Absolutely. Yes, there is. Yep. So if they get in contact with us, yeah, um, and they get in contact with our partners that are already based in the US, we we have a whole suite of different sort of ways that we can engage with, so whether that's from demonstrations to educations to webinars, yeah, getting people to understand our technology and how they can make money and how they can defend organizations, and then we have a whole place to do that.

SPEAKER_03

If they want to get in touch with you or get in touch with your team in the here in the US, uh I do have I do have people listening to the show in the UK. I do have people listening to the show in Saudi Arabia, and uh, in fact, I'm going to Costa Rica next month to talk to people who are listening to this show, right? So if they want to get in touch with you, how do they get in touch with you to for more information on this system or how or maybe even how to purchase it?

SPEAKER_01

Yep, so if they contact us via goldlock.com and we will set up a Chuck podcast link so they can actually follow us from there from this school today. Yeah, we will do that so they can come in directly with us. Or as as as I said uh previously, if they want to contact our known uh partners that are out there, they will obviously support as well.

unknown

Perfect.

SPEAKER_03

Gentlemen, I appreciate you coming on the show and uh I look forward to seeing you again at future events.

SPEAKER_01

You have a pleasure. Thank you very much.

Head Shot

Chuck Bowser RCDD TECH

Host

Podcasts we love

Check out these other fine podcasts recommended by us, not an algorithm.

The Cabling Podcast Artwork

The Cabling Podcast

Cabling Installation & Maintenance
49 Volts Podcast Artwork

49 Volts Podcast

Josh Bowman
TKW TekTalks Artwork

TKW TekTalks

TeKnowledge World Wide
Low Voltage Nation Podcast Artwork

Low Voltage Nation Podcast

Low Voltage Nation Podcast
Southern Homesteading Podcast Artwork

Southern Homesteading Podcast

Chuck & Barbie Bowser