The Uptime Wind Energy Podcast
EP90 – Cyber Resilience: Can Companies Like Vestas Rebound from an Attack? with Byron Martin
Byron Martin, CEO of Teknologize, joined us to talk about the Vestas ransomware attack and the great concept of cyber resilience: How companies can rebound after a cyberattack like the one Vestas recently suffered. Plus, we discussed global air pollution levels, India’s offshore wind potential and infrastructure challenges therein, the Save Right Whales Coalition and got the engineers’ take on the floating wind turbine structure Pivot Buoy from X1 Wind.
Sign up now for Uptime Tech News, our weekly email update on all things wind technology. This episode is sponsored by Weather Guard Lightning tech. Learn more about Weather Guard’s StrikeTape Wind Turbine LPS retrofit. Follow the show on Facebook, YouTube, Twitter, Linkedin and visit Weather Guard on the web. And subscribe to Rosemary Barnes’ YouTube channel here. Have a question we can answer on the show? Email us!
Transcript – EP90 – Cybersecurity and Cyber Resilience with Byron Martin of Teknologize
This episode is brought to you by weather guard Lightning Tech at Weather Guard. We make lightning protection easy. If your wind turbines are due for maintenance or repairs, install our strike tape retrofit LPs upgrade. At the same time, a strike tape installation is the quick, easy solution that provides a dramatic, long lasting boost to the factory lightning
00:00:21:08 – 00:00:48:22
Unknown
protection system. Forward thinking wind site owners install strike tape today to increase uptime tomorrow. Learn more in the show notes of today’s podcast. Welcome back. I’m Dan Blewett. I’m Allen Hall and I’m Rosemary Barnes, and this is the Up Time podcast bringing you the latest in wind energy, tech news and policy.
00:00:59:21 – 00:01:13:00
Unknown
All right. Welcome back to the Uptime Wind energy podcast, I’m your co-host Dan Blewett on today’s show. We’ve got a great lineup and we also have a friend of up time joining us, Byron Martin, CEO of Teknologize, which is an IT firm in Washington state.
00:01:13:00 – 00:01:29:22
Unknown
He’s going to be joining us to talk about the implications of the Vestas cyber attack. Obviously, we mentioned this on the show in a past episode just recently when the story broke. But we wanted to get Byron, who’s one of our our repeat guests now, since he’s an expert, it’s really kind of walk us through this.
00:01:29:23 – 00:01:47:19
Unknown
You know, the response, the cyber attack and his term, which you learn today, cyber resilience, which is not just trying to prevent attack, but also how quickly can your organization bounce back once you have in breach? So really great talk with Byron will jump to that in about 15 minutes before that.
00:01:47:19 – 00:02:03:22
Unknown
We’re talking about air pollution. We’re concerned about India’s offshore wind potential and why that still is sort of waiting in the wings. And we’re going to talk about Rosemary’s neck of the woods with the star of the South Offshore Wind project, which has gotten some new legislation just passed, which is going to help pave the way for
00:02:03:22 – 00:02:18:07
Unknown
that one. And then after our interview with Mr. Martin, we’ll talk about a self orienting floating wind turbine prototype that’s just now being christened and the Save Right Whales Coalition and how that’s impacting offshore wind here in the U.S..
00:02:18:17 – 00:02:34:05
Unknown
So before we get going, be sure to subscribe to our uptime at tech news, which you’ll find in the show notes of this podcast, as well as Rosemary’s excellent YouTube channel on renewable energy. So let’s get started. Rosemary, we this crazy article from Al Jazeera.
00:02:34:20 – 00:02:50:10
Unknown
They did a great job with it, some infographics and sharing some some data here on the 100 most polluted cities around the globe. And unfortunately, 94 are within India, China and Pakistan. Obviously, you know, you’ve especially harped on the idea that, look, we’re all in this together.
00:02:50:10 – 00:03:02:06
Unknown
Obviously, you know, the U.S. has really low or really high renewable energy that still doesn’t help the fact that the planet as it as a whole is a system, right? So tell us a little bit about this air pollution over there.
00:03:02:07 – 00:03:17:00
Unknown
Obviously, it’s a huge problem for the health of so many people who live in these areas, but our or our renewable energy targets going to start to make a dent in this. Or how do you view this situation over in India, China and Pakistan?
00:03:17:04 – 00:03:33:11
Unknown
Well, I think the Appalachians really interesting because it’s of course, it’s very related to climate change because it comes from from burning stuff, mostly fossil fuels, although there’s a lot of biomass burned as well. And that also contributes to air pollution, but not climate change so much.
00:03:34:10 – 00:03:51:10
Unknown
But it has that big a big difference with climate change in that one. It’s it’s local, you know, India and China having a lot of coal power plants and having a lot of smog in their cities. That’s the that’s a problem that they are experiencing and we’re not.
00:03:51:10 – 00:04:05:22
Unknown
So that’s that’s one point. And then the other thing is that it’s it’s now and it’s visible and it really impacts every person’s life today. And so I think that actually it’s terrible for the people who are in those cities.
00:04:05:22 – 00:04:24:17
Unknown
And I have friends and colleagues who lived in very polluted cities, and it’s a big motivator to to try and leave those countries oftentimes. And I know that all the countries that are experiencing these high levels of air pollution, it’s, you know, it’s definitely on their radar isn’t something they’re ignoring because it’s really important to their population
00:04:25:21 – 00:04:44:02
Unknown
. But I think that it’s actually as as hard as it is for people who are living with it, it’s actually a really good thing in terms of fast action on climate change with a lot of the times, you know, we talk about a lot of action now in developed countries, and most of the rich countries have net
00:04:44:02 – 00:05:01:19
Unknown
zero by 2050 targets and developing countries have them a little bit later 2060 for China. And I think India is a bit lighter and some other developing countries that maybe don’t have a lot of emissions now but are going to in the later half of the century, don’t even have net zero targets at all.
00:05:02:05 – 00:05:12:20
Unknown
And so a lot of people are very worried that, you know, it doesn’t matter how much that we do in countries like the US and Australia and in Europe, because, you know, emissions from developing countries are going to be so important.
00:05:12:20 – 00:05:25:16
Unknown
And, you know, China’s installing new coal power plants still and so is is India. But from my perspective, I think that local air pollution is going to be one reason why we see change much faster than what we expect now.
00:05:25:17 – 00:05:46:09
Unknown
I know China is already starting to rein in its future plans on coal power plants, partly for climate change and partly for pollution. And we’ve already seen, you know, electric vehicles. They are being rolled out ridiculously fast speeds in cities where they have a lot of pollution because they just have to.
00:05:47:03 – 00:06:06:01
Unknown
I mean, there’s cities in China where within a year they went from no electric busses to all electric busses, you know, so I say it’s a it’s a bad issue for the people that are. Facing them in their cities, but it gives a real motivation to act fast in a way that climate change really lacks, so I
00:06:06:01 – 00:06:16:11
Unknown
actually see it as a positive thing that we have to solve this solution. And in doing that, we have to solve this problem. And in doing that will also make a huge impact on climate change in the future.
00:06:16:18 – 00:06:27:17
Unknown
Yeah, I mean, it just goes back to that. I mean, people really make big changes in their own personal lives when they hit rock bottom, so to speak, right? And it seems like the pollution levels at some of these places are kind of like a rock bottom level.
00:06:27:17 – 00:06:47:15
Unknown
It’s scary. Alan, what’s your perspective? Well, I think this is a sort of a good problem to have in a sense that it’s limited to a couple of countries mostly, and you’re seeing the same sort of thing happen in the ocean cleanup where they’re trying to clean up plastic in the ocean, in the Great Basin of plastic
00:06:47:23 – 00:07:01:14
Unknown
in the Pacific Ocean. What they found was that a lot of that plastic is coming from a very select few places. And what they’ve done is they’ve they’ve focused on those places to cut the plastic pollution in the ocean.
00:07:01:14 – 00:07:17:10
Unknown
And now they have this thing called river cleanup, which they’re trying to capture. The plastic river hits the ocean, and it’s making a huge difference. So in the case of emissions and pollution, if you have a couple of countries joining, you can focus efforts there instead of the whole world.
00:07:17:22 – 00:07:35:04
Unknown
I think Rosemary is right. I mean, we can really hone in on these couple of countries and actually make a really big impact in a much shorter time than we thought. And that’s good. So let’s shift to India’s offshore wind resource because obviously they have a really, you know, they’ve a large coastline.
00:07:35:05 – 00:07:50:08
Unknown
I think it’s 7600 kilometers, Alan. Is this something that we can look to in the future that, you know, is wind energy going to solve this problem? Obviously. You know, all these different renewable energy sources can’t solve maybe these, you know, more micro level problems.
00:07:50:08 – 00:08:03:05
Unknown
Obviously, air pollution is not a small problem, but it’s a very specific problem. You know, India has a lot of again potential for for offshore wind, but it seems like there’s a lot of issues getting this to market.
00:08:03:05 – 00:08:19:21
Unknown
A lot of it’s expensive. The ports aren’t as developed in India. Alan, what are some of these other issues that are preventing India from really becoming a big potential player in offshore wind? Well, India is seeing exactly what the United States and all the other countries are going to develop offshore wind.
00:08:20:02 – 00:08:33:05
Unknown
We’re going to experience, which is you’ve got to bring the the the electricity onshore at some point. And just a lot of population centers onshore and there’s not a lot of places where you can build big infrastructure onshore.
00:08:33:06 – 00:08:45:20
Unknown
That’s sort of next to larger communities. So the problem is not so much of getting one, though. There’s I mean, there’s obviously problems with infrastructure and having the ports and then the ships and all the things to go do the offshore wind piece.
00:08:46:08 – 00:08:58:23
Unknown
I think that can happen. The bigger problem is, how are you going to bring the energy in? You’re talking about a lot of energy coming in as a as a as a sort of one big piece and you need to build infrastructure on the shoreline and in those communities.
00:08:59:06 – 00:09:12:09
Unknown
That’s where you can going to get a lot more pushback because the wind turbine you can’t see off the coastline doesn’t matter to people. But that big transmission tower and those big transformers that are sitting right on the ocean front do matter to people.
00:09:12:09 – 00:09:31:04
Unknown
And I think that’s where all the offshore wind is going to have an issue, not just India, but I think India will eventually get there. It’s just going to take a little bit longer. one of the things mentioned in this this article about India’s offshore wind energy potential from India spend AECOM is that they just have no
00:09:31:04 – 00:09:47:12
Unknown
real ability to transport some of these gigantic blades. That I mean, is that true in your experience? I mean, is that India’s going to be a lot tougher for transportation, just the way cities and networks and roads are set up that it’s going to have to be in the ports is going to be have to be new
00:09:47:12 – 00:10:01:11
Unknown
factories built by the by the coastline. I have unfortunately not made it to India yet, though I have worked with plenty of Indian colleagues. So, you know, I feel I feel like a bit of familiarity. But I do.
00:10:01:12 – 00:10:20:02
Unknown
I think you’re right that it’s not. It’s a country where you can’t just expect everything to be there for if you have identified a piece of land that would make a good wind farm. You can’t just kind of book the turbines and install them and think that that’s going to be the end of it.
00:10:20:02 – 00:10:36:22
Unknown
You’re going to have to be working to make sure that the infrastructure that you need is there the whole way along. And it’s obviously a very large country and it varies from, you know, from area to area. What the how it’s how well it’s set up and how much work you’ll have to do.
00:10:36:22 – 00:10:50:11
Unknown
But I don’t think it’s the easiest place to to make a large new wind project. Well, those are big hurdles and it’s interesting. Like right now, obviously, there’s so much about offshore wind in the news and just about wind energy in general.
00:10:50:18 – 00:11:05:14
Unknown
And so many countries have these rolling hills. You know, these like Scotland, it’s so beautiful. There’s these rolling hills and these long roads, and if you need a snake. 100 meter blade down on those roads, I suppose you can do it right, but it’s just interesting how a lot of these different countries who maybe want to get
00:11:05:14 – 00:11:21:21
Unknown
in the game like India, they’re just like potentially a lot of different hurdles. We’re like, we just can’t do it this way. That country’s ABC, you know, DLF could do it. We had to find a different solution or we need to build a lot more infrastructure that’s going to really set us back a significant amount of years
00:11:21:21 – 00:11:32:11
Unknown
because I’ve been there to make major additions to their ports, to their infrastructure. I mean, that could say like, hey, like, you know, we love to meet some of these goals by 2030 that other countries want to make.
00:11:32:11 – 00:11:47:04
Unknown
But it’s just not going to be realistic because we’re looking at five to ten years just for port upgrades and for factories, and then then we can get going. I mean, Alan is, is that kind of how this this looks for India, that they’re just they have a lot of other work to do to to really get
00:11:47:04 – 00:11:58:19
Unknown
up and running? Yeah. And the United States really isn’t any different. Honestly, we don’t have the ports to go do some of these things today. So we’re going to be in that building phase. And it’s just a question of priorities, right?
00:11:59:04 – 00:12:17:03
Unknown
You can spend a lot of money on getting the ports set up and getting the ships in, but you’re diverting funds from somewhere else. And that’s happening in my state that we’re setting aside a significant portion of revenue from this, from the state to go, do these improvements and is going to have the same issue.
00:12:17:03 – 00:12:38:11
Unknown
Like, do you develop onshore energy, solar resources or do you build a port? Great question, because there’s only a limited amount of resources there, and that’s where the discussion gets really hard and which then leads to, I think, delays when those when those discussions get to that level and you get those really hard decisions.
00:12:38:21 – 00:12:54:05
Unknown
Usually there are years of delay to figure it out because there’s so many people with so many aspects and inputs into it. You just can’t make a rash rush judgment and start it. It just takes time to to work itself out.
00:12:54:05 – 00:13:09:23
Unknown
And we’re going to find out in the United States here in the next year or so how hard it is. But I’m in India. It’s not. I’m just I’ve brought up a list. For some reason, I have a tab open with the list of countries and what their total installed wind is, and India is number four on
00:13:09:23 – 00:13:26:02
Unknown
the list after after Germany and before Spain. So I mean, they’ve got a lot of wind turbine factories there. They have some strong local content laws that, you know, mean that if you want to have a big wind wind energy project there, you’ve got to build a lot of it in India.
00:13:26:09 – 00:13:42:13
Unknown
So it’s not like they’re not, you know, it’s not starting from scratch by by any means. And I know that as blades get longer, turbines get bigger. Everybody is facing challenges with the logistics of of getting stuff in place.
00:13:42:13 – 00:14:02:08
Unknown
And so I mean, to a certain extent, everything, everything is local. You know, every problem is local, but I don’t think that India is unique in having to solve these problems. And one thing that I have noticed from working with a lot of Indian colleagues and, you know, with our Indian factories as a culture, they are excellent
00:14:02:08 – 00:14:14:15
Unknown
at coming up with really unique, innovative solutions if there’s a problem and they’re going to find a way to solve it. So I, yeah, I wouldn’t see that as being like some huge roadblock in the way of expanding wind industry in India.
00:14:14:21 – 00:14:31:01
Unknown
All right. Well, we’re going to transition now to our interview with Byron Martin, who is the CEO of Technologize, and they’re an IT firm in Washington state. Obviously, we brought him on the show because we want to talk more about Vestas’ cyberattack, which again, we report about two weeks ago that they had a cyber incident.
00:14:31:01 – 00:14:40:11
Unknown
But really, back then the news cycle, there was very little real known about it. They didn’t release a whole lot of information, and it was probably because they were still trying to figure out the extent of it themselves.
00:14:40:21 – 00:14:54:19
Unknown
So obviously, since then, they’ve come out and said that it was a ransomware attack, that their internal systems were affected, that it did not affect the operation of their many wind turbines. And but still, this is a big deal.
00:14:54:20 – 00:15:07:12
Unknown
Obviously, they’re a major OEM. And so we want to have Mr. Martin on the show to chat through some of those issues and explain the protocols. You know what is a big company like Vestas potentially doing to rebound from this?
00:15:07:12 – 00:15:18:20
Unknown
And what changes might all companies who are, you know, every time one of these things happens, companies are thinking, Oh, we need, you know, here’s another one, we got to protect ourselves. Maybe now’s the time we really batten down the hatches.
00:15:18:20 – 00:15:38:23
Unknown
So without further ado, let’s jump to our conversation with Byron Martin. So, Byron Erawan, thanks for coming on the show. Great to have you back. Yeah, and I’m glad to be here excited to talk about something I’m real passionate about.
00:15:39:00 – 00:15:49:04
Unknown
Yeah, I mean, we’ve we’ve we’ve mentioned a bunch of times that, you know, these cyber attack event get more and more frequent. It’s such a scary thing. So good to have you here. So obviously, you know this one with vests.
00:15:49:04 – 00:16:03:15
Unknown
The cyber attack. The first reports came out about twelve days ago, November 19th as of the recording today, and it was a really vague, you know, really vague reporting in the news cycle because I’m not sure if investors knew that much about it at that point.
00:16:03:15 – 00:16:17:04
Unknown
So, you know, I think a lot of people, they jump to the conclusion of like, Oh, they’re just trying to keep this information close to the vest. But it also seems like, you know, when there’s a cyber attack, as you’ve mentioned in the past, that they might not even know the extent of it for quite a long
00:16:17:04 – 00:16:34:18
Unknown
time, you know, as they kind of take inventory of what what the damage was, you know, if there’s ransomware, what’s the situation going through the insurance, all the protocols, all that stuff. So first question for you today, you know, when a company realizes they’ve been breached, you know what happens?
00:16:34:18 – 00:16:52:23
Unknown
Can you kind of walk us through like a hypothetical, you know, step by step for something like like what vessels is going through now? Yeah, you bet. I thought what was really interesting in the reports that Vestas released initially was that they had identified an incident on the 19th of November.
00:16:53:13 – 00:17:14:14
Unknown
So anytime that there’s a that somebody suspects a cyber event, right, there’s we don’t jump to conclusions right away. We don’t necessarily because we don’t know the extent of what’s going on. So they identified an incident they probably had good evidence of because of the symptoms of what was going on.
00:17:16:01 – 00:17:37:03
Unknown
However, the first step really is just to, you know, is is to make that identification and determine that there is. We suspect that there is an issue. And then at that point, you have what’s important here, really is that every organization needs to have a tried and true incident response plan.
00:17:37:11 – 00:17:48:15
Unknown
And the one, I mean, tried and true, that means you can’t just put it on paper, you have to rehearse it, you have to practice it, you have to tabletop it, you have to drill it on a regular basis because it’s one.
00:17:48:16 – 00:18:02:15
Unknown
It’s like a fire drill, right? You. When I was younger or when my kids were younger, we would go through home fire drills, which meant and they had a blast. But it meant jumping out the windows, taking out the screens.
00:18:02:15 – 00:18:18:12
Unknown
You know, what’s the process? What do our kids do to exit the home safely and where do they go? Now you have to do the exact same thing as an organization. You have the plan. And I know many have been diligent about developing a cyber incident response plan.
00:18:19:10 – 00:18:38:06
Unknown
Many still need to do that or develop it. But those that have it, there’s the next step. You have to, with diligence, do the tabletops and the drills, which at that point. Helps you to position yourself to try to be more successful in a response.
00:18:38:18 – 00:18:54:21
Unknown
Right. And I’ve seen the difference where those organizations that have a planned response versus those that don’t and those that have a planned response handle these situations so much better. And there’s a lot of missteps that they can make, right, if the order of operations aren’t right.
00:18:54:21 – 00:19:11:13
Unknown
Because, you know, I have chatted about this before that, you know, you might need to call your insurance company first thing before you act. I mean, I obviously, I don’t know all the details there, but you know, how could how could a company get in trouble by sort of going out of order in their protocol if they
00:19:11:13 – 00:19:28:17
Unknown
don’t have a good protocol? That is. Yeah. one of the big things is the first thing that people don’t want to do is panic, right? I mean, the damage is done. And typically, once they’ve identified it, they don’t necessarily know how long the bad actors, the threat actors have been in that in that network.
00:19:28:22 – 00:19:43:09
Unknown
You know, if they have an instant proper incident response plan in place, they have a response team that’s been identified that they’ve already predetermined is going to be part of the team and they have a leader, somebody who’s going to lead that response and that person takes a year.
00:19:43:14 – 00:19:57:04
Unknown
Once it’s identified, it should hand off to this person, and this person will help determine the the threat level and then organize and get the team together. Because I mean, investors, you’re talking about a company that’s got a lot of employees and obviously most of them are not going to be involved in this.
00:19:57:04 – 00:20:10:21
Unknown
But just like on an aircraft like this is kind of like the exit row, maybe, right? They’re a little team that they know that if this happens, they get tapped well. And one of the pitfalls to a lot of, you know, in reacting to a situation without a plan is what happens.
00:20:10:21 – 00:20:27:07
Unknown
Let’s say even a simple things like, Oh crap, I’ve got a ransomware, let me shut down my computer or let me shut down my servers. It’s one of the last things you want to do, because what happens is, as you do that, you remove a lot of the evidence that could be there to investigate the what actually
00:20:27:07 – 00:20:47:21
Unknown
transpired and how they entered into your organization and how they got in. So you don’t want to be shutting systems down, you want to. I mean, one, as you mentioned earlier, if there’s insurance, you certainly want to contact the insurance organization to let them know, depending on the size of the organization, because oftentimes, if it’s if it’s
00:20:47:21 – 00:21:12:23
Unknown
an actual determined that it’s an actual breach and there’s liability there and potential financial impact, whether it’s in, you know, from a data has been exfiltrated and and there’s there’s PR associated with that to a lot of the insurance organizations or companies have their protocols and processes on that they require in order for you to claim that
00:21:12:23 – 00:21:35:22
Unknown
insurance and those sort of situations where there may be damages, whether it’s loss, business or or cost of recovery, all of those things. So once it’s identified, the first thing is putting your team together and not putting them together, but calling them together and then looking at containment because you need to contain and which means you need
00:21:35:22 – 00:21:52:11
Unknown
to stop the spread, stop the infection. And there’s a lot of ways to do that. There’s a lot of tools or it’s simply, you know, if you have a server, take it offline. And that’s one of the things that Vestas did is either they’re not shut things down, but they were taking things offline.
00:21:53:00 – 00:22:12:05
Unknown
So they they were unplugging, disconnecting and which will allow them to do the the the forensics and the deep dove investigation on what what transpired and what happened. Now they haven’t released a lot, but I have found that.
00:22:13:12 – 00:22:29:20
Unknown
That more or more and more organizations are releasing a lot more detail on information once they know what’s going on because it’s not a battle that is, we’re not all isolated in this in this war against cyber cyber attacks.
00:22:29:21 – 00:22:45:21
Unknown
This is this is something that we are in together on and the more information that we can share, the better in it. And a company like Vestas, which has a deep I.T. department and has definitely plan for things like this.
00:22:46:08 – 00:23:03:08
Unknown
What are those entry points? It would seem like they would have a pretty hard in system from outside ransomware attacks. Where is the ransomware attacks happening now? Is it still kind of via email attachments, or is it a little more complex than that?
00:23:03:08 – 00:23:30:20
Unknown
Yeah, Alan, this great question. I’ll give you some, some general statistics. I don’t have the exact numbers, but I there’s a of a variety of avenues entry points in which a threat actor can get in and the by far the highest is email phishing through individual email that are clicked, whether it’s a link or an attachment and
00:23:31:23 – 00:23:46:10
Unknown
human behavior, unfortunately for a lot of users, is, you know, they click something. Nothing happens, they click it again. Nothing happens. And then or they might realize, Oh my gosh, this might be a bad deal. Did I click and they stop and wait for a second?
00:23:47:14 – 00:24:11:10
Unknown
Did anything happen, OK, nothing happened. I’m good to go. OK, moving on, right? But what they don’t realize is just because they didn’t see anything go on doesn’t mean that nothing happened. Yes, we all grew up on Jurassic Park, where you get the R and then you know that you’re going to get eaten by a dinosaur at
00:24:11:10 – 00:24:33:18
Unknown
some point. You know, that’s how we all grew up right now, which is I communicate all the time kind of what we call the hacker timeline. And that is where people don’t realize the average amount of time that a bad actor is in a network is six months before wow, before they’re identified, before they even know that
00:24:33:18 – 00:24:51:19
Unknown
something is going on. And in the scary part about it is that six months or more, they have almost free reign. But the the hacker timeline consists of, you know, first they get Alan Premiere question. It could have been that phishing email.
00:24:52:03 – 00:25:11:16
Unknown
It could have been a vulnerable, open remote RTP port. I know a lot of RTP has been a major vulnerability for a remote desktop protocol from Microsoft has been a major vulnerability for really, really long time. Yet it’s still used all over the place.
00:25:11:23 – 00:25:32:04
Unknown
And if it’s and for convenience, if somebody opens up a port, oh, I just need the remote in. And so that that’s another avenue remote access technologies that allow threat actors to get in. But so what happens is, well, it’s that fish email or that remote access, that’s the foothold, right?
00:25:32:11 – 00:25:47:21
Unknown
That’s the first step in the in the process. Well, first step one they’ve got once they’ve got in. And then once they they’re in, they start asking or looking at, OK, where am I at what or what organization?
00:25:47:23 – 00:26:04:12
Unknown
And you know, and have I breached or gotten into? What privileges do I have? What access to? Do I have? What information can I get to? And they start asking these questions and then they turn it and say, OK, where do I need to get?
00:26:04:21 – 00:26:19:16
Unknown
Who do I need to be? What access? What privileges do I need to have? And then they start working their way up the chain until they have gained greater access and they in the industry, they call that lateral movement and privilege escalation.
00:26:20:10 – 00:26:40:23
Unknown
And once they have gotten to the most, they can gain the most access they can get to the most data they can exfiltrate at. And the most damage they can impact. That’s typically when they execute ransomware, they they’ll detonate it.
00:26:40:23 – 00:26:54:17
Unknown
After all, that other stuff is done, they’ll detonate the ransomware. And how do they how do they make these these steps? How do you go from the first person’s access that you got up to, you know, the person with the nuclear codes?
00:26:54:20 – 00:27:11:10
Unknown
Yeah. Well, there’s once they’re in, let’s say, an individual, click that that phishing email. And it installs malware and installs a small little program on that person’s computer and that becomes a foothold, and then that malware gives that.
00:27:13:02 – 00:27:32:22
Unknown
Tacker, a remote capability to execute code or to remote into that system, and when they’re remote executing code, that code that they’re executing is figuring out all that information. It’s doing a data dump of OK. Scans the network figures out, OK, what’s what’s running on the network?
00:27:32:23 – 00:27:52:17
Unknown
What are all the IP addresses? What are all that? What operating systems are they running? What vulnerabilities are there currently out there on the network? Because just to basic scans, network scans can tell you what is vulnerable. And then they are then they I mean, I’m talking this, they can do Rosemary in a matter of 30 seconds
00:27:53:05 – 00:28:08:20
Unknown
and have a ton of that information. It does. It is not hard work. And so so the the so what once they have that information, that’s when they start assembling their additional attacks within the organization, that lateral movement.
00:28:09:03 – 00:28:22:12
Unknown
So is the is the end goal always ransomware or is there something else like you talk about them kind of running around laterally for six months? What are they doing in that six months? Or are they just preparing everything to then do the ransomware?
00:28:22:16 – 00:28:39:12
Unknown
Is there something else or is the is the ransomware the only real end goal? There’s several objectives, and I’ll give you the high level primary objectives. The first and foremost typically is financial. They it’s 1,000,000,000,000 dollar business they make.
00:28:40:13 – 00:28:57:11
Unknown
They get a lot of money and they and it’s paid and and a lot of bitcoin or other means. But it is millions of dollars, billions of dollars, right? Trillions. And so money is a big part, darn it.
00:28:57:19 – 00:29:11:20
Unknown
So all that leads up to you and they can get money in multiple ways. You know, they can get money they can sell. Once they have access to the organization, they can say they can put it on the auction market and the black market and the dark web and say, OK, I have access to this system, this
00:29:11:20 – 00:29:34:10
Unknown
network, this organization, I’ll sell it to you for this, OK? And then so that’s one way to make money. The other way to make money is to exfiltrate, upload as much data as they can. And then again, sell it, whether it’s customer data, network architecture, data, whatever they they have intellectual property, they can sell that to.
00:29:35:13 – 00:29:56:11
Unknown
Where they are making most of their money is that. Detonation of ransomware and demanding a ransom to be paid. So there’s that extortion element. Well, oftentimes they like to make money at every step of the way, too. So it’s not just there, they’ll make money where they can.
00:29:56:15 – 00:30:14:13
Unknown
However, you know the the because our criminals are honorable, they sometimes if you pay them the ransom, they won’t necessarily release the data, the exfiltrated, because they want to be known for keeping their word on once ransom is paid.
00:30:14:18 – 00:30:39:19
Unknown
And so the the other motivator down outside of the financial is, you know, as maximizing the impact or damage of an organization, but usually that still loops back to financial cause to more impact and damage. They can. They can they can do the the more valuable that that extortion is.
00:30:40:07 – 00:31:02:13
Unknown
And but there’s also a, you know, there’s governments that are out there, nation states that are funding hacking, which is has a different purpose. Some of it is still money that is funding their countries or funding their programs.
00:31:03:07 – 00:31:19:17
Unknown
And that’s FBI’s reported on that several times that, you know, between North Korea and other places that they will use those funds to fund weapons programs. And then there’s also. Intellectual property is another big part of that. China.
00:31:20:00 – 00:31:41:12
Unknown
You know, that’s China, will, you know, that’s a big part of they don’t hack necessarily for the money they hack for the intellectual property. That’s I was just going to ask it in terms of sort of nation states and the sort of intellectual combat that’s happening between the United States, several countries in Europe and China, Russia.
00:31:42:12 – 00:31:55:11
Unknown
And there’s other bad North Korea as being some of those sort of bad actors were some of this cyber attack has taken place in the ransomware is taking place is are we now playing at such a complex level?
00:31:56:11 – 00:32:12:15
Unknown
Because if if it was a nation state that went after Bastos, is there really much they can do to protect themselves? Because if they have the the backing of a country coming against you as a company, how how can you stop that?
00:32:12:17 – 00:32:33:06
Unknown
Well, there’s that’s a great question, Alan. And the truth is is if they if they really want to get to they, they probably will now. But the second part of the question, and this is what the conversation needs to change to a lot, there’s there’s the cyber security part of the conversation and typically that is the the
00:32:33:06 – 00:32:53:11
Unknown
preventative. OK, hey, let’s make sure we have our firewalls are patching our security in place that that’s kind of a defensive stance. Well, at this juncture, it’s a lot more conversation conversations going on around cyber resilience. Every organization needs to plan to be breached.
00:32:54:01 – 00:33:15:11
Unknown
So versus, you know, it’s I can’t fault them because everyone will have a breach at some point. There’s it’s not. It is going to happen. And the question, though, is the severity. And what has that organization done to mitigate the impact of that cyber event or cyber breach?
00:33:15:18 – 00:33:34:04
Unknown
So one of the things from the news reports was that, you know, VESA said they the incident didn’t impact wind turbine operations and really just was kind of in their internal systems. So, you know, when you think of like a cruise ship or like the Titanic, like they all had multiple holes, right?
00:33:34:04 – 00:33:48:04
Unknown
And all these ships, so they have one of them breached an act that section fills with water. The other ones are still watertight and the ship’s not going to go down until, you know, maybe I don’t know what it was on Titanic, but X amount when x amount of the ship was breached, it was going to sink
00:33:48:04 – 00:34:04:00
Unknown
no matter what. Right. So the companies have that sort of segmentation. I mean, you know, if you were to hack into some employee of Apple, do they have a way to just like sort of isolate them right away and say, All right, you know, these couple of people, this small team was hacked, but the rest of us
00:34:04:06 – 00:34:18:09
Unknown
were OK. I mean, how does that work? Yeah, that is a good question. And that’s I really like that analogy. The. Yes. And it’s not the best of all because they had a lot of holes. They are they you know, we know that tech talent still sunk, didn’t it?
00:34:18:09 – 00:34:41:06
Unknown
Titanic still sunk in. So. Yeah. You know, any Operation Mature organization means that whether small or large needs to have isolation segments like segmentation as part of their strategy segmentation between departments, Typekit did between key operations between data silos.
00:34:41:15 – 00:34:58:05
Unknown
There needs to be multiple layers there. So if one component is compromised, there’s a barrier. So they can’t just so it’s not flat and they can’t just have free reign of the of everything within the organization. So that is essential and a part of a good strategy.
00:34:58:05 – 00:35:14:06
Unknown
Yes. But I was wondering, is the Titanic? Maybe it is a good example because I mean, they had so many, you know, so much redundancy. It was supposed to be unsinkable. And yet obviously it did sink. Is it the same with companies and cybersecurity?
00:35:14:06 – 00:35:29:20
Unknown
Like, is it actually possible to ever get to a point where it’s impenetrable? Or do you think that it’s always going to be, you know, a matter of just kind of making it as hard as possible on limiting the damage that can be done inevitably once once an attack happens?
00:35:30:13 – 00:35:51:07
Unknown
Yeah, no. That’s another good question. And another question because it and the reason I like it, because it’s we need to change the mentality around cyber security and cyber resilience because the, you know, it’s not we’re never going to arrive, we’re never going to get there, you know, and it’s always going to be a journey.
00:35:51:07 – 00:36:12:09
Unknown
And in that we haven’t and the challenges, we haven’t had to deal with this so much in the past. So it’s a new adaption of a way of thinking and how we approach things. And that means establishing continual controls and processes within organizations, not from a not just a technical standpoint, but from an operational and executive standpoint
00:36:12:18 – 00:36:38:20
Unknown
on managing risk and managing business risk and then looking at how technology can impact that business and organizational operational risk. So it needs to be thought of as something that we’re evaluating on a regular basis. And that’s why the tabletops and reviewing plans regularly is so vital.
00:36:39:01 – 00:37:03:04
Unknown
Because I I’ll give you an example of of a great response. There’s a company that was breached and that was the firefly a year or so ago. I can’t remember the exact dates and and interesting how that transpired or how we found out, but their their response was so good and handled so well, not from a just
00:37:03:04 – 00:37:20:11
Unknown
a PR standpoint, but from a executing on their incident response plan that their stock shot up. And it was they were their their their clout, their reputation increased substantially because of how they responded, and it wasn’t a little breach.
00:37:20:11 – 00:37:43:07
Unknown
This was a big. Each word where they’re some of their primary tools were stolen, and it was, but it was interesting because that’s when the little thread started that took us to the SolarWinds breach. And when and when it was learned and announced that SolarWinds had a massive breach.
00:37:44:00 – 00:37:59:07
Unknown
I’ll give you an example. Like with with Cove in the last year, we figured out quite a lot in the last 18 months, right about how to how doctors are treating patients. Obviously, medicine and vaccines came such a long way in a short time like you could see just how the human species learned how to deal with
00:37:59:07 – 00:38:10:21
Unknown
this really quickly. Obviously, there’s been a lot of cybersecurity incidents in the news in the last two or three years as well, and they’ve been increasing. What what is improved over that time? Are we getting better at this?
00:38:10:21 – 00:38:24:01
Unknown
I mean, is the damage less significant? Like I remember, I think earlier this year, the FBI recovered a significant amount of the cryptocurrency that was paid. I can’t remember which ransom that was, but you know, they paid out X amount of dollars and they got about.
00:38:24:06 – 00:38:41:21
Unknown
They sort of stole it back. I mean, what’s the current state of of these cyber attacks and the responses now? Well, there’s a lot. There’s a lot happening. I think it was about $6 million that they did recover in that example down that you’re giving and was that out of like maybe or something like that?
00:38:41:22 – 00:38:54:14
Unknown
I think it’s going to be a majority of it back, I think. Yeah, if I remember, right? So there’s there’s multiple things that are going on right now. one, the attacks and ransomware four specifically is still prolific is unprecedented.
00:38:54:20 – 00:39:22:18
Unknown
And the stats are just still going up, skyrocketing really fast. So it is still happening rapidly. But what is now occurring is that it is a lot more on the forefront of Legislature. I mean, President Biden even threw out a mandate around cybersecurity I that was instigated, I believe, by the SolarWinds breach and how that impacted all
00:39:22:18 – 00:39:38:05
Unknown
the government agencies because a ton of them were using SolarWinds. I mean, hack. Even just a couple of weeks ago, it was announced the FBI email was hacked. So it is prolific and it is happening more and more regularly.
00:39:39:19 – 00:39:56:07
Unknown
The difference is twofold. Here’s what’s going to impact things, because I don’t feel like individual organizations and companies have been changing or implementing the necessary parameters that they should have at a fast enough pace because there’s no accountability.
00:39:56:15 – 00:40:13:18
Unknown
Typically, there are a lot of time, there hasn’t been a lot of inspection or accountability or yeah, yeah, I check that box off on a compliance, but compliance and cyber security is not the same thing. You know, and most organizations, they’re worried about some compliance oversight.
00:40:13:18 – 00:40:36:11
Unknown
They’ll check the box there, but that doesn’t mean they’re secure. So there’s going to be a lot more federal and state laws that are going to not only mandate cybersecurity for contracts, government contracts. But it’s also going to go into the private sector because what will happen is, is if there is an event, there’s also going to
00:40:36:12 – 00:41:00:09
Unknown
be a lot more teeth and penalty when something does happen. And we’re already seeing that in Europe, we’re seeing that. And you know, it’s starting to happen in the United States. California has more privacy laws, so there’s a significant level, a level, not a level or a lever or catalyst or whatever you want to call it, that’s
00:41:00:09 – 00:41:22:22
Unknown
going to push that. So people take it a lot more serious. The second thing is insurance. Because now that damages are occurring and it’s costing businesses money. You’ve seen a massive shift in the cyber insurance world. Well, a couple of years ago or companies, insurers didn’t even really know what cyber insurance weather like.
00:41:23:03 – 00:41:36:12
Unknown
Yeah, well. Well, Wolf insure that. Sure, let’s create a policy. And do you have a firewall and you have antivirus? Awesome. You got cyber insurance and it only cost this much. And they were thinking, it’s going to be a easy way to make a few bucks.
00:41:37:04 – 00:41:55:04
Unknown
Well, now what’s happening is cyber insurance companies are the pendulum has swung so far the other way. They’re asking some pretty deep and intensive questions that a lot of these organizations companies are having to say no on. They’re like, No, we don’t have that.
00:41:55:09 – 00:42:10:09
Unknown
We don’t have that too. Oh my gosh, we don’t have that. Oh my. You know, and then it starts making them think or shoot. I can’t get insurance coverage because I don’t have any of the stuff. I’m not doing any of this stuff and or their policies are super expensive because they don’t have that stuff.
00:42:10:16 – 00:42:28:16
Unknown
And so that’s forcing the conversation kind of like. Kind of like seatbelts, right, seatbelts. A long time ago, what drove the need for seatbelts was it were the automakers curse by their good faith and because they are good people put in seatbelts.
00:42:29:07 – 00:42:51:08
Unknown
Yeah, I think it had to do more with legislation and insurance, and we’re going to see a similar. Track with with cybersecurity and cyber resilience. Yeah, so I was just wondering, do you see it more as like an opportunistic thing or is it strategic in that certain types of industries are going to be more and more targeted
00:42:51:08 – 00:43:08:18
Unknown
? Because I mean, we are obviously paying attention to what’s going on in the energy industry. And it seems it seems like there’s a lot in the energy industry. And do you think that that’s because that’s kind of, you know, I mean, even in war times, that’s a strategic thing to try and take down and has a big
00:43:08:18 – 00:43:21:18
Unknown
impact. Do you think that that’s intentional or is it just that the energy industry has, you know, like poor, poorer security? Or maybe it’s just that what we’re paying attention to? Well, I think it’s a little bit of a little bit of both.
00:43:23:07 – 00:43:44:03
Unknown
It’s it’s going to continue to escalate. We’re going to see bigger, bigger notices in the news, how breaches hacks, ransomware. It’s it’s going to continue to happen because as we use technology more and more, there’s going to be vulnerabilities all over, you know, continue to be vulnerabilities.
00:43:44:06 – 00:44:00:02
Unknown
I think strategically it’s a target because it has such a substantial impact, right? Not just financial, but you know, when it comes to power and other utilities, it has serious impacts on our daily lives, on our ability to live and operate.
00:44:00:15 – 00:44:17:11
Unknown
So I think it’s a similar motivator as they target hospitals and large organizations because it is it’s life sustaining. So are you saying that that sort of constrains them to like, Hey, we can’t be out like we can’t fight these guys for seven, seven days?
00:44:17:20 – 00:44:34:13
Unknown
We need to get back online tomorrow, just pay it and be done with it. Is that kind of what you mean? It drives the price of ransomware higher? Right? So they can ask a bigger dollar amount and the probability of them getting paid is higher because of the urgency of the situation.
00:44:34:19 – 00:44:56:11
Unknown
Absolutely. Mm-Hmm. And as far as the targeting utilities, the the reality is a lot of these systems that are there are antiquated and there are we can put in layers of defense, we can do other things around hardening the security.
00:44:56:23 – 00:45:22:04
Unknown
But whether it’s software or hardware, there is, there are systems that are just there. They’re old and they get outdated quickly and because of the. Continued innovation, it might be outdated by twelve months or 24 months, and then they stopped development of those things that were deployed two years ago, and they stopped development of it.
00:45:22:04 – 00:45:43:06
Unknown
That means there’s no necessarily no patching, no updates, no additional resources put into securing that, whether it’s the hardware or software or those elements that operate the machinery or systems. So doubling back to to wind. And of course, it’s not, you know, as much wind specific.
00:45:43:06 – 00:45:57:18
Unknown
But obviously you have the ear of a lot of wind insiders here through our podcast. If they’re at home kind of going, Oh, we don’t want this to happen to us. What should be the three to five steps that they should they should be taking right now?
00:45:57:21 – 00:46:18:20
Unknown
Well, I think the good news is a lot of the, you know, the wind is therefore required to follow kind of ship nurk framework, which lays out a lot of the processes and protocol and procedures on what’s expected of power generating groups or organizations and facilities.
00:46:19:10 – 00:46:48:09
Unknown
So, you know, a lot of them have their farther along than the general public because of the requirement around narcs. And so the for my counsel would be. To to look at not just the cyber security mindset, but the cyber resilience side of things, because it has to be understood and accepted that there will be a breach
00:46:48:22 – 00:47:02:01
Unknown
because two years ago the conversation was more OK, you’ve got to prevent an attack. Well, yes, you still have to do that. However, now what we need, we need to be asking more questions about when it happens. What are we going to do?
00:47:02:02 – 00:47:18:06
Unknown
Where’s our biggest vulnerabilities? Where’s the biggest impact and have that as part of the regular conversation? Not it’s not say, Oh, that’s the I.T. director’s job. No, that’s that’s the directors or the executives or the CEO’s job that needs.
00:47:18:12 – 00:47:44:23
Unknown
Because one of the challenges is in the past has been that there has been no sea level conversation around cybersecurity or cyber resilience. So it needs to be in discussion with business risk, operational risk that cyber resilience needs to be part of that conversation and not just hand it off to the I.T. or cyber security guy or
00:47:44:23 – 00:48:04:04
Unknown
groups. So to make another pop culture reference? Yeah. Since it’s Christmas season, home alone like they’re going to break into your house. Do you have the paint cans ready and the nails in in the steps? Do you have the, you know, the tar and the feathering to really get these guys good once they’re in your house?
00:48:04:08 – 00:48:21:02
Unknown
You know, am I hearing you correctly? You know, yeah, you need to have a plan. You need to talk about it. What are you going to do if it’s that kind of paint? So, you know, it’s the marbles or the the pickup jacks on the floor, on the floor, be it whatever it is, you know, make sure
00:48:21:02 – 00:48:39:06
Unknown
you have a plan so you can execute it. You know, there’s a I mean, simple things like, you know, when when something happens, when you have to report it, when you have to go to regulators or and who’s who’s responsible to take these steps, whose job is to do what have that clearly defined?
00:48:39:19 – 00:48:54:09
Unknown
And you know, and so and then in the event you know, how quickly can we get back up and going, all these things need to be. And again, there fortunately, they have a framework which they can follow, which is the next step.
00:48:54:09 – 00:49:13:18
Unknown
And there’s a lot of helpful information there. But I’ve also found, just like the the fire drill that I’ve done with my family and my little kids, it’s amazing how many things that we overlook until we’re in there doing it.
00:49:14:04 – 00:49:25:08
Unknown
And it’s like my six year old kid. He can’t get out, he can’t jump over that or he can’t pull that screen off, or he’s too small, he can’t even open the window. You know, that’s a big deal.
00:49:25:20 – 00:49:43:15
Unknown
And would I have thought about that until we’ve done the drill? You know, maybe not. So, you know, one of the things that I can recommend is there’s, you know, like we have an incident response plan that we’ve put together for Teknologize and I’m happy to share that with anybody who would like to take a look at
00:49:43:15 – 00:49:58:20
Unknown
it. We also have samples of incident response plans for in that follow the NERC CIP framework as well and tabletop plans and forms that we could easily share with any of the listeners. Happy to do that. It is.
00:49:59:18 – 00:50:15:18
Unknown
It takes a lot of time and effort to put those together, and even if you have a template, you still have to make it yours and put some time and effort into it. So it sounds like the human element is just too big a piece of this as the actual cyber tools and having your, you know, your
00:50:15:18 – 00:50:34:18
Unknown
digital systems in place. It sounds like the people are are really a huge part of, like you said, not only the protection, but the resilience. Yeah, and you nailed it down. That is the piece that is most looked looked over right is the easy thing to do is a couple of things.
00:50:35:17 – 00:50:49:22
Unknown
Well, we need cyber security. Let’s hire somebody. Let’s High-Risk hire a cyber security specialist. OK, now we’ve got a full time cyber security specialist. Check that box, you know, or or, Oh man, we need this for cyber security.
00:50:49:22 – 00:51:05:11
Unknown
Let me buy this tool. OK, we got this tool, you know, EDR or something like that. All right. Well, we got the tool. Check that that’s not cyber security. The cyber security program is what you know is the human element.
00:51:05:11 – 00:51:16:13
Unknown
It’s the processes, it’s the systems, it’s the workflow. How do we how do we handle that? Well, for those of you listening out there, we are going to link in the description or the show notes of this podcast.
00:51:17:10 – 00:51:28:02
Unknown
So where you can find some of those downloads from from Byron and his company technology. So if you do want to follow up with him and take him up on his offer, that’ll be easy. Just click through in the podcast links.
00:51:28:18 – 00:51:45:08
Unknown
Byron So where can people follow up with you? I know you guys are on YouTube. You’re on social media. Give us some places people can can. Follow up. Yeah, Technologies Gqom spelled with a K and my email is Byron M at Technologies dot com, anybody can reach out and then I’m also on LinkedIn.
00:51:45:19 – 00:52:02:19
Unknown
Easy to get a hold of me there, Byron Martin. And those are the easiest ways to get a hold of all of me. And I can easily point somebody in the right direction or answer any questions. Or I talk to folks all the time and I’m happy to do so, even if they have just some questions or
00:52:03:10 – 00:52:12:04
Unknown
want to pick my brain daily, take them up on that. And like I said, you’ll find that in the show notes below. Byron, thanks so much for coming back on the show with us. This was great, really timely discussion.
00:52:12:04 – 00:52:20:10
Unknown
And obviously, we want to get your opinion because this is one of those, you know, it was a major breach of a major OEM, and so it’s a big deal and wind. So thanks for coming on with us.
00:52:20:15 – 00:52:42:09
Unknown
Hey, no problem, Dan. Happy to be here. Love to participate any time. All right. So let’s jump back in to offshore. So Rosemary, there are some new legislation just recently passed in Australia that’s going to sort of pave the way for some offshore projects, most notably the star of the South project, which is a 2.2 gigawatt project
00:52:42:09 – 00:52:55:01
Unknown
that will bring power to about 1.2 million homes in the future. It looks like this will take six to ten years to develop, and it’ll be a big one off the coast of Gippsland. But I see that right. Probably wrong.
00:52:55:02 – 00:53:18:13
Unknown
I got it. Gippsland one for one. Good job. Good job me. So, Rosemary, take us through this. Obviously, you are our Australian expert. What does this mean and how excited are you for offshore in Australia? I’m really excited for offshore in Australia, and I know that there was some suggestion that I was not excited.
00:53:18:15 – 00:53:30:23
Unknown
We’ll go to the channel. That’s you said we have a lot of land. We don’t need the ocean, but maybe we know maybe we misheard you. Yeah, because people say to me all the time, non Australians, especially side of me all the time.
00:53:31:08 – 00:53:45:00
Unknown
Why do you need offshore in Australia when Australia is full of of land and it’s not very densely populated and there’s a lot of land that you can’t do a lot else with, you know, in a productive sense, obviously at some, you know.
00:53:45:07 – 00:53:59:18
Unknown
So yeah, this is the first there’s this several projects kind of in somewhere in the, you know, in the pipeline for offshore in Australia. But this is the first one and it’s the one that’s really trailblazing, I guess, and that’s really what they’re doing.
00:53:59:18 – 00:54:12:01
Unknown
And then this is what this announcement about the legislation is about. It’s, you know, we’ve never had an offshore wind farm before, so we don’t even we don’t have all the regulations that, you know, to get planning approval.
00:54:12:01 – 00:54:24:20
Unknown
There is no, you know, list of things to check off yet. And so this is the first step for that. So it’s needed the start of the South, but also every other project that follows. So what’s notable about the legislation?
00:54:25:00 – 00:54:37:21
Unknown
I don’t think that there’s anything notable about it, except for that it there wasn’t any and now there, now there is some. So I haven’t heard anybody, haven’t read it myself. And I don’t enjoy reading government legislation as a rule.
00:54:38:02 – 00:54:52:22
Unknown
But I haven’t heard anybody comment that there’s anything bad about it. Just everyone’s like, Okay, now this now this exists and we have a framework that we can we can work with, and I know that we’re starved. The South is out now there just in the still in the feasibility phase.
00:54:52:22 – 00:55:14:14
Unknown
They’re still doing their environmental assessments that they’ll need to support planning and approvals. And I’m assuming that this legislation is, you know what they’re going to have to meet to get the approvals. So I know that they’re still yeah, that I think the earliest possible construction start date is 2025, and it’s not expected to come online until
00:55:14:23 – 00:55:30:08
Unknown
the end of the decade. So it’s a it’s a long time in the works. And I mean, I know offshore projects are always a bit complicated, but I I’m expecting that this is harder because it’s the first one and that, you know, once we’ve got this one, we can maybe bring more on line faster.
00:55:30:09 – 00:55:47:16
Unknown
I’ve been watching the Australi