Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Terence Liu, TXOne Networks: « The best thing that people can do is to help others. CISOS should reach out to other CISOs in the same industry »

June 2024 by Yelena Jangwa-Nedelec, Global Security Mag

We met with Terence Liu, co-founder and CEO of TXOne in Hannover, Germany.
An insightful conversation about OT Security and the gradual democratization of cybersecurity in the world.

Terence Liu, co-founder and CEO of TXOne

Global Security Mag: Could you first tell us who you are and why you created TXOne? What was your main goal when you created the company?

Terence Liu: I’m Terence Liu, CEO and co-founder of TXOne. The question I asked myself a few years ago was why is OT security important, and why are the physical solutions not able to address those security problems. And I think that is the main reason why we founded TXOne. A long time ago, people working in those environments were isolated and air-gapped, and there were no search entries for cybersecurity and OT. However, people talked a lot about Industry 4.0, which, I believe, was mainly originated here, in Germany. It is all about a convergence between IT and OT. By analysing the collected data and the data generated from machines, we will be able to learn from them, and improve the future of that ship, detect feedbacks earlier and do some predictions, even when the machine is out of order.

But if you think about it, once you have the data, you need to send it out for further analysis. Then comes the question, how come that OT is isolated? Well in fact, the OT is not isolated anymore. When you generate data, it doesn’t mean that the machine will be more intelligent than before. In order to generate those signals, the machine needs to be equipped with some operating system and with some applications, and with that intelligence, with that operating system and those network activities, the new machines nowadays are prone to cyber threats and that is why you need to protect them.

However, if you use ordinary IT cybersecurity products, you are using products which are not designed to fit into a variety of different environments in OT, right? So the product itself may disrupt the operation, and that defeats the whole process. If you think about antivirus products for example, they have been there for more than 30 years, and modern antivirus products are still powerful. But there is an assumption that the platform on which the antivirus product is running should work with a new operating system, like Windows 10 or 11, or with a powerful CPU. Still, when you install that antivirus product onto the OT machines, it’s sometimes not the case. You may be dealing with Windows XP, Windows 2000, or the CPU might also not be powerful enough. So when that CPU has to run in that anti-malware application, it could jeopardize the operation.

GSM: What got you into cybersecurity in the first place?

Terence Liu: Actually, my PhD Thesis was about cybersecurity, I have therefore been doing cybersecurity since I was a student. After I got my PhD degree, I became the CEO of a cybersecurity company. I then sold my company to a big cybersecurity giant named Trend Micro, and I led Trend Micro’s IoT security initiative before we co-founded our current TXOne team.

TXOne focused exclusively on IoT, because IoT could be everywhere, from your home, to your car and a lot of different things. We believe that the federal and pre-cooperative infrastructure operators are having more challenges with cybersecurity issues than just holding their ground. But that also means that we specialize the design, the product, the agents, again, from a variety of different environments. That is another reason why we founded TXOne.

GSM: Can you think of an adjective that would best describe your cybersecurity journey ?

Terence Liu: I would say new. The whole cybersecurity journey is new and is an evolving process. Back in 2000, in the beginning of cybersecurity, the global cybersecurity spending was between $2 billion to $3 billion, whereas last year, it was almost $180 billion. That topic is now not as niche as it was 20 years ago. When I first got into cybersecurity, it was one of the most niche topics of the whole IT, and people learned a lot along the journey. In the beginning, we were doing antivirus and firewall. It actually took more than 10 years for people to finally realize that prevention cannot be perfect. If the hacker tries longer, harder, eventually they find a way to the large operation. Then the question becomes, how can we be able to detect the hacker activities that will eventually hide themselves within the operation? And that is when, around 2011 and 2012, the feedback response became more and more popular. People nowadays think more like a pro-hacker.

If we can reduce the attack vector, we can have better risk management, have a healthier employment network, and then reduce the probability of damage. If you rewind a little bit, you actually should have a more healthy environment, prevent, and then detect something unpredictable. But it doesn’t happen that way, right? It happens more often like this:« let’s buy every product and software to block every bad threat ». I’m happy to apply what I learned in the last 20 to 25 years along the journey to OT security. There is a logical order, you need to have the visibility, you need to have the risk management, and understand your security costs in the beginning. And then you take care of standard hygiene, you try to have protection, prevention, to then you move on to the detection response on top. In my cyber journey, it took me around 27 years to realize that we were doing things in the wrong order this whole time and this time around with OT, we should do it right.

GSM: TXOne works in many different fields. What is your overall company strategy?

Terence Liu: Vertical play is the core of our strategy, it’s so critical to be successful in those fields, especially through the security context. We really have to face the fact that the OT environments are very different amongst the different sectors of different vertical play. If you think about the Industry 4.0, which is the largest industry as well, you have very expensive machines, and the environments are all air-conditioned. The whole process cannot be interrupted. If you interrupt the operation, you suffer huge losses. But with cars, for example, it is very different. You have cars that may need to be assembled, so if you shut down for like five minutes, they probably can still resume. But how about tires? It is a chemical process, thus uninterrupted. It is vital to deal with the challenges and requirements of the different environments in different sectors. Our angle at TXOne is to work with the leaders in each industry, as they cannot afford to fail. They pay more attention to the OT and cybersecurity problems, because it’s new. Whatever practices we put in place with them eventually becomes the best practice for that approach, because all the smaller firms in the same industry look up to the leaders and want to see what they do. They don’t want to be the first to try things out, in case it fails. And so TXOne’s strategy is to lead over the industrial leaders and to support them, to make sure they are successful, which is also the key to our success.

Nobody is going to shut down a hundred factories just for deploying TXOne solutions. We always start from a single production line or with the first production. And only when the deployment of the solution and the first production succeed, only then do people think about expansion to the next and to the next. We don’t want to just sell our product and then say goodbye to our customers. We work with our customers from beginning to end, trying to understand their environment and then support them to achieve a successful deployment of our solutions by working with them directly. Cybersecurity will then become their security guideline in their whole corporate environment, and they can subsequently elevate their cybersecurity posture. In IT, the cybersecurity officers make the deployment. They define the role of the cybersecurity strategy and then select the solution and deploy it. However, for OT security, supply chain security and product security, they need collaboration. Because for OT security for example, the CISO needs to work with a factory director, a factory manager and an asset monitor, so that the security solutions are really deployed onto the machine. Also, in terms of supply chain security, the CISO needs to work with the supplier to make sure that the supplier delivers a legitimate product and has to make sure that no virus comes in. Those processes and challenges are also new learnings for CISOs.

GSM: Mining and oil are complicated and controversial territories. Do you have an ethical guideline at TXOne? What are the ethical challenges that you might face?

Terence Liu: I think in the end, what we are trying to do is trying to find the hackers, the cyber criminals. State sponsors like us need to prevent them from doing big damage to the OT.
Because OT damage could also involve consequences on the environment and therefore, that is what we always strive to do instead of focusing on ethics.

GSM: What are you most proud of about TXOne?

Terence Liu: We are really helping people, and I think that the best thing that people can do is to help others. In many countries, even when people want to enhance their cybersecurity posture, their main problem is that they don’t have the tools to do it. They sometimes buy IT products but after deploying the products into IT, if the product causes a problem, they just stop the whole initiative. Most of the time, the person responsible for security, who is the only person taking care and understanding cybersecurity in the company, will hesitate to try again and will simply shut the door.

After developing and presenting the product to our customers, and after they have used our product, they can forget the bias present in their minds according to which cybersecurity is going to disrupt their operation. Then, once that fear is gone, they can sit down and think about what’s next and start to address their OT security issues more. This is the approach we use across the different industries with their different leaders.

At TXOne, as a pioneer in this segment, we can share our knowledge and expertise in other countries in many different industries. Those kinds of experiences bring us a bit closer to people, and that’s the thing we feel most proud of, and also feel happy about.

GSM: We talked about new challenges for CISOs earlier on, what would be your key message for CISOs?

Terence Liu: OT cybersecurity is something CISOs cannot overlook any more. I also think CISOS should be able to reach out to other CISOs in the same industry, because by helping each other, we become stronger.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts