1 00:00:00,400 --> 00:00:03,240 Speaker 1: This is Dana Perkins, and you're listening to Switched on 2 00:00:03,560 --> 00:00:04,720 Speaker 1: the BNF podcast. 3 00:00:05,040 --> 00:00:05,240 Speaker 2: Now. 4 00:00:05,280 --> 00:00:07,360 Speaker 1: I don't know about you, but it seems like all 5 00:00:07,360 --> 00:00:10,400 Speaker 1: of my friends are talking about AI lately. And among 6 00:00:10,480 --> 00:00:13,920 Speaker 1: the myriad of things to consider is cybersecurity. It's such 7 00:00:13,920 --> 00:00:16,000 Speaker 1: a hot topic, in fact, that it was even featured 8 00:00:16,040 --> 00:00:19,520 Speaker 1: in the most recent Mission Impossible film. But cybersecurity is 9 00:00:19,640 --> 00:00:22,440 Speaker 1: not a new topic, as will come to find, as 10 00:00:22,520 --> 00:00:25,439 Speaker 1: much of the world has an increasingly complex grid that 11 00:00:25,480 --> 00:00:28,240 Speaker 1: has evolved to become even smarter and more digital and 12 00:00:28,400 --> 00:00:31,800 Speaker 1: capable of optimizing energy use, which will prove helpful in 13 00:00:31,840 --> 00:00:35,199 Speaker 1: the race to net zero. These very additions themselves have 14 00:00:35,320 --> 00:00:40,040 Speaker 1: created new vulnerabilities which cyber attackers can exploit. So what 15 00:00:40,240 --> 00:00:42,640 Speaker 1: sort of damage can be caused by a cyber attack 16 00:00:42,720 --> 00:00:45,559 Speaker 1: on electric utility and can we protect them? And what 17 00:00:45,760 --> 00:00:49,720 Speaker 1: exactly is an air gapps. It's a computer or network 18 00:00:49,720 --> 00:00:53,880 Speaker 1: which is isolated from other networks for security reasons. Today, 19 00:00:54,040 --> 00:00:55,840 Speaker 1: instead of me telling you any more about it, I'm 20 00:00:55,920 --> 00:00:59,120 Speaker 1: joined by our Grids and Utilities team member Amanda al 21 00:00:59,360 --> 00:01:01,520 Speaker 1: She's going to discuss some of the findings from her 22 00:01:01,600 --> 00:01:06,800 Speaker 1: recent report called Guarding the Grid Utilities Fortify cyber defenses. Together, 23 00:01:07,080 --> 00:01:10,240 Speaker 1: we discuss the different forms a cyber attack can take, 24 00:01:10,440 --> 00:01:13,920 Speaker 1: the motivations behind these attacks, and the scale of damage 25 00:01:13,920 --> 00:01:16,640 Speaker 1: that can be caused, as well as the costs involved 26 00:01:16,640 --> 00:01:19,640 Speaker 1: in fixing them, and to ward off attacks. Can anything 27 00:01:19,720 --> 00:01:23,039 Speaker 1: be done at the government level to beef up cybersecurity. 28 00:01:23,280 --> 00:01:25,600 Speaker 1: We assess some of the policies countries have put in 29 00:01:25,640 --> 00:01:29,800 Speaker 1: place to strengthen cybersecurity in both the public and private sectors, 30 00:01:30,040 --> 00:01:34,200 Speaker 1: and the marketplace for companies offering grid security. And finally, 31 00:01:34,440 --> 00:01:37,240 Speaker 1: what does the future of grid security look like? As 32 00:01:37,240 --> 00:01:40,679 Speaker 1: we enter an era of AI and quantum computing with 33 00:01:40,840 --> 00:01:45,080 Speaker 1: even greater computing capabilities, also comes some potential threats and 34 00:01:45,160 --> 00:01:47,319 Speaker 1: are there measures that can be put in place to 35 00:01:47,440 --> 00:01:51,840 Speaker 1: combat these even more complex attacks. To access Amanda's report, 36 00:01:51,960 --> 00:01:55,040 Speaker 1: BADF subscribers can find it at BNF dot com, on 37 00:01:55,120 --> 00:01:57,800 Speaker 1: benf Go, on the Bloomberg terminal, or on the BNF 38 00:01:57,840 --> 00:02:00,360 Speaker 1: mobile app. If you like this podcast, make sure to 39 00:02:00,400 --> 00:02:03,120 Speaker 1: subscribe and you'll receive an update when a future episode 40 00:02:03,200 --> 00:02:05,080 Speaker 1: is published. And if you give us a review or 41 00:02:05,080 --> 00:02:08,240 Speaker 1: a rating on Apple Podcasts or Spotify, it'll make us 42 00:02:08,280 --> 00:02:11,079 Speaker 1: more discoverable by others. But right now, let's jump into 43 00:02:11,080 --> 00:02:24,520 Speaker 1: our conversation with Amanda. Amanda, thank you very much for 44 00:02:24,600 --> 00:02:25,800 Speaker 1: joining switched on today. 45 00:02:25,960 --> 00:02:26,800 Speaker 2: Thanks for having me. 46 00:02:27,120 --> 00:02:29,720 Speaker 1: So today we're going to talk about grid security. What's 47 00:02:29,760 --> 00:02:32,360 Speaker 1: at stake here? What is the worst case scenario? 48 00:02:32,800 --> 00:02:37,000 Speaker 2: So, I mean utilities are really integrating more and more 49 00:02:37,120 --> 00:02:41,440 Speaker 2: digital technologies, meaning that they're investing in more technologies like 50 00:02:41,520 --> 00:02:46,399 Speaker 2: sensors and creating digital models of the grid and investing 51 00:02:46,400 --> 00:02:50,120 Speaker 2: in communication technologies. And as they do that, it means 52 00:02:50,160 --> 00:02:52,680 Speaker 2: that first of all, the grid is getting the eyes, 53 00:02:52,760 --> 00:02:55,640 Speaker 2: the brain, and the sense that it needs to act efficiently. 54 00:02:55,880 --> 00:02:58,760 Speaker 2: By at the same time, integrating all these new technologies 55 00:02:59,000 --> 00:03:02,920 Speaker 2: which have in at access means that it's increasing the 56 00:03:02,919 --> 00:03:06,920 Speaker 2: potential cyber attack service of the power system. And with 57 00:03:07,040 --> 00:03:10,160 Speaker 2: this new link with the Internet, it basically means that 58 00:03:10,280 --> 00:03:15,680 Speaker 2: cyber thread actors could potentially access physical grid infrastructure, leading 59 00:03:15,680 --> 00:03:18,200 Speaker 2: to damages, leading even to power outages. 60 00:03:18,760 --> 00:03:22,800 Speaker 1: So we're most concerned about blackouts maybe citywide, statewide, Like 61 00:03:23,080 --> 00:03:26,360 Speaker 1: what scale would the worst case scenario be? And I 62 00:03:26,400 --> 00:03:29,200 Speaker 1: guess the follow on to that is really how connected 63 00:03:29,480 --> 00:03:31,760 Speaker 1: is it? Is it all of the grids across the US, 64 00:03:31,880 --> 00:03:35,600 Speaker 1: barring or cut that are all connected. You know how 65 00:03:35,640 --> 00:03:38,520 Speaker 1: big could a problem be if there was a cyber 66 00:03:38,560 --> 00:03:41,040 Speaker 1: attack they got in If we're specifically focused for this 67 00:03:41,120 --> 00:03:43,320 Speaker 1: question on power outages. 68 00:03:43,200 --> 00:03:45,280 Speaker 2: I mean, that's really hard to say, because what we 69 00:03:45,360 --> 00:03:48,200 Speaker 2: know right now is that there is malware out there 70 00:03:48,360 --> 00:03:53,200 Speaker 2: that could specifically target technologies on the grid, like substations 71 00:03:53,280 --> 00:03:57,360 Speaker 2: or other kind of operational technologies. So I mean, hypothetically 72 00:03:57,720 --> 00:04:00,280 Speaker 2: a cyber attack could maybe take out and an ore 73 00:04:00,600 --> 00:04:06,160 Speaker 2: utilities network. Hypothetically, I'm just saying, but I mean, of course, 74 00:04:06,240 --> 00:04:09,320 Speaker 2: utilities are investing in new cybersecurity technologies to make sure 75 00:04:09,440 --> 00:04:12,880 Speaker 2: that doesn't happen. But potentially the more and moral malware 76 00:04:12,920 --> 00:04:16,120 Speaker 2: coming out that can target power systems means that this 77 00:04:16,200 --> 00:04:18,839 Speaker 2: could lead to outages across utilities. 78 00:04:19,120 --> 00:04:22,400 Speaker 1: So outages and then you also reference the damage to equipment. 79 00:04:22,440 --> 00:04:26,440 Speaker 1: So is that one way of targeting or using malware 80 00:04:26,560 --> 00:04:28,919 Speaker 1: is to actually cause maybe a piece of equipment to 81 00:04:28,960 --> 00:04:34,080 Speaker 1: malfunction and to actually cause very expensive damage to critical infrastructure. 82 00:04:34,400 --> 00:04:38,320 Speaker 2: Yeah, exactly. So there's one example. There's a kind of 83 00:04:38,360 --> 00:04:42,960 Speaker 2: malware called crash override, also known as in destroyer. I 84 00:04:43,000 --> 00:04:44,760 Speaker 2: love these names that're kind of funny, but what they 85 00:04:44,839 --> 00:04:48,160 Speaker 2: do is really not funny. For example, crash override was 86 00:04:48,320 --> 00:04:52,159 Speaker 2: used actually used in an attack on Ukraine's grid in 87 00:04:52,240 --> 00:04:57,080 Speaker 2: twenty sixteen. And this malware basically took and codified, meaning 88 00:04:57,120 --> 00:05:00,400 Speaker 2: put into code knowledge of how control systems work, so 89 00:05:00,440 --> 00:05:03,640 Speaker 2: the control system for substations, how they work, and then 90 00:05:03,800 --> 00:05:07,279 Speaker 2: use this to shut down the substation in Kiev. And 91 00:05:07,320 --> 00:05:10,080 Speaker 2: this was one substation. But the scary thing is that 92 00:05:10,160 --> 00:05:13,080 Speaker 2: cybersecurity professionals here thing that this could have been a 93 00:05:13,120 --> 00:05:16,320 Speaker 2: proof of concept since not all of this malwar's functions 94 00:05:16,320 --> 00:05:19,160 Speaker 2: were used. So if this is not on a larger scale, 95 00:05:19,240 --> 00:05:22,159 Speaker 2: it can really damage the grid and of course impact 96 00:05:22,279 --> 00:05:24,120 Speaker 2: people that depend on electricity. 97 00:05:24,600 --> 00:05:27,080 Speaker 1: So let's talk a little bit about the olden days 98 00:05:27,080 --> 00:05:30,480 Speaker 1: when the grid was not connected and things were much simpler. 99 00:05:30,680 --> 00:05:35,400 Speaker 1: Technology hasn't just spreaded immediately. Over time, systems have gotten 100 00:05:35,560 --> 00:05:39,279 Speaker 1: more sophisticated, and there used to be security measures built 101 00:05:39,279 --> 00:05:41,560 Speaker 1: into the way that it was designed. Can you talk 102 00:05:41,560 --> 00:05:43,359 Speaker 1: a little bit about how the grid used to be 103 00:05:43,400 --> 00:05:47,359 Speaker 1: designed and really what precipitated such a dramatic change to 104 00:05:47,360 --> 00:05:48,600 Speaker 1: make everything interconnected. 105 00:05:49,120 --> 00:05:52,279 Speaker 2: I mean, originally the text structure of the grid or 106 00:05:52,279 --> 00:05:54,320 Speaker 2: the digital tech structure of the grid was based on 107 00:05:54,600 --> 00:05:58,960 Speaker 2: two main elements so it's informational technology and operational technology 108 00:05:59,040 --> 00:06:01,800 Speaker 2: or IT and OT, so for IT think things like 109 00:06:01,920 --> 00:06:06,200 Speaker 2: file management, emails, internet, and for OT. These are the 110 00:06:06,240 --> 00:06:10,119 Speaker 2: technologies that monitor and physically control power equipment on the grid, 111 00:06:10,200 --> 00:06:13,760 Speaker 2: like substations. And originally these were kept separate because you know, 112 00:06:13,800 --> 00:06:16,880 Speaker 2: if OT, like a substation or circuit breakers on the 113 00:06:16,880 --> 00:06:20,120 Speaker 2: grid were compromised, then it could result in power outages. 114 00:06:20,400 --> 00:06:24,200 Speaker 2: So keeping IT and OT separate was the OG, like 115 00:06:24,240 --> 00:06:27,680 Speaker 2: the original kind of cybersecurity mechanism for the power system 116 00:06:27,800 --> 00:06:31,200 Speaker 2: to ensure a hack in it would not impact the 117 00:06:31,200 --> 00:06:34,560 Speaker 2: physical grid. But I mean now we're seeing utilities are 118 00:06:34,560 --> 00:06:37,760 Speaker 2: digitalizing at a rapid pace. And what I mean by 119 00:06:37,800 --> 00:06:41,960 Speaker 2: digitalizing is that, as mentioned earlier, the grid is integrated 120 00:06:42,040 --> 00:06:46,000 Speaker 2: news technologies like sensors and analytics software to access and 121 00:06:46,080 --> 00:06:49,279 Speaker 2: analyze data from the power system to help run this 122 00:06:49,360 --> 00:06:52,680 Speaker 2: physical infrastructure more efficiently. So this is great, you know 123 00:06:52,760 --> 00:06:55,360 Speaker 2: if you think about efficiency, But this also means we're 124 00:06:55,360 --> 00:06:58,680 Speaker 2: integrating IT and OT. So with this new link between 125 00:06:58,839 --> 00:07:03,080 Speaker 2: information technology and operational technology, if a cyber thread actor 126 00:07:03,160 --> 00:07:05,480 Speaker 2: hacks into an IT system, you know a simple thing 127 00:07:05,520 --> 00:07:07,840 Speaker 2: like a phishing email, it might be able to move 128 00:07:07,920 --> 00:07:11,880 Speaker 2: laterally and access ot networks and really cause damage to 129 00:07:11,920 --> 00:07:13,080 Speaker 2: the grid like we've been seeing. 130 00:07:13,400 --> 00:07:15,640 Speaker 1: So we talked a little bit about the olden days 131 00:07:15,640 --> 00:07:18,880 Speaker 1: of the grid when things weren't as interconnected, and there 132 00:07:18,960 --> 00:07:21,680 Speaker 1: is some brilliance in that simplicity in that. 133 00:07:22,000 --> 00:07:22,560 Speaker 2: Is there a. 134 00:07:22,480 --> 00:07:25,760 Speaker 1: Move to in some way make these grids a little 135 00:07:25,760 --> 00:07:29,080 Speaker 1: bit isolated from one another to actually minimize the risk. 136 00:07:29,240 --> 00:07:32,040 Speaker 1: I know that there's a lot to gain in terms 137 00:07:32,120 --> 00:07:35,080 Speaker 1: of efficiency and reducing waste when we have a much 138 00:07:35,120 --> 00:07:38,040 Speaker 1: more connected grid. And we're all familiar with these terms 139 00:07:38,040 --> 00:07:40,920 Speaker 1: connected grids, smart grid, and actually even the rise of 140 00:07:40,960 --> 00:07:43,800 Speaker 1: new business models like virtual power plants. But is there 141 00:07:44,040 --> 00:07:47,000 Speaker 1: a space for grids to not be connected with one 142 00:07:47,000 --> 00:07:50,440 Speaker 1: another and to have a series of non connected units 143 00:07:50,720 --> 00:07:53,600 Speaker 1: that you know, the connectivity essentially ends somewhere, And is 144 00:07:53,640 --> 00:07:57,200 Speaker 1: there thought being given to how connected is to connected? 145 00:07:58,640 --> 00:08:02,560 Speaker 2: That's a good question. I think that it would be 146 00:08:02,680 --> 00:08:06,520 Speaker 2: very difficult not to have connected grids because we need 147 00:08:06,960 --> 00:08:10,480 Speaker 2: both ram above and distribution grids and transmission grids and 148 00:08:10,760 --> 00:08:16,080 Speaker 2: interconnection among these grids to support a broader sustainable energy transition. 149 00:08:16,360 --> 00:08:19,280 Speaker 2: So I think what we need to do is understand 150 00:08:19,360 --> 00:08:22,280 Speaker 2: that the power grid is getting more and more access 151 00:08:22,480 --> 00:08:26,080 Speaker 2: to distributed energy resources such as evs such as roofs 152 00:08:26,120 --> 00:08:29,800 Speaker 2: of solar and batteries that are connected to the distribution grid, 153 00:08:29,800 --> 00:08:32,959 Speaker 2: which are connected to the transmission grid, which are communicating 154 00:08:33,000 --> 00:08:35,400 Speaker 2: more and more with one another to help balance the 155 00:08:35,440 --> 00:08:40,000 Speaker 2: overall power system. And as more of these decentralized energy 156 00:08:40,040 --> 00:08:44,679 Speaker 2: resources come online, the cybersecurity of power systems also needs 157 00:08:44,679 --> 00:08:48,880 Speaker 2: to reflect or mirror increasingly decentralized nature of the power 158 00:08:48,960 --> 00:08:51,320 Speaker 2: system as well. Because it's happening, We're seeing a lot 159 00:08:51,360 --> 00:08:54,080 Speaker 2: more virtual power plan projects. We're seeing a lot of 160 00:08:54,120 --> 00:08:58,280 Speaker 2: more distribe engry resources come online. So of course some 161 00:08:58,520 --> 00:09:01,640 Speaker 2: grids might like for example, microgrids, they can be islanded 162 00:09:01,679 --> 00:09:04,400 Speaker 2: when need be. But what we're seeing is that a 163 00:09:04,440 --> 00:09:07,760 Speaker 2: broader focus on coordinating the broader power system. 164 00:09:08,160 --> 00:09:11,160 Speaker 1: Now, cyber attacks are something that are probably not new 165 00:09:11,200 --> 00:09:13,440 Speaker 1: to any of us. We all think about phishing emails 166 00:09:13,480 --> 00:09:15,520 Speaker 1: when we think about our own inbox. And what I 167 00:09:15,559 --> 00:09:19,480 Speaker 1: want to know is how much of the focus I 168 00:09:19,520 --> 00:09:22,640 Speaker 1: guess on these cyber criminals is on the energy system. 169 00:09:22,760 --> 00:09:24,200 Speaker 1: And is this a big thing for us to be 170 00:09:24,200 --> 00:09:24,800 Speaker 1: worried about. 171 00:09:24,960 --> 00:09:29,679 Speaker 2: I mean, short answer, yes, Unfortunately, that's exactly what we're 172 00:09:29,720 --> 00:09:33,319 Speaker 2: seeing is that cyber attacks on utilities are on the rise, 173 00:09:33,800 --> 00:09:38,240 Speaker 2: and the frequency of cyber attacks on utilities are reaching 174 00:09:38,320 --> 00:09:42,160 Speaker 2: even new very high levels. And this is because as 175 00:09:42,200 --> 00:09:45,320 Speaker 2: we digitalize the power system and connecting more and more 176 00:09:45,400 --> 00:09:49,040 Speaker 2: connected resources. Connecting mean that they're connected to the internet, 177 00:09:49,200 --> 00:09:51,920 Speaker 2: it means that the cyber attacks surface of the power 178 00:09:51,920 --> 00:09:54,800 Speaker 2: system is growing and because of that, we're seeing more 179 00:09:54,960 --> 00:09:59,240 Speaker 2: cyber attacks. So the frequency of cyber attacks on utilities 180 00:09:59,280 --> 00:10:02,440 Speaker 2: we saw reach very high levels during the pandemic and 181 00:10:02,520 --> 00:10:05,880 Speaker 2: part driven by more remote work and cyber attacks have 182 00:10:05,920 --> 00:10:09,400 Speaker 2: also been increasing since the war in Ukraine, potentially because 183 00:10:09,400 --> 00:10:12,559 Speaker 2: this is allowing threat actors to showcase their cyber war 184 00:10:12,600 --> 00:10:16,559 Speaker 2: for techniques. So it's clear that this geopolitical and social 185 00:10:16,600 --> 00:10:20,560 Speaker 2: issues and upheaval usually leads to an increase in cyber attacks, 186 00:10:20,840 --> 00:10:23,960 Speaker 2: and this seems to indicate that the energy sector really 187 00:10:24,040 --> 00:10:26,600 Speaker 2: is becoming more and more of a target. For example, 188 00:10:26,640 --> 00:10:29,320 Speaker 2: according to the data from IBM, the energy sector for 189 00:10:29,400 --> 00:10:32,760 Speaker 2: about eleven percent of the total global number of cyber 190 00:10:32,800 --> 00:10:36,160 Speaker 2: attacks IBM tracked in twenty twenty two, which is higher 191 00:10:36,200 --> 00:10:38,960 Speaker 2: than the sector's pre pandemic levels of about six percent, 192 00:10:39,360 --> 00:10:43,400 Speaker 2: and North America in particular has been the most targeted 193 00:10:43,440 --> 00:10:46,439 Speaker 2: region for attacks, according to this data on energy firms 194 00:10:46,480 --> 00:10:47,839 Speaker 2: over the past two years. 195 00:10:48,280 --> 00:10:52,720 Speaker 1: What happens after a cyber attack? Do the consequences include 196 00:10:53,040 --> 00:10:56,120 Speaker 1: needing to as you referenced, know if something gets broken, 197 00:10:56,200 --> 00:10:59,520 Speaker 1: repairing kit or is this a conversation around actually being 198 00:10:59,559 --> 00:11:02,360 Speaker 1: held round because that happens sometimes as well, where they 199 00:11:02,400 --> 00:11:05,440 Speaker 1: won't release your system until you've paid a certain amount 200 00:11:05,480 --> 00:11:08,679 Speaker 1: to the cyber criminal. What happens and how do these 201 00:11:08,679 --> 00:11:13,120 Speaker 1: companies respond to these attacks when something does go wrong? 202 00:11:13,440 --> 00:11:16,320 Speaker 2: Yeah, I mean a cyber attack can make many things 203 00:11:16,360 --> 00:11:20,199 Speaker 2: go wrong, from money being lost due to just downtime 204 00:11:20,280 --> 00:11:22,880 Speaker 2: of the power system, to having to pay off ransomware, 205 00:11:23,120 --> 00:11:26,480 Speaker 2: to potentially having to pay fines because the cyber attack 206 00:11:26,600 --> 00:11:29,760 Speaker 2: was caused by some kind of non compliance with regulation, 207 00:11:30,240 --> 00:11:33,440 Speaker 2: or you know, fixing or repairing damage equipment. We've seen 208 00:11:33,480 --> 00:11:36,800 Speaker 2: that Also, IBM estimates the global average cost of a 209 00:11:36,920 --> 00:11:42,440 Speaker 2: data breach, which means just accessing illegitimate access of confidential data. 210 00:11:42,600 --> 00:11:44,600 Speaker 2: They're saying the global average cost of a data reach, 211 00:11:44,720 --> 00:11:48,320 Speaker 2: specifically for the energy sector, has reached nearly five million dollars, 212 00:11:48,559 --> 00:11:52,600 Speaker 2: and this is because actually identifying and dealing with those 213 00:11:52,640 --> 00:11:56,400 Speaker 2: reaches is getting costlier and taking longer because honestly, these 214 00:11:56,400 --> 00:11:59,440 Speaker 2: cyber thread actors are getting more and more sophisticated in 215 00:11:59,480 --> 00:12:03,880 Speaker 2: their techniques. At the same time, there's more technologies and 216 00:12:04,000 --> 00:12:07,640 Speaker 2: services coming out specifically to respond to these attacks, so 217 00:12:07,720 --> 00:12:13,240 Speaker 2: incident response technologies that includes both services like some companies 218 00:12:13,320 --> 00:12:17,800 Speaker 2: like Drego's offer services like playbooks, which are basically lists 219 00:12:17,840 --> 00:12:21,840 Speaker 2: of action items for specific cyber attacks that a company 220 00:12:22,000 --> 00:12:25,400 Speaker 2: can do, and Dregos is specifically focused again on operational 221 00:12:25,440 --> 00:12:28,720 Speaker 2: technologies such as in the grid. So other than services, 222 00:12:28,800 --> 00:12:32,000 Speaker 2: there's also startups and companies coming out with new technology 223 00:12:32,120 --> 00:12:36,200 Speaker 2: to support and even automate incident response. So, for example, 224 00:12:36,240 --> 00:12:39,880 Speaker 2: there's a technology or group of technologies called SORE like 225 00:12:40,040 --> 00:12:47,040 Speaker 2: Fly in all caps, which means Security Orchestration, Automation and Response, 226 00:12:47,480 --> 00:12:51,760 Speaker 2: which uses basically AI algorithms to help both detect and 227 00:12:51,880 --> 00:12:55,359 Speaker 2: automate some of the response to actual cyber incidents. 228 00:12:55,920 --> 00:12:59,360 Speaker 1: So there are new companies that are seeing this vulnerability 229 00:12:59,440 --> 00:13:02,920 Speaker 1: and fire a way to really help utilities figure this out. 230 00:13:03,000 --> 00:13:06,600 Speaker 1: But surely it's not all coming from startups looking to 231 00:13:06,920 --> 00:13:10,320 Speaker 1: strategically fix these problems. I would assume that the utilities 232 00:13:10,320 --> 00:13:14,120 Speaker 1: themselves are invading in various ways to protect themselves. What 233 00:13:14,320 --> 00:13:17,600 Speaker 1: is happening with the utilities and what other I guess 234 00:13:17,600 --> 00:13:21,880 Speaker 1: domestically grown technologies or responses are they then turning to 235 00:13:22,040 --> 00:13:23,839 Speaker 1: in order to secure their grid. 236 00:13:24,200 --> 00:13:28,400 Speaker 2: What we've been seeing really is that utilities are spending 237 00:13:28,440 --> 00:13:33,120 Speaker 2: more on cybersecurity and developing their own cybersecurity strategies, especially 238 00:13:33,120 --> 00:13:38,760 Speaker 2: the larger utilities. So basically that involves one developing business practices. 239 00:13:39,200 --> 00:13:44,240 Speaker 2: So that's things like growing security teams, having cybersecurity expertise 240 00:13:44,400 --> 00:13:49,920 Speaker 2: on board levels, and also running annual incident response practices, 241 00:13:50,000 --> 00:13:53,680 Speaker 2: kind of running hypothetical cyber attacks that might happen on 242 00:13:53,960 --> 00:13:57,640 Speaker 2: the utility and have the security teams actually practice what 243 00:13:57,679 --> 00:14:01,960 Speaker 2: they would do in that situation. That's the business evolutions side. 244 00:14:02,000 --> 00:14:04,480 Speaker 2: There's also a lot of new investments coming out of 245 00:14:04,600 --> 00:14:07,319 Speaker 2: utilities on cybersecurity. You know, what we're seeing is that 246 00:14:07,400 --> 00:14:10,760 Speaker 2: spending is on the rise on cyber For example, in 247 00:14:10,800 --> 00:14:13,960 Speaker 2: the US, we've seen that utility is a spending more 248 00:14:14,000 --> 00:14:19,520 Speaker 2: in terms of capital expenditure on cybersecurity, specifically operational technology security. 249 00:14:19,640 --> 00:14:23,640 Speaker 2: So for example, Southern California Edison or see their capex 250 00:14:23,720 --> 00:14:27,760 Speaker 2: on cybersecurity, Rose about two thirds from sixty million USD 251 00:14:27,840 --> 00:14:30,520 Speaker 2: in twenty twenty to nearly one hundred and ten million 252 00:14:30,760 --> 00:14:32,960 Speaker 2: in twenty twenty one. And that was kind of driven 253 00:14:33,000 --> 00:14:37,120 Speaker 2: by their grid modernization program to make sure that their 254 00:14:37,120 --> 00:14:41,000 Speaker 2: grid technologies really are cybersecurity. And you know, we're BNS, 255 00:14:41,000 --> 00:14:43,160 Speaker 2: so we had to quench the numbers. And we found 256 00:14:43,160 --> 00:14:46,560 Speaker 2: that in the US, be calculated that the annual cybersecurity 257 00:14:46,560 --> 00:14:51,560 Speaker 2: capex for utilities is likely already one billion US dollars, 258 00:14:51,960 --> 00:14:55,880 Speaker 2: with the average share of capex allocation usually around one percent. 259 00:14:56,240 --> 00:14:58,120 Speaker 2: And I mean, of course this might be higher or 260 00:14:58,120 --> 00:15:01,160 Speaker 2: lower by utility, but this real isn't a small number, 261 00:15:01,280 --> 00:15:04,280 Speaker 2: and it is likely to grow, we think as well. 262 00:15:04,320 --> 00:15:07,920 Speaker 2: One regulations get more strict and two when, if, and 263 00:15:07,960 --> 00:15:09,840 Speaker 2: when cyber attacks grow so. 264 00:15:09,960 --> 00:15:12,440 Speaker 1: Much like you can't drive a car without insurance in 265 00:15:12,560 --> 00:15:15,840 Speaker 1: many parts of the world, is there an obligation illegal 266 00:15:15,920 --> 00:15:20,920 Speaker 1: obligation in some countries for cybersecurity to be in place 267 00:15:21,200 --> 00:15:24,400 Speaker 1: because nobody wants blackouts, least of which the company is 268 00:15:24,440 --> 00:15:28,360 Speaker 1: operating the grid and also the power providers. But are 269 00:15:28,600 --> 00:15:30,120 Speaker 1: governments getting involved? 270 00:15:30,320 --> 00:15:32,560 Speaker 2: The US really is leading the way in terms of 271 00:15:32,600 --> 00:15:36,560 Speaker 2: regulation and standards for cybersecurity specifically in the power sector. 272 00:15:36,720 --> 00:15:39,640 Speaker 2: And I think that's potentially because cybersecurity has been seen 273 00:15:39,680 --> 00:15:42,400 Speaker 2: as a matter of national security for a while now. 274 00:15:42,800 --> 00:15:45,480 Speaker 2: And for example, in two thousand and eight, the North 275 00:15:45,480 --> 00:15:51,280 Speaker 2: American Electric Reliability Corporation NERK came out with mandatory standards 276 00:15:51,280 --> 00:15:55,160 Speaker 2: for critical infrastructure protection called NIRKSIP. Sorry a lot of 277 00:15:55,200 --> 00:15:58,960 Speaker 2: acronyms there, for both physical security and cybersecurity of the 278 00:15:59,000 --> 00:16:02,840 Speaker 2: bulk electric system. And bulk electric system here refers basically 279 00:16:02,880 --> 00:16:06,280 Speaker 2: to the transmission grid, so violations of these standards can 280 00:16:06,320 --> 00:16:08,880 Speaker 2: result in fines of up to one million dollars per 281 00:16:09,000 --> 00:16:12,480 Speaker 2: day per violation. But while the US has been kind 282 00:16:12,520 --> 00:16:16,080 Speaker 2: of leading the charge in cybersecurity regulation and policy, I 283 00:16:16,080 --> 00:16:20,280 Speaker 2: think also Europe is catching up. Originally, the European Union 284 00:16:20,320 --> 00:16:24,440 Speaker 2: couldn't really impose strong regulations for power system cybersecurity because 285 00:16:24,560 --> 00:16:28,160 Speaker 2: issues like cybersecurity are really related to national security, and 286 00:16:28,200 --> 00:16:31,120 Speaker 2: I think countries don't really appreciate when you meddle into 287 00:16:31,640 --> 00:16:35,240 Speaker 2: matters of national security, so it was difficult to do that. However, 288 00:16:35,440 --> 00:16:39,000 Speaker 2: as cybersecurity is becoming more of an issue, and also 289 00:16:39,240 --> 00:16:41,560 Speaker 2: I mean, we have a bunch of grid interconnections among 290 00:16:41,640 --> 00:16:44,960 Speaker 2: European countries, which means a cyber attack in one country 291 00:16:45,040 --> 00:16:48,080 Speaker 2: might affect another country. The EU is stepping up their 292 00:16:48,080 --> 00:16:51,320 Speaker 2: cybersecurity directives as well, and the biggest thing there right 293 00:16:51,360 --> 00:16:55,200 Speaker 2: now we're seeing is the Network and Information Security Directive 294 00:16:55,480 --> 00:16:59,120 Speaker 2: or NIS number two, which is an update of that directive, 295 00:16:59,680 --> 00:17:04,199 Speaker 2: which basically calls for essential entities which includes grids, to 296 00:17:04,400 --> 00:17:07,040 Speaker 2: ramp up their cybersecurity measures. And there's a lot of 297 00:17:07,080 --> 00:17:10,000 Speaker 2: fines there too, and it has to requires member states 298 00:17:10,000 --> 00:17:12,920 Speaker 2: to basically set a maximum fine of at least ten 299 00:17:12,920 --> 00:17:16,080 Speaker 2: million euros, which is about ten point six million dollars 300 00:17:16,440 --> 00:17:19,639 Speaker 2: or two percent of their global annual revenue, whichever is 301 00:17:19,680 --> 00:17:22,080 Speaker 2: higher if they fail to comply. So I think the 302 00:17:22,119 --> 00:17:24,720 Speaker 2: European Union is also ramping up regulation here. 303 00:17:25,840 --> 00:17:28,320 Speaker 1: Now you're only as strong as your weakest link. Is 304 00:17:28,359 --> 00:17:32,720 Speaker 1: there a specific part of the network that is most vulnerable? 305 00:17:32,760 --> 00:17:36,640 Speaker 1: And how do most of these problems actually get in? 306 00:17:37,160 --> 00:17:40,119 Speaker 1: Is it malware connected to an email or is it 307 00:17:40,160 --> 00:17:43,640 Speaker 1: something else? Is it our smart refrigerators or the electric 308 00:17:43,720 --> 00:17:47,240 Speaker 1: vehicles connected to the grid directly, where are the biggest vulnerabilities? 309 00:17:47,560 --> 00:17:51,240 Speaker 2: I mean, based on what I've seen, most cyber attacks 310 00:17:51,320 --> 00:17:55,640 Speaker 2: on utilities are still the regular ones, So phishing or 311 00:17:55,680 --> 00:17:59,960 Speaker 2: through public facing applications or through websites and stuff like that. 312 00:18:00,600 --> 00:18:03,760 Speaker 2: But as we get more and more distributed enjury resources 313 00:18:03,800 --> 00:18:08,359 Speaker 2: connect to the grid, like electric vehicles, smart meters, even 314 00:18:08,400 --> 00:18:11,320 Speaker 2: air conditioning units are becoming smart nowadays and can give 315 00:18:11,400 --> 00:18:14,560 Speaker 2: and take electricity from the paragrid, it means that we're 316 00:18:14,600 --> 00:18:18,080 Speaker 2: getting more and more end points connecting to the paragrid 317 00:18:18,119 --> 00:18:20,879 Speaker 2: which are also connected to the Internet. And this means 318 00:18:20,880 --> 00:18:25,479 Speaker 2: that honestly, utilities networks are becoming far more complex than 319 00:18:25,480 --> 00:18:27,560 Speaker 2: they used to be and have far more endpoints than 320 00:18:27,600 --> 00:18:32,120 Speaker 2: they used to be, which means that having regular firewalls. 321 00:18:32,200 --> 00:18:34,560 Speaker 2: I think when we think about cybersecurity, right we think 322 00:18:34,560 --> 00:18:37,760 Speaker 2: about traditional firewalls, which are basically like putting a giant 323 00:18:37,760 --> 00:18:41,520 Speaker 2: fence around your corporate network. That's really not enough anymore 324 00:18:41,520 --> 00:18:43,680 Speaker 2: as we have more and more of these endpoints flooding 325 00:18:43,960 --> 00:18:47,720 Speaker 2: utilities network, So that's really calling for new sets of 326 00:18:47,920 --> 00:18:53,120 Speaker 2: cybersecurity technologies down to the actual endpoints, specific security measures 327 00:18:53,160 --> 00:18:56,760 Speaker 2: for these distributed energy resources and within the network. 328 00:18:57,119 --> 00:18:58,800 Speaker 1: So if I had to break this down in its 329 00:18:58,800 --> 00:19:02,679 Speaker 1: simplest sense, it is a system that is connected to 330 00:19:03,160 --> 00:19:06,000 Speaker 1: the electrical grid and in some way is trying to 331 00:19:06,400 --> 00:19:09,800 Speaker 1: decide whether or not it pulls electricity or it stops 332 00:19:09,800 --> 00:19:13,520 Speaker 1: pulling electricity based on what it's getting in terms of 333 00:19:13,720 --> 00:19:17,360 Speaker 1: data from that grid, regarding perhaps peak demand at that time, 334 00:19:17,480 --> 00:19:20,080 Speaker 1: in power prices or whatever that input is. What I'm 335 00:19:20,119 --> 00:19:23,280 Speaker 1: wondering is with these firewalls that exist, those that are 336 00:19:23,320 --> 00:19:26,639 Speaker 1: trying to break into the network, is it that the 337 00:19:26,960 --> 00:19:31,159 Speaker 1: network inherently has vulnerabilities and they find those? And this 338 00:19:31,240 --> 00:19:35,560 Speaker 1: raises the question of AI and an increasingly smart computer 339 00:19:35,600 --> 00:19:38,480 Speaker 1: system that can go through a number of permutations very 340 00:19:38,520 --> 00:19:42,840 Speaker 1: quickly and find those vulnerabilities versus when human being and 341 00:19:42,960 --> 00:19:46,280 Speaker 1: mistakes do happen, responds to as you mentioned, phishing and 342 00:19:46,520 --> 00:19:50,119 Speaker 1: essentially allows that vulnerability to happen because they made a mistake. 343 00:19:50,320 --> 00:19:52,480 Speaker 1: I would expect that both of these exist, and you 344 00:19:52,520 --> 00:19:55,240 Speaker 1: said the vast majority are coming from fishing right now. 345 00:19:55,480 --> 00:19:58,680 Speaker 1: My question there lies, do we think that first scenario 346 00:19:59,040 --> 00:20:01,439 Speaker 1: that I went through the w and where AI and 347 00:20:01,520 --> 00:20:05,360 Speaker 1: locating those vulnerabilities without being aided by someone like myself 348 00:20:05,400 --> 00:20:08,600 Speaker 1: clicking on the wrong thing, is that something that we 349 00:20:08,680 --> 00:20:10,560 Speaker 1: additionally need to think about in the future. 350 00:20:10,880 --> 00:20:13,879 Speaker 2: Phishing is one that we know of for now, but 351 00:20:14,440 --> 00:20:17,840 Speaker 2: I think as we have more resources connecting to the grid, 352 00:20:18,040 --> 00:20:21,600 Speaker 2: we have more entry points for cyber attackers. So, for example, 353 00:20:21,600 --> 00:20:25,119 Speaker 2: if we think about electric vehicles, even though a utility 354 00:20:25,359 --> 00:20:28,239 Speaker 2: has its own set of cybersecurity measures, it needs to 355 00:20:28,600 --> 00:20:32,480 Speaker 2: interface with an increasing amount of additional second and third 356 00:20:32,520 --> 00:20:35,439 Speaker 2: party players. Right, so, every think about EV's they connect 357 00:20:35,440 --> 00:20:38,320 Speaker 2: to the grid, and for example, a startup called si 358 00:20:38,440 --> 00:20:42,600 Speaker 2: Flow is focused specifically on EV cybersecurity, and based on 359 00:20:42,720 --> 00:20:47,800 Speaker 2: data that they're sharing, they show that the communications protocol 360 00:20:47,960 --> 00:20:52,640 Speaker 2: used for EV charging management systems can be compromised by 361 00:20:52,640 --> 00:20:55,359 Speaker 2: cyber thread actors, and by doing that, the thread actor 362 00:20:55,520 --> 00:20:58,919 Speaker 2: could for example, turn EV chargers on and off, or 363 00:20:58,920 --> 00:21:02,680 Speaker 2: even steal and as more evs come online as v 364 00:21:02,720 --> 00:21:06,480 Speaker 2: an EFC's will happen in our new energy outlook and 365 00:21:06,640 --> 00:21:09,959 Speaker 2: electric vehicle outlooks, if we do depend more and more 366 00:21:10,000 --> 00:21:13,320 Speaker 2: on electric vehicles and systems like vehicle to grid where 367 00:21:13,520 --> 00:21:17,080 Speaker 2: the power system calls on EV's to help support the grid, 368 00:21:17,280 --> 00:21:20,439 Speaker 2: this could really cause damage as well. So basically what 369 00:21:20,480 --> 00:21:23,120 Speaker 2: I'm trying to say is as more endpoints come online 370 00:21:23,359 --> 00:21:25,840 Speaker 2: and the grid depends more and more on distribute energy 371 00:21:25,920 --> 00:21:29,199 Speaker 2: resources which are also connected, that's a huge issue on 372 00:21:29,280 --> 00:21:33,120 Speaker 2: the endpoint security level, which is kind of lacking right now. 373 00:21:33,560 --> 00:21:36,440 Speaker 1: So when I think about hacking, I think about non 374 00:21:36,440 --> 00:21:38,840 Speaker 1: state actors, but we also know that some of these 375 00:21:38,920 --> 00:21:41,399 Speaker 1: are either first of all state sponsored or secondly, is 376 00:21:41,440 --> 00:21:44,920 Speaker 1: there a fear that essentially this could be weaponized. 377 00:21:45,520 --> 00:21:48,840 Speaker 2: Yeah, I mean what's a bit scary is that cyber 378 00:21:48,880 --> 00:21:53,119 Speaker 2: thread actors are getting better and better at specifically developing 379 00:21:53,200 --> 00:21:58,679 Speaker 2: malware and attack techniques targeting operational technologies like substations on 380 00:21:58,720 --> 00:22:02,120 Speaker 2: the power grid, Meaning they're figuring out how to launch 381 00:22:02,320 --> 00:22:05,720 Speaker 2: cyber attacks that are tailor made for the power grid, 382 00:22:05,800 --> 00:22:09,879 Speaker 2: and this can definitely be used in cyberwarfare. So a 383 00:22:10,040 --> 00:22:13,960 Speaker 2: very famous example of an attack on an industrial control 384 00:22:14,040 --> 00:22:19,600 Speaker 2: system was stucksnet, which basically targeted a nuclear power plant 385 00:22:19,600 --> 00:22:23,439 Speaker 2: in Iran by taking advantage of a software vulnerability to 386 00:22:23,640 --> 00:22:29,560 Speaker 2: access controllers in that plant, and basically the attackers use 387 00:22:29,680 --> 00:22:33,600 Speaker 2: this vulnerability to compromise the control system and make the 388 00:22:33,640 --> 00:22:37,800 Speaker 2: centrifuges spin too fast, causing damage to the plant. So 389 00:22:38,200 --> 00:22:40,440 Speaker 2: this and some other examples we've seen around the world 390 00:22:40,480 --> 00:22:43,480 Speaker 2: are kind of showing us that cyber warfare is an 391 00:22:43,560 --> 00:22:47,680 Speaker 2: increasingly normal thing, specifically targeting the power system. 392 00:22:47,920 --> 00:22:50,679 Speaker 1: Another data point that came up also from IBM is 393 00:22:50,800 --> 00:22:54,600 Speaker 1: that the cost per data breach is averaging around four 394 00:22:54,640 --> 00:22:58,040 Speaker 1: point seven eight million US dollars each time. So this 395 00:22:58,119 --> 00:23:01,200 Speaker 1: is expensive. It's expensive for the breech and invariably now 396 00:23:01,200 --> 00:23:04,080 Speaker 1: it's costing more money to try and prevent them and 397 00:23:04,400 --> 00:23:05,879 Speaker 1: cut it off at the past. So this is a 398 00:23:05,920 --> 00:23:08,879 Speaker 1: burgeoning industry of companies that are looking to service this. 399 00:23:09,200 --> 00:23:11,720 Speaker 1: But what is the next thing for you now that 400 00:23:11,760 --> 00:23:15,200 Speaker 1: you've spent time researching this, What is the next thing 401 00:23:15,240 --> 00:23:18,040 Speaker 1: that you're going to look at and look into that 402 00:23:18,119 --> 00:23:20,600 Speaker 1: hasn't been covered in this research note in the vein 403 00:23:20,760 --> 00:23:22,879 Speaker 1: of trying to better understand cybersecurity. 404 00:23:23,000 --> 00:23:26,119 Speaker 2: That's a good question. I think what I've been seeing 405 00:23:26,160 --> 00:23:29,919 Speaker 2: in general in cybersecurity tech innovation is that the security 406 00:23:30,280 --> 00:23:33,480 Speaker 2: focus is coming closer and closer to the end resource 407 00:23:33,560 --> 00:23:36,320 Speaker 2: or the endpoint. So it's going from being this massive 408 00:23:36,359 --> 00:23:40,640 Speaker 2: firewall around the network to end point security, which basically 409 00:23:40,720 --> 00:23:44,240 Speaker 2: gives endpoints like ev smart meter substations their own set 410 00:23:44,280 --> 00:23:48,200 Speaker 2: of security measures. And this endpoint or resource focused security 411 00:23:48,320 --> 00:23:51,760 Speaker 2: also brings us the access control, So we've been seeing 412 00:23:51,760 --> 00:23:55,159 Speaker 2: a lot of innovation and access control, which traditionally is 413 00:23:55,200 --> 00:24:00,359 Speaker 2: things like encryption or firewalls or multi factor authentication. And 414 00:24:00,440 --> 00:24:04,960 Speaker 2: what interesting innovations here are zero trust models and quantum 415 00:24:05,080 --> 00:24:08,760 Speaker 2: resistant encryption. So in a zero trust model, access is 416 00:24:08,800 --> 00:24:13,399 Speaker 2: basically provided to resources like a substation, for example, or 417 00:24:13,440 --> 00:24:17,360 Speaker 2: a smart meter on a per asset and per request basis, 418 00:24:17,400 --> 00:24:19,679 Speaker 2: as opposed to kind of you know, allowing access to 419 00:24:19,720 --> 00:24:22,720 Speaker 2: all assets in a network once an actor is within 420 00:24:23,080 --> 00:24:26,760 Speaker 2: a firewall. So for example, ge and other tech vendors 421 00:24:26,960 --> 00:24:31,120 Speaker 2: are beginning to integrate zero trust architecture as a layer 422 00:24:31,359 --> 00:24:34,879 Speaker 2: in their grid software portfolios. And then on top of that, 423 00:24:34,920 --> 00:24:38,159 Speaker 2: another interesting innovation is think about a future when quantum 424 00:24:38,200 --> 00:24:42,560 Speaker 2: computing becomes a reality. Encryption like today's encryption can be 425 00:24:42,680 --> 00:24:47,600 Speaker 2: easily decrypted with an actual functioning quantum computer. So encryption 426 00:24:47,640 --> 00:24:50,119 Speaker 2: today needs to get up to speed, so new kinds 427 00:24:50,119 --> 00:24:55,320 Speaker 2: of cryptography or post quantum cryptography can help. For example, IBM, 428 00:24:55,520 --> 00:24:59,720 Speaker 2: Google and university partners co developed a kind of lattice 429 00:24:59,800 --> 00:25:04,800 Speaker 2: day digital signature in which encryption security relies on the 430 00:25:04,800 --> 00:25:08,440 Speaker 2: difficulty of finding short vectors and lattices. So basically what 431 00:25:08,480 --> 00:25:12,160 Speaker 2: that means is it's a very very difficult mathematical problem 432 00:25:12,480 --> 00:25:17,000 Speaker 2: about finding specific vectors in a three dimensional space. So 433 00:25:17,359 --> 00:25:20,800 Speaker 2: definitely we've been seeing some cool innovations in access control 434 00:25:20,960 --> 00:25:23,800 Speaker 2: and any kind of tech that's bringing the security closerts. 435 00:25:23,800 --> 00:25:27,000 Speaker 1: At the end, resource, I love that the form of 436 00:25:27,040 --> 00:25:30,000 Speaker 1: protection you brought up is called zero trust architecture. 437 00:25:30,160 --> 00:25:34,200 Speaker 2: It makes exactly it really, don't trust anyone. 438 00:25:34,359 --> 00:25:39,920 Speaker 1: Don't trust anyone I might click on that phishing email. Amanda. 439 00:25:40,000 --> 00:25:42,440 Speaker 1: Thank you so much for walking us through not only 440 00:25:42,440 --> 00:25:46,879 Speaker 1: what's happening with cybersecurity, but also this different set of vocabulary, 441 00:25:47,000 --> 00:25:50,439 Speaker 1: so these different systems that are being used in different acronyms, 442 00:25:50,480 --> 00:25:54,200 Speaker 1: and also my personal favorite from the show, zero trust architecture. 443 00:25:54,560 --> 00:25:55,439 Speaker 2: Thanks for having me. 444 00:26:04,359 --> 00:26:07,680 Speaker 1: Bloomberg NEF is a service provided by Bloomberg Finance LP 445 00:26:07,880 --> 00:26:11,240 Speaker 1: in its affiliates. This recording does not constitute, nor should 446 00:26:11,280 --> 00:26:15,320 Speaker 1: it be construed as investment advice, investment recommendations, or a 447 00:26:15,359 --> 00:26:19,280 Speaker 1: recommendation as to an investment or other strategy. Bloomberg NEF 448 00:26:19,440 --> 00:26:22,560 Speaker 1: should not be considered as information sufficient upon which to 449 00:26:22,600 --> 00:26:26,360 Speaker 1: base an investment decision. Neither Bloomberg Finance LP nor any 450 00:26:26,400 --> 00:26:29,760 Speaker 1: of its affiliates makes any representation or warranty as to 451 00:26:29,800 --> 00:26:33,200 Speaker 1: the accuracy or completeness of the information contained in this recording, 452 00:26:33,600 --> 00:26:36,399 Speaker 1: and any liability as a result of this recording is 453 00:26:36,440 --> 00:26:37,520 Speaker 1: expressly disclaimed.