Securely Connected Everything S3-8: Unleashing OT Efficiency: Brendan McCarthy on Time, Trust & Tech

Have you ever wondered how time management can revolutionise Operational Technology (OT) in critical infrastructure?

Have you ever wondered how time management can revolutionise Operational Technology (OT) in critical infrastructure? Join us for a compelling conversation with Brendan McCarthy, the Managing Director for Availability Systems Engineering, who brings a wealth of experience from his 25-year career, including 22 years at BHP. Brendan shares invaluable insights into managing operational systems across numerous mining assets, emphasising the importance of duration, frequency, opportunity, and sequencing in OT environments. Learn how leveraging opportunistic time can enhance system availability and minimise outages, setting a new standard for efficiency in critical infrastructure.

Transitioning from a cybersecurity-centric approach to a comprehensive risk management strategy is no small feat. Brendan delves into the significance of maintenance and transparency in building organisational trust, and the transformative impact of the Technology Remote Operation Center (TROC) in streamlining incident management. Discover how preventative maintenance plans, rebranded as “planned maintenance,” can improve communication and effectiveness within operational teams. Brendan also sheds light on the crucial role of managing failure domains and understanding human factors to ensure smooth operations in industrial settings, making this chapter a must-listen for anyone passionate about operational technology.

What’s the future of OT with advancements like Edge computing and AI? Brendan discusses the integration of IT and OT, the unique cybersecurity challenges faced by critical infrastructure, and the skill shortages in the cyber and OT sectors. He emphasises the importance of system thinkers who understand both hardware and software in production-critical environments. Reflect on Brendan’s advice for specialising early and expanding across multiple functions for faster problem-solving, and hear his thoughts on Australia’s leading role in mining technology. Don’t miss his insights on the transformative impact of LTE on autonomous fleet availability and the exciting future potential of 5G connectivity. This episode is packed with knowledge and foresight for advancing technology in critical infrastructure.

Brendan McCarthy: 0:02

With an IT environment, we’ve almost generally tried to outsource the customer intimacy. You may be integrating the capability, the technology, but how you communicate, how you engage, how you maintain customer intimacy is different.

Michael van Rooyen: 0:17

Today I have the pleasure of interviewing Brendan McCarthy, who is the Managing Director for Availability Systems Engineering. We’re going to be talking all things operational technology, critical infrastructure, all cybersecurity, all things that relate to that industry. Welcome, Brendan.

Brendan McCarthy: 0:32

Thank you for the invite.

Michael van Rooyen: 0:33

Yeah, great, I appreciate you catching up with me here in Sydney. We’re here the Vivid Festival’s on and Brendan is based in Perth but was able to actually come at a time to catch up with him here in Sydney. So again appreciate the time I was able to actually coordinate a time to catch up with him here in Sydney. So again appreciate the time. Before we kick things off, brendan, do you mind just sharing a little bit about your journey in the industry, particularly critical infrastructure and the tech side of that, and then what led you to your role today as the managing director and founder of Availability Systems Engineering.

Brendan McCarthy: 0:58

Yeah, look, it’s been a 25-year journey, 22 years at BHP.

Brendan McCarthy: 1:04

Wow a 25-year journey 22 years at BHP Wow, when it was Western Mining. Then it became BHP Billiton and even passed that through when we exited the South 32 assets. So we spent a lot of time across all of the commodities during multiple cycles in the commodity price. So obviously budget pressures and all the rest of it. But uranium, copper, nickel, iron ore and that progressed around Australia in those engagements. The last five or six years I was looking after all of the operational systems across BHP’s assets. So all of the rail, all of the ports, all the control systems, mining, autonomous mining, everything, anything that was making money we were looking after.

Michael van Rooyen: 1:46

Wow, I mean that’s an extensive amount of infrastructure right across, no doubt, multiple mining facilities.

Brendan McCarthy: 1:51

Yes, 20 mines, five ports. There was always something happening.

Michael van Rooyen: 1:55

Oh, no doubt, no doubt. There was 24-7 operations, 24-7, yeah, oh wow, Across 20 locations. Did you ever get some sleep?

Brendan McCarthy: 2:02

Oh look, we did for a while we started to look after our petroleum assets out of Houston and our South American assets.

Michael van Rooyen: 2:09

Wow.

Brendan McCarthy: 2:09

And at that point it just started to get to. I couldn’t scale to that point with the way we were operating. So basically we built the equivalent of what I created in Australia, the T-Rock Technology Remote Operation Centre for the 24-7 support. We built those out in Houston in South America along with the IROCs that we had.

Michael van Rooyen: 2:31

Right and was some of that related to autonomous vehicles and all those systems as well?

Brendan McCarthy: 2:37

So autonomous control systems which is all automated, conveyor the petroleum assets and plants, even the heat bleach facilities, etc.

Michael van Rooyen: 2:48

That’s just fantastic. I mean just considering the amount of infrastructure you’ve seen no doubt after that many years as well at BHP, and seeing that you were the head of production systems in your last six years there at BHP. What were some of the key insights that you learned, or learning experiences, from your time with BHP?

Brendan McCarthy: 3:01

In the move into the, the ot, and I’m talking real ot. So there’s three layers of ot. There’s the it world, then there’s the mes world, which is people call level three stack. Then you’ve got level two.

Brendan McCarthy: 3:13

When we talk ot it, we miss the opportunity to really understand the difference between real ot, which runs plants from control’ve got MES, which is the optimization layer compared to the IT space. So in terms of the insights in managing MES, especially with an IROC where supply chain management is really important, that having that availability where we manage things within the week is really important, and on the critical environments, so things that run control systems, autonomous vehicles, that’s in the seconds, managing time is really important. And the four elements that I really focus on is duration, frequency, then you’ve got opportunity and then you’ve got sequence. So those four elements are really important to understand. So duration is how long is it and how do I reduce it? Frequency the more things happen, the more inconsistent you are, the less predictable you are and, as a result, the controllers do things that are potentially abnormal to what they normally should do.

Brendan McCarthy: 4:14

And it generally creates more of an inconsistency in the production line. Sequencing is really important Making sure the right people are there at the time when you need to execute the change. Making sure there’s all of the capability, the tools, the systems, the components so that when you are having an outage it’s reduced as much as possible. And my favorite part is the opportunistic. There is generally an event whether it be a shutdown or weather event or even a safety stop for a couple of hours that we get in the morning Having a group of changes that were pre-approved, pre-understood, pre-risk, managed, we could execute. We basically get an outage for free.

Michael van Rooyen: 4:50

Right right.

Brendan McCarthy: 4:50

So our outage is not high, right, so that’s how you increase your availability, right, right? So all of those managing time is probably the key lesson in working in OT.

Michael van Rooyen: 5:00

Right, right, and look, you did touch on two really good points there. Time, absolutely. I mean everything’s time critical. You want to avoid frequent outages, ships waiting, trains waiting and all that. The real opportunistic time, as you said, is when you bank these up ready to go and you get a time to do it rather than have to wait for a window. It really gives you a bit of an advantage, right? And then you touched on the other good point which I’m happy you clarified, because the word OT has been bounced around a lot. Right, and it’s becoming very popular IT for OT. But I’m really happy you talk more about real, specific mining operations, critical infrastructure operations, as opposed to people saying OT, which is considered just OT. Right, if you think about your time 22 plus years at BHP, particularly in the end, and I think about 20 mines, lots of different systems I mean I would hate to think of the hundreds of systems you’d be running With that extensive experience. What were some of the most significant changes you’ve observed in critical infrastructure in that sector over the years?

Brendan McCarthy: 5:50

One is the move from an appliance mindset to commoditized IT hardware. So, even though the systems have not changed the utilization of commoditized hardware it used to be a Schneider appliance but now it’s an HP server.

Brendan McCarthy: 6:06

That you would find no different in any other location Commoditized hardware which then created its own worries around operating systems. So you have to patch it. You have to do everything you have to do for Microsoft in the IT space, you have to try to do that in the OT space, and so you have to either put controls in place in managing the fact that you’ve got the same vulnerabilities in the IT as you have now in the OT space. That’s one. There’s two parts of automation. One is obviously autonomous vehicles becomes times critical. In a mine site of 60-odd haul trucks, there is only two reasons why all those haul trucks would stop. In an operated fleet it’s a safety event or a weather event, generally, no other reason, whereas in an autonomous fleet it could be a network error, it could be a broken antenna, it could be something simple, like someone doing a change which has happened inadvertently, putting a change across all systems, maybe out of India, and basically I think people recall it was a 24th of December.

Brendan McCarthy: 7:08

Oh, wow inadvertently putting a change across all systems, maybe out of India and basically on a I think people recall it was a- 24th of December, oh wow.

Michael van Rooyen: 7:13

And patched everything in our call assets, oh wow, and they’re not on holiday because they’re still operating, right? No, you wouldn’t have been you wouldn’t call back from holiday.

Brendan McCarthy: 7:18

No, it definitely wasn’t on holiday.

Michael van Rooyen: 7:20

Yes.

Brendan McCarthy: 7:20

That was never the case in the past. Things would just operate, even if the systems went offline right, just on that point.

Michael van Rooyen: 7:27

Two aspects I just want to tease out there. You’re saying, first of all, the the example there of a vendor that was providing the system for you. It was an appliance. Yeah, it was just a piece of hardware.

Brendan McCarthy: 7:36

No one cared about what was inside it, because it was just not. It wasn’t a windows device, it was probably linux or who knew. I mean in fact was a black box. So they moved to commoditized hardware because it was much cheaper, like a $3,000 server versus a $40,000 appliance.

Michael van Rooyen: 7:52

Did you see some benefits and negatives? So, first of all, cost reduction great, but then you had to then probably take that operational lens on it, which obviously has a cost. Was the other way a better model, or it was more moving from analog to kind of digital? What are the pros and cons of those two models that you saw in your time?

Brendan McCarthy: 8:09

So obviously the pros it was much easier to refresh and move the environments on. The advantages now is they probably wouldn’t have the compute capacity that’s required to run advanced process control or autonomous systems. You need proper two to three tier solutions to run some process control or autonomous systems. You need proper two to three tier solutions to run some of these solutions.

Michael van Rooyen: 8:28

I guess the other lens on that and we’ll talk about cybersecurity later on, I guess the other lens on there is then you have to think about that safety blanket of separated networks is disappearing more and more as we see more interconnectivity happening and not specifically be in your scenario, but certainly you know other customers I’ve talked to Off the back of that. What were some of the biggest challenges you encountered in operational technology and how did you approach solving them?

Brendan McCarthy: 8:49

I think the biggest challenge is with regard to what I was referring to before, where there was a point in time when control systems OT layer so not.

Brendan McCarthy: 8:58

The MES layer was becoming too advanced for the control system engineers who the best system thinkers on the planet. There was no longer a capability because you went to storage, they went to sand storage too advanced for the control system engineers who the best system thinkers on the planet. There was no longer a capability because you went to storage, they went to sand storage and all the rest of it. They just weren’t able to support when the problems occurred because the the big projects came in and deployed the hardware that they liked. But the control system engineers are quite generous in in their technology skills, but they’re actually good process thinkers and understand how the process is working and write the code for the machines. When that became too complex, they reached out to help and up until that point we didn’t really have a leg in. There was don’t touch this, we do not want to be touched, you’re not going to be coming near here until that point.

Brendan McCarthy: 9:43

And I suppose the challenge was how do we? Once that challenge occurred then it was like well, these things do need to be maintained. Just like you maintain triple VF drives and trucks and engines, et cetera, we do need to do maintenance both on cybersecurity but also patch management and application management, and I suppose it took a while for me to transition my thinking from a cyber this is what we do and this is why we do it lens to just purely a risk management lens. So production risk management if you don’t do this, there is a chance, obviously from a cyber perspective, that you will be impacted If you don’t do these changes. For example, an autonomous fleet if we didn’t reboot every two weeks, it actually caused two and a half hours of outage because we had to go to each truck and restart one right at the beginning of that journey.

Brendan McCarthy: 10:31

So we actually had a preventative maintenance plan and we got that approved. Eventually. That trust was built up because we could provide data and evidence, which is actually how they work. We changed our methodology and our wording. Instead of doing patching, it’s called planned maintenance. When we have a breakdown, it’s called unplanned maintenance. Basically, by being transparent about what happened, doing our root cause analysis and providing that information back and what we’ve learned and what we’ve changed. That’s how we gained that trust. So gaining that trust was hard because we had to be different.

Michael van Rooyen: 11:00

Of course. Of course I was going to think about that. I mean, again, I just think about your experience over 20 minds, the pressure of operations, the dollar cost of downtime, et cetera. So even just hearing you come in with language that’s easy to digest for people to understand what the difference is, I mean that must have been sometimes a hell of a lot of pressure on you and your team. But that’s also an education process. It’s how to improve process, learn from mistakes, all those ongoing continuous improvements.

Brendan McCarthy: 11:25

Parts the biggest change that I was able to execute with the team one of the floors on the building that we had put in a nice fancy screen. But all I did is I put the server, the network, the wireless network, the database and the applications people all in a pod Right and I said, and I put a leader in front of them to say a good, major incident manager. So rather than the ticket going from each group ticket go, went to the center, the incident manager and I said this is the problem. They all look and they all identify that. That, for me, was the start of what I called the t-rock right so is that something you?

Michael van Rooyen: 11:59

you created that? The t-rock wow, wow. So I’ve heard you talk about it. That’s, that’s, that’s exciting. We had the i-Roc Wow, wow. So I’ve heard you talk about it. That’s exciting.

Brendan McCarthy: 12:05

We had the IROC downstairs which was the Integrated Remote Operation Center Right and I had the Technology Remote Operation Center.

Michael van Rooyen: 12:11

Fair enough. Fair enough too. That’s great. Something new I knew. See, I’m learning something each day. So off the back of that extensive experience, what then motivated you to go out and be the founder of Evaluability System Engineering?

Brendan McCarthy: 12:29

And how does it align with your passion for operational technology? My passion for operational technology actually is. It’s also about production. It’s also about safety. It’s that automation where you know that when you’re at an autonomous site and then somebody comes from an operated site, they’re scared. Once they go into an automated site, they’re scared to once they go into an automated site, they’re scared to go to a manned site or an operated site because they are so predictable, because you’re basically robots. Yes, same thing with the control systems.

Brendan McCarthy: 12:53

The way, I think, is probably more failure domain management and it’s all based on risk. So what is the risk of it going down and what are all the causes for it going down? And how do I mitigate some of those risks? Sometimes it’s separating the hardware, sometimes it’s putting in other controls, like, for example, I mentioned before on the 24th of December issue, the person was able to select all and do a change. Wow. So what we did is we said, well, you know what the failure domain then was, that you’ve integrated the solution, the patch management solution. We created a new one, an OT one, which had limited access and limited reach into any other environments. So you actually create process domains as well as failure domains, so that you can actually limit the impact that people have, because change is 90% of the problem. Generally Correct, generally.

Michael van Rooyen: 13:42

Yes.

Brendan McCarthy: 13:42

The amount of money we invested in resilient hardware. It should never have failed.

Michael van Rooyen: 13:48

Yes.

Brendan McCarthy: 13:48

But people.

Michael van Rooyen: 13:50

People. Generally it was people. We see it with cybersecurity as well. Normally the root cause is always a human, but adding a process layer sounds common when you talk about it. Now you know how to limit the blast radius is what you’re saying, right. How do we really limit that?

Brendan McCarthy: 14:03

But it’s on production impact, not just, of course, because they do use it on cyber, but we used it on failure domains to limit change impact as well as failure impact. So in a mine, you’ve got mining, you’ve got processing and you’ve got logistics, you know, for the price of I don’t know, it’s half a or $600,000 of hardware, because there’s never an environment generally where the mining and the processing goes out. Why would you need to do a change that took them all out?

Michael van Rooyen: 14:29

Yeah, fair enough too.

Brendan McCarthy: 14:30

Good change, bad change, planned change, unplanned change. So you never get a window of opportunity to do any maintenance. So you asked before how do we do patch management? We split the value domain. So when there is opportunity in the mining space, there’s a safe start or there’s weather events, that’s when we did our work Opportunistic maintenance, opportunistic maintenance, so we always had a list of things we had to do.

Michael van Rooyen: 14:52

Yes.

Brendan McCarthy: 14:52

And they’re always approved. They’re all ready to go, they’re all risk managed. Yes, and as soon as we got the window, we could hit it.

Michael van Rooyen: 14:58

So then, you took those lessons and really wanted to set up an organization that would help customers with that journey, taking your years and years of experience.

Brendan McCarthy: 15:06

I’ve done 20 years of learning. I’ve failed, I’ve succeeded and I’ve learned.

Michael van Rooyen: 15:12

Yes.

Brendan McCarthy: 15:17

And what I’ve found. I’ve been working in other smaller customers at the moment, but it’s amazing that learning doesn’t have to be paid for anymore. Right, it’s ready to go, it’s understood and it’s economic, so they don’t have to make the same mistakes as we progress to more automated, more included and more optimization as we start to kick in, taking that deep domain knowledge you’ve built over many, many years, know what works, what doesn’t.

Michael van Rooyen: 15:36

You’re really just bringing that as a methodology or way customers can engage on wanting to cross that divide, maybe moving toward automation, maybe trying to cross some of these technology domains. You’re really offering that as a service to those customers, right?

Brendan McCarthy: 15:49

So yeah, I just had an experience in the last, say, eight, nine months at an autonomous site that was in trouble, Just walking in there knowing hang on, I’ve been here before.

Michael van Rooyen: 15:58

Yes.

Brendan McCarthy: 15:58

Have you looked at this, this, this and this? We increased from almost 65% availability to the truck to 99.

Michael van Rooyen: 16:05

Wow, Hang on, hang on 65% availability so people listening to the truck. Right, right, I mean that sounds from a tech point of view. You know when you start talking numbers like that you think wow, but I appreciate it’s a little bit different in that industry. But for what you just said, they’re taking it from mid-60s to 90s. Late 90s is phenomenal, with some of the customers that you’re helping assist them with this journey. What are the common misconceptions about the role technology has in the space that you encounter and how do you address them?

Brendan McCarthy: 16:33

There’s always the classic it’s a wireless network and when at home, my wireless network doesn’t fail like this, right, you get that. People say that to you. Oh, my goodness, yes, it’s a little bit more complicated, complicated, and that’s also that there is no downtime permitted, right. So there is no maintenance, there is no requirement.

Brendan McCarthy: 16:51

I think those two, because everything else leads to the fact that they have a preconceived idea of what should work, should how it should work, and two, that it should, should always work yes which means that there’s no expectation that at some point you have to refresh it after four years, right, you don’t get to maintain it as you do any other piece of equipment, because they are machines.

Michael van Rooyen: 17:11

Yes.

Brendan McCarthy: 17:11

So they do need to be maintained, of course, and they don’t ever need an upgrade. They don’t need to be touched, and the way you change that is through using their own language, which is risk management and the controls around how. So obviously there’s a. The risk is that you will have an unavailable solution. What are the controls that you need to mitigate each of those risks? The other one is that it’s all maintenance debt. The way you avoid that the control is you need to refresh it when it’s end of life, when it’s no longer a serviceable life. Call it five years. You get that permission. It’s just built into their plan now.

Michael van Rooyen: 17:42

So it’s the opposite view.

Brendan McCarthy: 17:43

Opposite view. It’s their language and the way they operate, so we use data-driven approach to say well, this is how it’s the best way to give you the most amount of availability.

Michael van Rooyen: 17:53

Leading on from that, so would you also say over the years, with this consumerisation of new technology, more sensor, do you get more sensor data than you did in the past?

Brendan McCarthy: 18:02

Absolutely.

Michael van Rooyen: 18:03

And now taking all that sensor data part of your availability system engineering approach is really data-driven insights, really taking that additional data points to help customers really mind that. Look at it. That all adds up to the picture right.

Brendan McCarthy: 18:16

Absolutely, so we’re always looking for anomalous behavior. I love the cyber guys as well, by the way, so we used to use whenever we had anomalous behavior, we’d bring the cyber team in and say what are you guys seeing? Because they’re obviously very deep packet inspections so they can actually see what’s going on.

Brendan McCarthy: 18:33

It’s really important in that T-Rock facility everybody knew what components affected what part of the process. Even if you don’t make very highly redundant components across the board, but know your supply chain constraint, Everyone else can be caught up. But there are parts in most processes that are their supply chain constraint, so the high availability on those components is all you need to do. So if you are under budget pressure, just focus on that.

Michael van Rooyen: 19:03

Okay, that’s a good piece of advice. What are your long-term goals for ASE and how do you envisage the future of critical infrastructure technology evolving in the space?

Brendan McCarthy: 19:12

I’d love ASE to be involved in all things that are critical and all that troubleshooting and improvement I just really really enjoy In terms of where it’s going. It’s only getting more complex, it’s only getting more critical and I suppose the biggest thing for me is we talked about the three layers the IT, the MES and I’ll call it the OT. For me, my perspective, that’s what I call OT. There’s the challenge of what is sitting in the MES space and what is sitting in the OT space, so it’s really smart to do AI. However, when I think about AI and it’s being in the non-OT space, there’s a connection between do I really want something changing the algorithm on the PLCs? And I’m thinking no. I definitely think no. But how do we still support that capability? Because it’s still required and that’s where Edge really comes in and distributed Edge. I think that capability now it’s more commoditized, still keeping it secure in a segregated way, but having that optimization is the next 10 years.

Michael van Rooyen: 20:15

Yeah, do you mind, just for listeners, just briefly touching on your thoughts around Edge and the importance of Edge for OT.

Brendan McCarthy: 20:20

Obviously, cloud has the software that does AI and improvement and, looking at the whole data suite, that capability can be delivered at the edge, can be delivered on compute that’s sitting at a site and it is connected directly to the PLC. I suppose the important thing about AIs and control systems is you can actually get told by AI how to improve your algorithm and then you can execute that and embed that algorithm because it happens It’ll continue to do it every day and every week and every month, but I think having a restriction where it’s sitting outside in the real cloud, which is somebody else’s infrastructure, but it’s the software. The software is what’s really important in cloud and it’s how do you bring that to the edge? So you’re not contributing any of your controls around risk management.

Michael van Rooyen: 21:08

You were just mentioning working with the cyber guys, because it’s really about anomalous behaviour. We know that a lot of threat actors are targeting critical infrastructure. What do you see in the time you’re in the space and living and breathing in the space? What are the unique cyber cybersecurity challenges that the sector faces and how can they be effectively be addressed?

Brendan McCarthy: 21:26

So I think there are two real major differences in the risk. There’s your geopolitical actors versus your activists. The geopolitical are basically trying to attain two things. One is price point advantage, because they can see the negotiation information, what you’re prepared to offer in terms of a price versus what they will offer. The other one is IP intellectual property around how you are doing what you’re doing so that they can do it better without having to go through the 10-year journey of trying to get their improvement. Then you’ve got the activists, so uranium obviously will have activism, coal has got a lot of activism at the moment. One’s stealing IP, so you’ve got a commercial disadvantage, but the other one is actually trying to stop you. You need to worry about both, because they’re both a significant impact, but obviously the activists as well as obviously they’re the ones that are basically going to stop your production. I’ve seen attempts at both.

Michael van Rooyen: 22:20

Okay.

Brendan McCarthy: 22:21

Not just attempts.

Michael van Rooyen: 22:22

Right. Okay, you’ve seen the coal face of it, right. Thanks for that. That’s great dimensions for people to understand. You know what some of the motivators are behind it and you know cybersecurity no doubt will be such a large focus going forward. One of the things you touched on in the earlier, this convergence of IT and OT is kind of a real industry trend at the moment. How is this transition impacting operations and cybersecurity in critical infrastructure?

Brendan McCarthy: 22:46

I think there’s multiple facets of what it really is IT and OT integration, both in people and process. And then there’s technology. So we’ve talked about the commoditization of control system hardware. That, for me, has been done and the skill sets required to deliver that. It’s very the same skill sets that happen in the IT space, but the process and the thinking around supporting an OT environment is actually quite different. With an IT environment, we’ve almost generally tried to outsource the customer intimacy Help desks, chatbots, service now and automation. There’s no intimacy from a person who’s got a problem, them getting it resolved. There’s an assumption that you’ve got time, whereas a controller who’s looking after 60 minds and they’ve got a problem. They want to know that they’re communicating with somebody who knows what they’re talking about, they know who they are, they know what the problem probably what the problem is and they know how to fix it and they’re going to fix it quickly because they’ve got no other priorities than that.

Brendan McCarthy: 23:45

That’s OT you may be integrating the capability, the technology but the skill sets are generally the same. But, how you communicate, how you engage, how you become and maintain customer intimacy is different.

Michael van Rooyen: 23:57

Right, just leading on your point there around skill sets, how are you guys dealing with, or how were you dealing with, the skill shortage? We see a massive skill shortage in cyber, but can you give some thoughts around what we’re dealing with the skill shortage, because no doubt critical infrastructure is even more important to get the right skill sets.

Brendan McCarthy: 24:16

With the T-Rock and obviously since then with ASC, the equivalent of the T-Rock that we created. The commoditized services can still be adapted.

Brendan McCarthy: 24:26

So I don’t need an OT server person. I don’t need an OT network person, Fair enough. What I do need is someone who we communicate and we provide what we call decision support around. As soon as that you want to bring up server one, two, three. You know, because that’s how we program the system, that that’s part of a production critical element. That key role is the system thinker and then you can actually start to go. People learn to become system thinkers.

Michael van Rooyen: 24:53

Yes.

Brendan McCarthy: 24:54

But when they are only getting the server queue, they’re not the system thinkers. You’ve got a MindStar or you’ve got Modular or you’ve got some fleet management solution or some autonomous. That’s the system. Its component is part of a system. It’s not a piece of hardware. It is an integral part of the system and you’re responsible for looking after that piece. It’s just not a ticket for server one.

Michael van Rooyen: 25:20

So break the solid view and really become system oriented.

Brendan McCarthy: 25:23

That is the biggest issue, I think, with the way IT groups have been set up, by design, it’s volume. It’s driven by how many hours or minutes I’ve got it in my queue. Yes, you’re not solving the problem, you’re just moving it out of your queue. In IT companies, we created that.

Michael van Rooyen: 25:38

Yes, we did.

Brendan McCarthy: 25:38

Because we made them choose. Do we want to do a server role? True, Because we made them choose, do we? Want to do a server role, a network role or an applications role, and so that’s all you ever got. You are now part of that team and that’s all the key you’ve got.

Michael van Rooyen: 25:49

Did you see an impact on skill shortages in that area as well?

Brendan McCarthy: 25:52

So obviously in the mining space there’s a big shortage of what we call wireless techs, the people that cable correctly and you know the co-ex. They don’t bend it, the fibre, they don’t twist it. So they always come back in about three or four months later. It’s oh, hang on, that didn’t work. So on the ground out, at site is very, very hard. If there are any parents out there who are looking for their kids that are wanting to do a role that is going to be in demand for the next 20 years.

Michael van Rooyen: 26:20

Wow.

Brendan McCarthy: 26:20

Because automation they all need On the trucks there’s a rack of gear.

Michael van Rooyen: 26:25

Wow.

Brendan McCarthy: 26:26

They’re all Comstex.

Michael van Rooyen: 26:27

In your environment. You’ve got to do it properly, because a minor mistake can cause lots of damage.

Brendan McCarthy: 26:32

Not just the mistake. So it’s availability. The systems are generally so advanced that our job was to stop them stopping. If they don’t have connectivity, they would stop.

Michael van Rooyen: 26:40

Wow Off the back of that. Where do you see the technology industry heading in terms of supporting critical infrastructure and kind of? What future trends should we be watching out for?

Brendan McCarthy: 26:50

I think cyber for me and availability are actually going to start to combine. So you know I’d be competing with you at this point to get some cyber people, because they’re the best system thinkers that we have. I think With control system engineers. If you could have a person that’s a cyber person and a control system engineer, that would be the gift.

Michael van Rooyen: 27:08

So that should be the new CCIE chase that become one of them.

Brendan McCarthy: 27:11

Absolutely. When we start to think about availability of systems because that’s really what’s going to be occurring, because they’re going to become more critical, it’s going to be more time sensitive, there’s availability at normal throughput and then you’ll have the optimization throughput. So, whatever you put in AI, new sensors and new IT devices that actually make an improved decision, when you don’t have that, it’s going to be back to a suboptimal outcome. The first year it was a project. The second year was an expectation. There was never a backtrack on that. Those become more advanced as there’s more advanced, as there’s more automation, as there’s more inter-automated solutions. So you’ve got vendor one on one point and vendor two on another and the integration of those two systems to talk to each other generally through the MES layer is going to be more critical and important.

Michael van Rooyen: 27:58

Yeah, I think you’ve touched on some really good points and the cyber process. They’re about being able to be because they have. They follow the methodology, how they troubleshoot. In fact, I read a article around a SOC organization you know, providing secure operation center, and what one of these organizations did overseas is found that actually nurses who’d resigned from the covid outfall, where they decided not to do that, that role anymore, that they became the perfect SOC operators because they’re used to following a process. They could be instructed pretty clearly. They understood a process, they knew how to do it to a T Calm under pressure, Calm under pressure, right, because that’s what they’re used to doing.

Brendan McCarthy: 28:34

I employed a couple for my major incident management.

Michael van Rooyen: 28:36

Well, there we go. So here’s me reading about it and you’ve done the same and it seems like you had the same result. Getting closer to the end of our chat, considering all the work you’ve done and continue to do, you know really help customers with their journey what advice would you give professionals working in critical infrastructure?

Brendan McCarthy: 28:54

Think system. Specializing is helpful in the first three or four years of your career. It’s easier to progress when you’re really really good at something. I would start pushing for moving around a little bit. It’s more important that you are across multiple functions rather than one. There’s always going to be the 10 or 15% that are going to be the absolute brilliant in their field. They should continue to do that, because we do need brilliance in those fields for the new designs, the new architectures, the new solutions. But the others we probably need you to solve problems faster. The way you solve problems faster is know everything.

Michael van Rooyen: 29:28

That’s a good point. Any additional advice you’d give to technology leaders in that space, you know, as they plan their technology roadmap and investments into new solutions?

Brendan McCarthy: 29:37

If you’re going through a path into OT, be careful what you wish for in terms of. Be clear that just taking on the hardware is half the problem and you’ve got all of the responsibility but not actually the accountability for solving the problem Joining the hardware, I worry, where’s your window? You’ll have to restart your production process much more regularly because you have to adhere to the IT policy that you create from a cyber perspective, or your IT will never get to be patched.

Michael van Rooyen: 30:06

Right, right, right. And if I think about you personally, reflecting on your career right to date, you know what has been the most rewarding aspect of working in critical infrastructure.

Brendan McCarthy: 30:15

I think I led a team of just under 400 employees and 200 contractors through this production critical environment. But what I think I’m most proud of is obviously, with the T-Rog at the center, moving our IT mindset to that time, sensitive, risk-based approach and moving to a situation where our time and our management was budgeted in the process. Our refresh cycles was just included. It wasn’t, we were no longer a function and we were able to effectively separate the OT costs and the IT costs. Because for a while there, when we didn’t do that, we were just becoming a function and our OT costs were doing compressed, just as our IT was. And you can’t do customer intimacy when you’re trying to outsource your front end.

Michael van Rooyen: 31:05

Great insights for how you feel rewarded about it. Considering the work that BHP did, you get those proud moments of walking around thinking you know all those things you see constructed, built, you know there’s obviously been resources. Do you have that kind of feeling sometimes?

Brendan McCarthy: 31:18

The scale at which we’re operating as a country, maybe as a state WA I’ll put a flag up for WA, but I mean even out of New South Wales and Queensland. The scale at which these things operate is just phenomenal.

Michael van Rooyen: 31:32

Yes.

Brendan McCarthy: 31:33

I hear constantly that Australia is at the forefront of all the capability around technology, mining technology specifically and we do. We are way ahead of any other country. I think there’s only one or two pilot sites for autonomy in the US for example Wow, even though we’ve got Caterpillar and Komatsu. Wow, komatsu are actually based in the US. It’s amazing that we’re that far in front.

Michael van Rooyen: 31:56

That’s a really interesting data point there to think about that. Would there be any other key takeaways regarding the future of current infrastructure and the importance of operational technology availability that you want to share?

Brendan McCarthy: 32:06

If you’re taking on the OT and the MES scope, you are responsible to make your company highly available. Fair enough, that’s how they make money, so it’s a revenue model. You’re not stop thinking. You’re a cost model, you’re a revenue model.

Michael van Rooyen: 32:20

That’s a really good key takeaway. One thing I’d like to ask all the people that attend the podcast is think about your whole 20 plus years in the industry. What’s kind of been the most significant change or shift you’ve seen in your time?

Brendan McCarthy: 32:37

Wow, that’s a big one. It is a big one. 20 years, that’s a lot of technology, the biggest shift in availability in our autonomous fleet was LTE Right.

Michael van Rooyen: 32:40

So you said LTE would be one of your biggest changes. You saw.

Brendan McCarthy: 32:43

It was overnight. It was no longer a problem.

Michael van Rooyen: 32:45

Wow.

Brendan McCarthy: 32:46

Wireless connectivity was no longer a problem. Really Literally, like that Overnight.

Michael van Rooyen: 32:49

So you planned it, built it, cut over to it and the noise went away. Effectively. Noise went away Wow.

Brendan McCarthy: 32:55

I’m trying very hard right now to produce a solution that can move in an affordable way. If autonomous vehicles can go on LTE, the less moving parts. Everything works. I love the fact that there’s 5G coming, the spectrum that’s now available for companies in the area-wide licensing. You can actually have your own spectrum and you can basically eliminate all the IoT devices you like. It’s actually available around the world. That same frequency is available around the world in that small context. But 5g is the future for connectivity and even inside or outside well, fantastic.

Michael van Rooyen: 33:30

Look, there’s so many more discussions we could have had you. We only were just touching on the surfaces. I’d love to love to have you back for another one of these sessions in the near future, because I’d love to deep dive into 5g, private lte, like we haven’t even touched on some of the other thing. I think there’s many more conversations we’re going to have and, if you’re open to it, I’d love to have your back on the show. So, for those who are interested in talking to Brendan or having a look into more of what he does, I think the website from him is asetechnology. That’s correct and you know if you have a look at it, you know Brendan’s got a great story there and it really is about that. As you said, people process and technology and how you can really help them with their availability. Brendan, again, really appreciate your time catching up with me today and I look forward to catching up with you next season.

Brendan McCarthy: 34:10

Thank you and thanks for listening.

Michael van Rooyen: 34:12

Thank you.

Subscribe to Securely Connected Everything

Other Podcasts

Season Two
Join the conversation with Daryl Isaac, the tech wizard behind Liquid IT, as he shares an intricate tapestry of tales from the IT frontline, tracing back to the dawn of desktop as a service in New Zealand.
Season Three
Curious about how data centres are evolving and what it means for the future of tech? We promise you’ll gain valuable insights as we sit down with Jason Gomersall, founder and chief executive director of iSeek.
Season Four
Ever wondered how observability can transform your digital landscape and safeguard against costly downtime?