In order for the mining industry to remain resilient to cybersecurity threats, a clear and coherent guideline is needed to provide vendors and operators with best practices and proper guidance.
The practical approaches included in the guideline will be used to increase the industry’s resilience to a growing array of local, national, and international cybersecurity threats. Learn more about the project here.
To accommodate multiple time zones, we have scheduled separate dates and times:
May 13, 2020 – 11:00AM – 2:00PM EDT | 3:00PM – 6:00PM UTC
May 27, 2020 – 8:00PM – 11:00PM EDT | 00:00AM – 3:00AM UTC (May 28)
June 18, 2020 – 8:00AM – 11:00AM EDT | 12:00PM – 3:00PM UTC
The GMG/MM-ISAC Cybersecurity Working Group recently launched a Vendor Security Management project to help the industry improve its cyber resiliency by fostering awareness and providing guidance. Volunteer experts are needed to contribute to the content development of the guideline.
Over the coming months the guideline will be drafted through contribution and collaboration of peers around the globe. The project is kicking off with virtual workshops in the coming weeks: on May 13 and May 27. Following these launch workshops, online collaboration will continue to enable the development of the guideline, including a virtual workshop scheduled for June 18.
Info on the project
The project aims to build a guideline for both operators and vendors to use to enable a resilient supply-chain. It will provide clear steps for vendors and operators to identify solutions to vulnerabilities in the vendor/operator system, understand how the industry is connected and provide guidance on asset management practices.
With the adoption of more sophisticated digital technologies in the mining industry, the risks of potential cyber threats and attacks increase. The physical presence of vendors at mine operations is also a potential risk, making the business vulnerable to such threats as data breaches, system/equipment shutdown and hacking, phishing, infiltration through third-party access and cyber espionage. Therefore, implementing a strong cybersecurity plan is essential for all parties to reduce relative risks.
As external systems become more integrated into operations, a company’s data, network, servers, cloud, etc. become potential access points that could be breached. This could result in revenue loss, reputational impact and misuse of classified information for operators and vendors. Areas to consider include data security, IP security, confidentiality, cloud-based services, server security and network security.
Who would be interested in this project
This project would be of interest to the entire industry, but particularly to those in procurement, operations, legal, finance and site supervisors at mining companies, vendors (OTMs and OEMs), cybersecurity experts (within the broader community) and regulators.