September 22 | 8am-11am (EDT)| 2pm-5pm (CEST)| 8pm-11pm (AWST)|
As the mining industry adopts more sophisticated digital technologies, the risk of cyber threats and attacks becomes increased. Potential risks include data breaches, system/equipment shutdown, hacking, phishing, infiltration through third-party access, and cyber espionage.
With some operations preparing for returning to work, while others are continuing to establish a remote workforce, cybersecurity is of vital importance. Equipment returning from remote working locations as well as the use of equipment off-site can create cybersecurity risks and there needs to be precautions put in place against attacks.
Industry collaboration on cybersecurity is more important than ever as the industry adapts to the new global reality. During this virtual forum, the mining industry will come together to define best practices for advancing cybersecurity, leading the industry towards a cyber-resilient future.
Lessons Learned: Implementing a cybersecurity training and awareness program
Ian Lee, Manager, IT Security, Compliance & Enterprise Architecture, Hudbay Minerals
Successfully implementing an IT Security Awareness program can be challenging. When it is competing for people’s time against other training programs that focus on physical safety or are directly in line with employees regular duties it is even more challenging. In mining companies there is an incredible focus put on the physical safety of our employees, environment and equipment. This can have the effect that training courses on a less tangible topic like IT security can be seen as a waste of time or that the time could be better spent on something “real”. While ultimately the physical safety of our people is the most important, the safety of our data, systems and networks needs to be ensured as well. As an IT department we can implement as many technical controls as possible but at the end of the day our people are one wrong download, email click or website away from causing material risks to an organization. A successful IT security awareness program fills a gap left by technical controls in helping our employees be that last line of defence.
Know Who’s Talking in The Mine
Roland Plett, Solutions Architect – Energy and Mining, Cisco Systems
Cybersecurity starts with visibility into what conversations are occurring between assets in the mine and whether they should be. With the increased digitization of mining assets the number of systems relying on the network has increased significantly. In addition to safety systems, control systems and push to talk communications there are also mobile fleet management systems, tele-remote systems and video communications that all need to be secured from each other and outsiders. The complexity of mine communication has increased significantly and Roland brings a simplified approach that integrates new OT security tools with security systems that most companies have already invested in. The integrated approach to security starts with knowing what is connected to the network. Completely passive systems can now build an inventory of mine assets and baseline their conversations so that anomalies get identified quickly. The inventory is passed on to existing security tools automatically so that policies can be built on well-known asset types and locations rather than cryptic network addresses. Roland will demonstrate how you can see the conversations happening between assets in the mine and how you can deal with risky situations.
Cyber Security PHA (Process Hazard Analysis)
Farah Kaboodanian, Control and Automation – Global Discipline Director, Hatch
The Cyber PHA methodology reconciles the process safety and cybersecurity approaches to prevent catastrophic incidents. Modeled on the process safety PHA/HAZOP methodology, a cyber PHA enables cyber risks to be identified and analyzed in the same manner as any other process risk, and, because it can be conducted as a separate follow-on activity to a traditional HAZOP or integrated to HAZOP. It can be used in both existing brownfield sites and newly constructed greenfield sites.
To get involved, click “register”.