As mining companies go down the path of digitalization, topics like interoperability, autonomous systems, and network connectivity increase productivity, but they also increase cybersecurity risks arising from connected systems. All global mining stakeholders need to address cybersecurity together, and as an open, global, multistakeholder group, a GMG working group will help mining stakeholders as they look to design safe, secure, reliable and resilient cybersecurity infrastructure that adheres to regulatory, trust, and privacy best practices. The GMG Cybersecurity Working Group will:
The group should support business leaders who need to understand and prioritize cybersecurity decisions and provide mining-specific guidance for technical experts as they look to design and implement cybersecurity systems.
Cybersecurity has been an important consideration across many GMG Working Groups and Projects. There has also been a rise in both interest and expertise within the global mining industry. Leveraging this expertise to accelerate progress for cybersecurity in mining will have significant implications as the industry becomes increasingly digitalized.
The first project for this will be a joint roadmap with the MM-ISAC that itentifies what projects that the two organizations will work on. There will be engagement within the Working Group in November that will culminate in the development of this roadmap.
Activities: white paper, educational content (video)
Activities: guideline, educational content, short course, an MM-ISAC guide for insurance providers assessing cybersecurity, a guide for mining companies doing cybersecurity diligence on third-party suppliers such as engineering firms
Activities: guideline, short course
Activities: a similar guideline for the mining industry to help mining companies diagnose their current levels of maturity and act in accordance.
As noted above, GMG is working closely with the MM-ISAC – who are currently leaders in this space – to collaborate on projects, prevent duplication and identify other efforts outside of our organizations. We also intend to identify and leverage existing cybersecurity standards that are relevant, many of which have been referenced in past projects.
The working group should be composed of practitioners that live and breathe transformation and technology in the mining industry so that the content is relevant and a value-add for the industry. These stakeholders include mine operators, those from technical organizations working on cybersecurity, cybersecurity experts from within mining, and cybersecurity experts from outside mining.
However, throughout the course of specific projects it will also be important to engage non-cybersecurity experts. This includes third party suppliers who will benefit from education in an effort to increase cybersecurity capabilities across the industry.