GMG/MM-ISAC CYBERSECURITY WORKING GROUP

With technological advances and the rise of remote working, the mining industry is susceptible to new and advanced cyber threats and attacks that can cause incredible damage for both mines and suppliers. The GMG/MM-ISAC Cybersecurity Working Group aims to foster awareness, develop a culture of cybersecurity, and provide guidance for the global industry.

Join the Working Group and its Projects 

WHY CYBERSECURITY MATTERS

As the mining industry acquires more sophisticated and efficient digital technologies, these technologies also create new risks for potential cyber threats and attacks. These risks include data breaches, system/equipment shutdown and hacking, phishing, infiltration through third-party access, and cyberespionage. Most of these attacks are targeted at mid-to-large size organizations and can potentially be associated with cyberterrorism. Attacks can result in revenue loss, reputational impact, and misuse of classified information.

Adopting prudent security measures and implementing an integrated cybersecurity management framework is essential for any mining organization to prevent service disruption and react to threats. It is critical to build reliable, secure, and resilient mining operations, to enable secure convergence between operational technology/information technology (OT/IT), and to drive accountability across the entire value chain.

ABOUT THE WORKING GROUP

This working group aims to guide mining stakeholders as they look to design safe, secure, reliable, and resilient cybersecurity infrastructure that adheres to regulatory, trust, and privacy best practices.

The group works in partnership with the Mining and Metals Information Sharing Analysis Centre (MM-ISAC) to collaborate on and identify existing projects and prevent duplication.

OBJECTIVES

  • Drive convergence between IT/OT by developing security guidelines, a governance framework, dealing with legacy and emerging technologies, and security standards
  • Create a culture of cybersecurity, phishing awareness and preventive detection in the mining industry
  • Develop industry guidance on topics such as IT/OT management, data discovery and protection, vendor security management, asset identification/inventory, incident response plan, and other selected topics agreed upon by the working group
  • Foster cybersecurity awareness and education at all levels of the industry
  • Enable a global community of subject matter experts, operators, leaders from inside and outside the mining industry, and those interested in cybersecurity to collaborate and share experiences

PARTNER

GMG Cybersecurity Working Group MMISAC

ACTIVE PROJECTS AND SUB-COMMITTEES

Vendor Security Management

This project is to develop an actionable guideline for operators and vendors to apply when interacting with new and existing technology in the face of cybersecurity threats to enable a resilient supply chain. The practical approaches included intend to provide clear steps to identify solutions to vulnerabilities in the vendor/operator system, understand how the industry is connected, and provide guidance on asset management practices as these areas relate to enhancement of mine site cybersecurity.  Learn more

Cybersecurity White Paper Development Sub-Committee

The sub-committee aims to provide education on several timely and important topics related to cybersecurity in mining. The white papers with topics identified as being top priority are now being worked on by participants.

  • Cybersecurity and Remote Work
  • IT/OT Convergence
  • Data Protection
  • Cloud Partner Selection

Learn more

KNOWLEDGE SHARING PRESENTATIONS

What Will Influence Your Next Cyber Strategy? (Video)

This presentation will consider some of the challenges that all organisations face and will need to keep front of mind when developing their next cyber security strategy. These challenges include “Killing the Noise”, “Preparing for the Horde”, and “Amazingly Clever New Malware?” Broadly speaking, there has been a lot of investment made to improve cyber security and we are doing a reasonable job at keeping up. However, rather than patting ourselves on the back and looking over the horizon as part of our next strategy, there is a strong case to be doubling down on getting the basics right. Click here to watch.

Know Who’s Talking in The Mine (Video)

Cybersecurity starts with visibility into what conversations are occurring between assets in the mine and whether they should be. With the increased digitization of mining assets the number of systems relying on the network has increased significantly. In addition to safety systems, control systems and push to talk communications there are also mobile fleet management systems, tele-remote systems and video communications that all need to be secured from each other and outsiders. The complexity of mine communication has increased significantly and Roland brings a simplified approach that integrates new OT security tools with security systems that most companies have already invested in. Click here to watch.

Lessons Learned: Implementing a cyber security training and awareness program (Video)

Successfully implementing an IT Security Awareness program can be challenging. When it is competing for people’s time against other training programs that focus on physical safety or are directly in line with employees regular duties it is even more challenging. In mining companies, and other similar manufacturing businesses, there is an incredible focus put on the physical safety of our employees, environment and equipment. This can have the effect that training courses on a less tangible topic like IT security can be seen as a waste of time or that the time could be better spent on something “real”. While ultimately the physical safety of our people is the most important, the safety of our data, systems and networks needs to be ensured as well. Click here to watch.

Cyber Security Process Hazard Analysis (Video)

The Cyber PHA methodology reconciles the process safety and cybersecurity approaches to prevent catastrophic incidents. Modeled on the process safety PHA/HAZOP methodology, a cyber PHA enables cyber risks to be identified and analyzed in the same manner as any other process risk, and, because it can be conducted as a separate follow-on activity to a traditional HAZOP or integrated to HAZOP. It can be used in both existing brownfield sites and newly constructed greenfield sites. Click here to watch.

MM-ISAC Industry Threat Report (Video)

The Mining and Metals ISAC (MM-ISAC) is a non-profit, industry-owned corporation established to improve the cyber security of metals and mining companies. Its goal is to protect members against incidents that could impact safety, environmental sustainability, or operational productivity. This mission will be achieved by sharing threat and vulnerability information, managing industry contingency planning, providing opportunities for training security staff and incident response teams. Click here to watch.

X