With technological advances, the mining industry is susceptible to cyber threats and attacks that can cause incredible damage. The GMG/MM-ISAC Cybersecurity Working Group aims to foster awareness, develop a culture of cybersecurity and provide guidance for the global industry.
WHY IT IS IMPORTANT FOR THE MINING INDUSTRY
As the mining industry acquires more sophisticated and efficient digital technologies, these technologies also create new risks for potential cyber threats and attacks. These include data breaches, system/equipment shutdown and hacking, phishing, infiltration through third-party access and cyber espionage.
Therefore, adopting prudent security measures and implementing an integrated cybersecurity management framework to prevent service disruption and react to threats is essential for any mining organization.
Most of these attacks are targeted to corporations or mid-large size organizations, and can potentially be involved with cyberterrorism and crime-rings. They may result in revenue loss, reputational impact and misuse of classified information.
Therefore, it is critical to build reliable, secure and resilient mining operations, drive convergence between operational technology/information technology (OT/IT) against these threats and drive accountability across the entire value chain.
ABOUT THE WORKING GROUP
The GMG/MM-ISAC Cybersecurity Working Group aims to drive OT/IT convergence for centralized, cost efficient, monitored and safe management in mines. A global network of SMEs, operators, leaders from inside and outside the mining industry and those interested in cybersecurity will collaborate to develop practical runbooks, guidelines and protocols to enable secure and resilient systems and networks. Fostering cybersecurity awareness at all-levels of the industry will be a key effort from this group as well.
Drive convergence between IT/OT by developing security guidelines, a governance framework, dealing with legacy and emerging technologies, and security standards
Create a culture of cybersecurity, phishing awareness and preventive detection in the mining industry
Develop playbooks, runbooks, guidelines and standards for IT/OT management, data discovery and protection, vendor security management, asset identification/inventory, incident response plan, and more.
Vendor Security Management
The project will serve as an actionable guideline for operators and vendors to apply when interacting with technology. It aims to understand what and how vendors connect to networks, their vulnerability spots and asset management practices. Learn more.
This presentation will consider some of the challenges that all organisations face and will need to keep front of mind when developing their next cyber security strategy. These challenges include “Killing the Noise”, “Preparing for the Horde”, and “Amazingly Clever New Malware?” Broadly speaking, there has been a lot of investment made to improve cyber security and we are doing a reasonable job at keeping up. However, rather than patting ourselves on the back and looking over the horizon as part of our next strategy, there is a strong case to be doubling down on getting the basics right. Click here to watch.
Cybersecurity starts with visibility into what conversations are occurring between assets in the mine and whether they should be. With the increased digitization of mining assets the number of systems relying on the network has increased significantly. In addition to safety systems, control systems and push to talk communications there are also mobile fleet management systems, tele-remote systems and video communications that all need to be secured from each other and outsiders. The complexity of mine communication has increased significantly and Roland brings a simplified approach that integrates new OT security tools with security systems that most companies have already invested in. Click here to watch.
Successfully implementing an IT Security Awareness program can be challenging. When it is competing for people’s time against other training programs that focus on physical safety or are directly in line with employees regular duties it is even more challenging. In mining companies, and other similar manufacturing businesses, there is an incredible focus put on the physical safety of our employees, environment and equipment. This can have the effect that training courses on a less tangible topic like IT security can be seen as a waste of time or that the time could be better spent on something “real”. While ultimately the physical safety of our people is the most important, the safety of our data, systems and networks needs to be ensured as well. Click here to watch.
The Cyber PHA methodology reconciles the process safety and cybersecurity approaches to prevent catastrophic incidents. Modeled on the process safety PHA/HAZOP methodology, a cyber PHA enables cyber risks to be identified and analyzed in the same manner as any other process risk, and, because it can be conducted as a separate follow-on activity to a traditional HAZOP or integrated to HAZOP. It can be used in both existing brownfield sites and newly constructed greenfield sites. Click here to watch.
The Mining and Metals ISAC (MM-ISAC) is a non-profit, industry-owned corporation established to improve the cyber security of metals and mining companies. Its goal is to protect members against incidents that could impact safety, environmental sustainability, or operational productivity. This mission will be achieved by sharing threat and vulnerability information, managing industry contingency planning, providing opportunities for training security staff and incident response teams. Click here to watch.