VENDOR SECURITY MANAGEMENT

In order for the entire industry to remain resilient to cybersecurity threats, a clear and coherent guideline is needed to provide vendors and operators with best practices and proper guidance. The practical approaches included will be used for the mining industry to provide to vendors and operators in order to increase their resilience to a growing array of local, national, and international cybersecurity threats.

As vendors provide more sophisticated digital technologies to the mining industry, new risks for potential cyber threats and attacks arise. These include data breaches, system/equipment shutdown and hacking, phishing, infiltration through third-party access and cyber espionage.

Therefore, implementing strong cybersecurity is essential for both vendors, as well as the industry as a whole, in order to remain invulnerable to these threats.
In order for the entire industry to remain resilient to these threats, a clear and coherent guideline is needed to provide vendors and mining companies with best practices and proper guidance.

The practical approaches included will be used for the mining industry to provide to vendors and operators in order to increase their resilience to a growing array of local, national, and international cybersecurity threats.

KEY TOPICS/GUIDELINE TABLE OF CONTENTS

      1. Introductory Content – Will outline the scope, industry context, objective statement and related work.
      2. General Cybersecurity Recommendations – Discusses minimum security requirements, key risks to watch for, incident response plan and measures of success. 
      3. Technical Framework and Architecture – Addresses technical roles and responsibilities, process of triaging vendors, contractual controls, different technical categories and framework methodology. 
      4. Use Cases – Section champions are working to develop use cases related to vendor security management. 
      5. Validation and Certification – Focus on standard requirements, continuous monitoring and compliance resources. 
      6. Training and Support – Materials on internal and external importance, training for procurement personnel, training for various security levels of vendors and outlining contractual clauses and what an optimal contractual clause may look like. 

 

Do you have expertise in any of the above areas of cybersecurity? Consider volunteering for this project. Click here to get involved today.

PROJECT HISTORY

2021 Feb | Section champions for guideline development 

Volunteers have begun work on creating guideline content. This content will be headed by section champions who have agreed to lead certain sections of the guideline development process.

2020 Jul | Development of the guideline’s table of contents

The GMG Technical Editor worked with the Project Leaders to review the outcomes of the three workshops held in May and June, and define a structure for the guideline.

2020 Jun | Workshop

The final workshop was a revision of what has been discussed on the previous workshops, define the content planning and expanded on the following topics of interest: contractual controls, vendor training, case study examples, guiding principles, incident response/disaster recovery plans, remote support, security monitoring fundamentals, and more. Click here to access the outcomes.

2020 May | Initial workshops

Two workshops were held as an initial step to understand which topics are needed to be addressed for the industry. Key topics are security and access control, 5G, IT/OT convergence, cybersecurity assessments, protocols for vendors/operations, Key Risk Indicators (KRIs) and Key Performance Indicators (KRIs) and more. Click here to check out the outcomes.

2020 Apr | Project proposal approval

Project proposal as been approved by the Cybersecurity Steering Committee and will move to the next phase. 

2020 Mar | Project proposal development

Project proposal is under development, and will soon be submitted to Working Group Steering Committee for final approval. To become part of this effort, please contact any GMG staff.

X