VENDOR SECURITY MANAGEMENT

ABOUT THE PROJECT

The project is to develop an actionable guideline for operators and vendors to apply when interacting with new and existing technology in the face of cybersecurity threats to enable a resilient supply chain.  

The practical approaches included intend to provide clear steps to identify solutions to vulnerabilities in the vendor/operator system, understand how the industry is connected and provide guidance on asset management practices as these areas relate to enhancement of mine cybersecurity.  

This guideline aims to create a common baseline for the industry and describe and reference best practices to: 

  • Reduce the probability of cyberattacks perpetrated by hackers exploiting security risks.  
  • Improve understanding cybersecurity risks and how to assess them 
  • Help lower-performing organizations meet industry standards 
  • Accelerate vendor assessment processes 
  • Improve conversations about security with vendors 
  • Reduce consulting overhead for identifying risk vendors 
  • Help IT/OT involvement in mergers and acquisitions activities 
  • Help operations understand what internal controls to put into place to address vendor security weaknesses 

This project is led by the GMG/MM-ISAC Cybersecurity Working Group

KEY TOPICS 

  • General Cybersecurity RecommendationsDiscusses minimum security requirements, key risks to watch for, incident response plan, and measures of success. 
  • Technical Framework and ArchitectureAddresses technical roles and responsibilities, process of triaging vendors, contractual controls, different technical categories, and framework methodology. 
  • Use Cases: Provides use cases that can be used to identify the onsite needs and categories of security risk associated with different types of vendors and understand how vendors and mining operations can establish an agreed approach to managing them 
  • Validation and Certification: Includes sections on standard requirements, continuous monitoring, and compliance resources. 
  • Training and Support: Materials on internal and external importance, training for procurement personnel, training for various security levels of vendors, and guidance on contractual clauses. 

INDUSTRY VALUE 

With the adoption of more sophisticated digital technologies in the mining industry, the risks of potential cyber threats and attacks increase. The physical presence of vendors at mine operations is also considered a potential risk, making the business vulnerable to such threats as data breaches, system/equipment shutdown and hacking, phishing, infiltration through third-party access, and cyber espionage. Therefore, implementing a strong cybersecurity plan is essential for all parties to reduce relative risks. 

GET INVOLVED

This guideline is currently in content generation and seeking volunteers to develop content. Do you have expertise in any of the above areas of cybersecurity? Contact us using the form below and we’ll get back to you with more details.  

    X