VENDOR SECURITY MANAGEMENT

In order for the entire industry to remain resilient to cybersecurity threats, a clear and coherent guideline is needed to provide vendors and operators with best practices and proper guidance. The practical approaches included will be used for the mining industry to provide to vendors and operators in order to increase their resilience to a growing array of local, national, and international cybersecurity threats.

As vendors provide more sophisticated digital technologies to the mining industry, they also allow for new risks of potential cyber threats and attacks. These include data breaches, system/equipment shutdown and hacking, phishing, infiltration through third-party access and cyber espionage.

Therefore, implementing strong cybersecurity is essential for both vendors, as well as the industry as a whole, in order to remain invulnerable to these threats.
In order for the entire industry to remain resilient to these threats, a clear and coherent guideline is needed to provide vendors with best practices and proper guidance.

The practical approaches included will be used for the mining industry to provide to vendors and operators in order to increase their resilience to a growing array of local, national, and international cybersecurity threats.

KEY TOPICS

    • Vendor security and third party management
    • Cybersecurity and proper use of technology
    • Network vulnerability and asset management

PROJECT LATEST UPDATE

2020 Aug | Cybersecurity Working Group call

Project leaders will be presenting the latest outcomes, project plan and defining the next steps for the Project Team. Currently, GMG is seeking volunteers to assist with the content development. Click here to join the call.

PROJECT HISTORY

2020 Jul | Development of the guideline’s table of content

The GMG Technical Editor worked with the Project Leaders to review the outcomes of the three workshops held in May and June, and define a structure for the guideline.

2020 Jun | Workshop

The final workshop was a revision of what has been discussed on the previous workshops, define the content planning and expanded on the following topics of interest: contractual controls, vendor training, case study examples, guiding principles, incident response/disaster recovery plans, remote support, security monitoring fundamentals, and more. Click here to access the outcomes.

2020 May | Initial workshops

Two workshops were held as an initial step to understand which topics are needed to be addressed for the industry. Key topics are security and access control, 5G, IT/OT convergence, cybersecurity assessments, protocols for vendors/operations, Key Risk Indicators (KRIs) and Key Performance Indicators (KRIs) and more. Click here to check out the outcomes.

2020 Apr | Project proposal approval

Project proposal as been approved by the Cybersecurity Steering Committee and will move to the next phase. 

2020 Mar | Project proposal development

Project proposal is under development, and will soon be submitted to Working Group Steering Committee for final approval. To become part of this effort, please contact any GMG staff.

    X