Six practical ways to build cyber resilience in mining

December 10, 2018

Back in the day, cyber security in mining was limited to protecting critical IT systems from natural disasters or physical tampering. Today, with a connected work environment, a mine’s "attack surface" has increased exponentially–leading to a new raft of nightmare scenarios for mine executives to contend with.

Let’s be clear, the industry’s digital transformation comes with massive benefits. On mine sites across Australia, autonomous vehicles, haulage and drilling systems are improving workplace safety and creating production efficiencies.

But, with an increasing number of connected devices and systems, connected mine sites are more vulnerable than ever before to cyber security breaches and attacks from criminals, hacktivists, competitors and other nation states.

And you don’t have to be an evil genius to bring a mine to a halt.

An employee inadvertently clicking on a malware email can now compromise critical systems, meaning the whole mine has to be shut down while the issue is resolved. Even an hour of unplanned down time will have cascading effects across a global supply chain.

So, how can mines build cyber resilience and grow with confidence?

You need to evaluate your existing vulnerabilities and build in security from the outset. Above all, this means taking an end-to-end view rather than a siloed view of potential threats. In other words, define the "service" being provided as the mine’s primary asset–and IT networks and equipment as support structures rather than stand-alone entities.

Bear in mind:

Your assets are highly federated–with many third parties involved in extracting and processing minerals. You need to identify all operational technology assets–each with their own IP address–and secure the way third parties interact with them.
Your people still need protecting–automation has significantly reduced harms resulting from explosions and other accidents. But don’t forget the new risks being created in a connected mine. Many physical devices can be manipulated beyond their mechanical tolerance through cyber means, causing overheating or toxic leaks.
Your technology suppliers are your responsibility–manage your own risk profile. Don’t just assume your technology partners are doing the right thing.

Proactive, not reactive

Future security systems should be able to automatically manage complex risk decisions, reducing the potential for human error. They will clearly understand what is "normal", issue automatic alerts when something "abnormal" occurs and orchestrate a response. Human interventions will be limited to only those where a judgement is required, as well as new circumstances where machines need to be "taught".

Six practical steps to start developing cyber resilience

Update your organizational threat model
It’s time to revisit what’s important in your organization by understanding what assets are required to deliver the business outcome, the relevant threats and vulnerabilities for your industry and regions, and what security controls are in place.
Build a strong foundation
Gain visibility over IT and OT systems/assets, understand their criticality, and recognize which threats you are exposed to. Identify high-value assets and harden them. Prioritize legacy systems. And prepare for the worst.
Pressure test resilience like an attacker
Enhance both red attack and blue defense teams with player-coaches that use threat intelligence and communicate closely to provide analysis on where improvements need to be made.
Employ breakthrough technologies
Automate defenses. Use automated orchestration capabilities and advanced behavioral analytics.
Be proactive and use threat hunting
Develop strategic and tactical threat intelligence. Monitor for anomalous and suspicious activity. Consolidate all threat information in your organization, then develop the support structures to effectively manage it. This consolidated view of threats should allow you to understand and prepare for threats in your landscape.
Adapt the role of the CISO
Progress the next-generation CISO–business adept and tech-savvy.

In order to embrace the future and all the technological advances that will impact the mining landscape, cyber resilience is paramount. Only with security at the heart of operations and culture can organizations truly grow with confidence.