CYBERSECURITY IN MINING from the wider mining vendor community .
“ The newer vendors to this space that are not as established in the mining PLC , automation and industrial control system type of stuff tend to have these controls in-built from the off ,” he said . “ This could be integrated login and user identity access management ; everything you would expect on the corporate side , they are also doing on the control side .
“ Some of the legacy vendors are either trying to bolt on these newer requirements or are looking for ways around it .”
According to Ray , all companies in the mining vendor ecosystem have responsibilities to protect end users .
“ The asset owner , the maintenance service provider , the integration service provider , and finally the product supplier all have clearly defined responsibilities , and must work together ,” she said . “ Industry standards such as IEC 62443 help mining operators and technology providers such as ABB to identify risk : ‘ do we need high-end solutions , or can we afford to employ lesser measures based on the risk exposure ?’”
“ As asset owners , customers are in charge of cybersecurity strategy and associated risk throughout the life cycle . The maintenance service provider reviews the technical , process and organisational measures across the holistic protection scheme to assess if security measures are fit for purpose .
“ The integration service provider develops and validates this holistic protection scheme and maps the residual cybersecurity risk . The product supplier takes into account the requirements of the target market , shares technical documents with integration and commissioning providers , undertakes vulnerability assessments , and ultimately deploys cybersecurity technologies to industrial clients .”
Lee says cybersecurity protocols are improving across the board , but mining companies need to confirm they are asking the right questions to ensure they are getting a secure system . This is becoming more important with every new OT and IT system that is installed to boost productivity , streamline operations , or reduce costs at mine sites or mining company offices .
“ Everything is internet connected these days and every vendor wants their equipment to report into their portal to let them know when they need to replace a bearing , drive , pulley , for instance ,” Lee says .
This leaves the operation susceptible should an attacker want to gain access to site architecture ; a fact Lee is abundantly aware of .
“ While I believe our security controls are above industry norms , we are constantly debating what holes may open up should we implement new solutions to increase production , productivity , etc ,” he said . “ Every system we put in or every change we make has to go through our IT and ICS policy . There are various layers in between that , which need to be considered .”
More miners will in the future be following the example Hudbay has set , and the vendor community needs to acknowledge this when releasing the next
new , shiny solution .
IM
The Operational Technology Cyber Security Alliance ( OTCSA ) has , at its core , an aim to bridge any dangerous gaps in security for operational technology ( OT ) and information technology ( IT ) systems , critical infrastructure and industrial control systems to support and improve the daily lives of citizens and workers in a rapidly evolving world .
Its mission is five-fold . Namely to : n Strengthen cyber-physical risk posture of OT environments and interfaces for OT / IT interconnectivity ; n Guide OT operators on how to protect their OT infrastructure based on a risk management process and reference architectures / designs that are demonstrably compliant with regulations and international standards such as IEC 62443 ; n Guide OT suppliers on secure OT system architectures , relevant interfaces and security functionalities ; n Support the procurement , development , installation , operation , maintenance , and implementation of a safer , more secure critical infrastructure ; and n Shorten the time to adoption of safer , more secure critical infrastructures . In September last year , IntelliSense . io became a new member of OTCSA to further its aim of providing miners with a safer future with secure optimisation technology that can leverage both OT and cloud environments .
IntelliSense . io has been securely deploying artificial intelligence-based based process optimisation applications on OT networks for its customers globally and , it says , has a future-proof platform .
Dr Sandro Barros , CTO , IntelliSense . io , said the convergence of OT and IT networks is exposing industrial control , protection and automation systems to external threats , as seen in the recent past with malwares like Triton that attacked an oil and gas plant , and in Ukraine , that had its power grid taken down by a cyberattack .
“ IntelliSense . io has extensive experience on the deployment of AI applications within OT / IT networks and is eager to add its expertise to
IntelliSense . io has been securely deploying artificial intelligence-based based process optimisation applications on operational technology networks for its customers globally and , it says , has a future-proof platform
developing best practices for secure and reliable solutions for the mining industry ,” Barros added .
Elad Ben-Meir , Executive Board Member of the OTCSA and CEO of SCADAfence , welcomed intelliSense . io as its newest member , explaining there was a need for further collaboration in the cybersecurity environment .
“ As we witness more and more attacks on critical infrastructure , and predictions by Gartner that 75 % of CEOs will be personally liable for cyber-physical security incidents by 2024 , there is no doubt that the collaboration like we have in OTCSA is the key to success ,” Ben-Meir said .
The robust security guidelines of the OTCSA , which IntelliSense . io will contribute to , cover the entire mining life cycle – procurement , development , deployment , installation , operation , maintenance and decommission – and address aspects related to people , process , and technology .
FEBRUARY 2021 | International Mining 67