Cybersecurity in the Mining industry
Tomer Maor
Chief Technology Officer | Cybersecurity products & Services | Building High-Performance Tech Teams | Driving Business & Strategic Partnerships
Mining is the extraction of valuable minerals, metals, fossil fuels, or other geological materials from the earth. Many of the industrial materials that we know and are used as the basic ingredients in most of the industries in the modern world are produced using mining processes of extraction of the raw materials from ore, seams, lodes, veins, or reefs.
?The exploitation of the earth's resources for producing the raw materials is based on economic viability. After calculating all the expenses along the processes and including the costs of the mining rights , equipment and equipment maintenance, labor, energy consumption, waste treatment, and the transportation of the raw materials to the consumers.
The profitability of the mine is determined by two types of parameters, the first is a collection of fixed parameters, part of which are?the location and geological characteristics of the site, like the density of the materials on the ground, the complexity of the extraction process, and transportation options and cost. The second group of parameters are related to the mine's operational model,?efficiency, technologies and equipment, the stability of the systems, safety, and issues that might impact the production processes.
In the global economic world of today’s, the target markets of the mining industry are very competitive and any undesired impact on the production process may lead to a significant reduction in the mine's profitability or may even cause operational losses in severe cases.
Heavy machinery is used in mining to remove and stockpile overburden, breaking and removing rocks of varying hardness and toughness, and to process the ore. Explosives are used on the surface and tunnels in sub-surface mining. Safety has long been a concern in the mining business, especially in sub-surface mining. The Courrières mine disaster caused the death of 1,099 miners in Northern France on March 10, 1906, it is considered Europe's worst mining accident, and was surpassed only by the Benxihu Colliery accident in China on April 26, 1942, which killed 1,549 miners.
Mining today is substantially safer than it was in previous decades, mostly because of the modern industrial control systems that improved the production process. As of today, the mining industry depends upon sensors to run their operations, monitor the safety systems, and detect issues, before their appearance. The technology ensuring that the input flowing into the control - center is analyzed in real-time and provides accurate indications of the system's sanity. AI technologies and machine learning technologies help increase the efficiency and safety of the site.
?Although these systems and technologies are a big improvement in the production lines and are a welcomed change in the mining industry operation mode, the exposure of the mines to cyber threats and the new risks increased dramatically over time. The traditional practice in the mining industry was, until recently, to "air-gap” the OT network from the external world and to secure the IT network with the latest and greatest technologies that were available in the market, under the assumption that these systems are noncritical systems in the production chain. As in other OT industries, the modernization process and the emerging technologies require more and more connectivity, the sharing of data, and data exchange between the production systems, for the abovementioned reasons.
A typical Mining network drawing
A good example of a cyber-attack in the mining industry is the ransomware attack on Weir, Scotland’s biggest engineering firm. In this case, attackers exploited an outdated system and forced Weir to shut down some operations, which led to many delayed shipments and resulted in a loss of more than £50 m in revenue.
Key cyber threats to the mining industry
Mining companies identified the key cyber threats and the threat actors in their industry:
These threats are common to other industries; however, ransomware has surged to the top of the list since the start of the COVID-19 pandemic.
?
What are the pillars of the cyber security defense strategy??
Cyber governance
We define a “Cyber Security Posture” as the strength of the defensive cybersecurity measures that companies have implemented, compared to the best practice in the industry, based on the cybersecurity risks and threats, to significantly reduce the impact should a breach occur. A key component of a cybersecurity posture is defining the cyber governance structure, including policies, roles and responsibilities, and management oversight.
?
IT inventory and patching
A key component of an effective cybersecurity strategy is understanding the organization’s IT assets, monitoring those assets for potential cyber attacks and keeping those assets patched. Patching of IT systems is a key measure to ensure that new vulnerabilities are resolved. Keeping the IT inventory up to date allows the organization to identify potential issues, e.g., devices or software that reach their end of life or end of support and planning to upgrade or replace them. The inventory is a starting point for managing the patching cycle, by identifying key devices/software that support critical functions or processes that should be patched first. The inventory is also a key source of information to support ongoing monitoring for cyber attacks.
?
Digital mining and OT
In the recent years, the world of OT has greatly evolved and many new solutions have been developed. These new solutions increase automation, add “smart” devices, make data more efficient and available and interconnect networks for integration with systems and technologies that are based on shared and powerful computing power like AI, Big Data, etc.
领英推荐
As part of the interconnectivity, and to make OT components more accessible while being able to collect and analyze data about them, IT and OT networks are also becoming interconnected. While this opens door to great new opportunities, it also introduces a vast landscape of cybersecurity threats to what was once an air-gapped network.
What should mining companies do to improve their cyber security posture?
Threat Modeling
Threat modeling is a process that allows the organization's cybersecurity teams to identify and prioritize the potential cyber risks to their businesses, facilities, and assets. The outcome of the threat modeling will be the use the security teams to create a security plan that will address the risks by relevancy, potential impact, and by the risks' probabilities. This will enable the organizations to invest their resources and efforts efficiently.
Cyber Security Assessment (CSA)
A cybersecurity assessment is a process that provides a clear and detailed image of an organization’s current cybersecurity posture. The assessment plan should be aligned with the organization’s business needs and to combine the site's unique systems and requirements into the process. Security assessments for mining companies and mines are conducted in compliance with the OT and IT security standards. The purpose of these assessments is to identify vulnerabilities in physical structures, personnel protection and safety systems, and business processes, that may lead to a security incident. The CSA be built upon the existing security assessment outcomes and should assess the following domains in compliance with the latest OT security standards, general OT cybersecurity frameworks (NIST, ISA/IEC 62433), and the best common practice in the mining industry:
?
Cyber Security Plan (CSP)??
A cybersecurity strategic plan is a clear and detailed plan that standardizes security across an organization. It helps the organization shift from reactive to proactive security, ensuring that they are ready and prepared to respond to various relevant threats. The cybersecurity plan covers all the technical and operational aspects that may expose the organization to cyber risks and includes the operational teams as well as the senior management teams, across the organization. Whether the mines and mines’ facilities have a security plan or are building one, the results of the security assessments should be reflected in it. This plan should address the risks mapped in the assessment, along with appropriate security measures designed to minimize them and their potential consequences. It is intended that, wherever appropriate, the Cyber Security Plan should be embedded in the mine’s global Security Plan.
A CSP should fulfill the same function as the security plan for the issues identified in the CSA, also considering the impact of measures set out in the security plan for the mine/mine’s facility.
When developing the CSP, a holistic approach must be adopted, covering the people, process, physical and technological aspects of each of the mine?assets. From a cybersecurity perspective, the CSP should contain or reference:
?
Managing cyber security
A mine should stablish a cybersecurity management framework through the creation of the CSA and CSP, including a governance model for executing and monitoring cybersecurity-related activities:
?
Security Operations Center (SOC), at the global corporation level
The SOC acts as a centralized unit dealing with security issues that affect a mine/mine’s facility, including those relating to cybersecurity and may form a part of operations’ central supervising the mine, controlling access and managing business continuity and disaster recovery activities. cybersecurity is an integral part of the wider mine’s security. It is about maintaining the integrity and availability of information and systems, ensuring business continuity, and protecting cyber assets from the growing vulnerability arising out of the ‘internet of things’ (IoT).
The key functions of a SOC are to:
?