Cybersecurity in the Mining industry

Cybersecurity in the Mining industry

Mining is the extraction of valuable minerals, metals, fossil fuels, or other geological materials from the earth. Many of the industrial materials that we know and are used as the basic ingredients in most of the industries in the modern world are produced using mining processes of extraction of the raw materials from ore, seams, lodes, veins, or reefs.

?The exploitation of the earth's resources for producing the raw materials is based on economic viability. After calculating all the expenses along the processes and including the costs of the mining rights , equipment and equipment maintenance, labor, energy consumption, waste treatment, and the transportation of the raw materials to the consumers.

The profitability of the mine is determined by two types of parameters, the first is a collection of fixed parameters, part of which are?the location and geological characteristics of the site, like the density of the materials on the ground, the complexity of the extraction process, and transportation options and cost. The second group of parameters are related to the mine's operational model,?efficiency, technologies and equipment, the stability of the systems, safety, and issues that might impact the production processes.

In the global economic world of today’s, the target markets of the mining industry are very competitive and any undesired impact on the production process may lead to a significant reduction in the mine's profitability or may even cause operational losses in severe cases.

Heavy machinery is used in mining to remove and stockpile overburden, breaking and removing rocks of varying hardness and toughness, and to process the ore. Explosives are used on the surface and tunnels in sub-surface mining. Safety has long been a concern in the mining business, especially in sub-surface mining. The Courrières mine disaster caused the death of 1,099 miners in Northern France on March 10, 1906, it is considered Europe's worst mining accident, and was surpassed only by the Benxihu Colliery accident in China on April 26, 1942, which killed 1,549 miners.

Mining today is substantially safer than it was in previous decades, mostly because of the modern industrial control systems that improved the production process. As of today, the mining industry depends upon sensors to run their operations, monitor the safety systems, and detect issues, before their appearance. The technology ensuring that the input flowing into the control - center is analyzed in real-time and provides accurate indications of the system's sanity. AI technologies and machine learning technologies help increase the efficiency and safety of the site.

?Although these systems and technologies are a big improvement in the production lines and are a welcomed change in the mining industry operation mode, the exposure of the mines to cyber threats and the new risks increased dramatically over time. The traditional practice in the mining industry was, until recently, to "air-gap” the OT network from the external world and to secure the IT network with the latest and greatest technologies that were available in the market, under the assumption that these systems are noncritical systems in the production chain. As in other OT industries, the modernization process and the emerging technologies require more and more connectivity, the sharing of data, and data exchange between the production systems, for the abovementioned reasons.

A typical Mining network drawing

No alt text provided for this image


A good example of a cyber-attack in the mining industry is the ransomware attack on Weir, Scotland’s biggest engineering firm. In this case, attackers exploited an outdated system and forced Weir to shut down some operations, which led to many delayed shipments and resulted in a loss of more than £50 m in revenue.


Key cyber threats to the mining industry

Mining companies identified the key cyber threats and the threat actors in their industry:

  • Ransomware
  • Activists/hacktivists
  • Disgruntled insiders

These threats are common to other industries; however, ransomware has surged to the top of the list since the start of the COVID-19 pandemic.

?

What are the pillars of the cyber security defense strategy??

Cyber governance

We define a “Cyber Security Posture” as the strength of the defensive cybersecurity measures that companies have implemented, compared to the best practice in the industry, based on the cybersecurity risks and threats, to significantly reduce the impact should a breach occur. A key component of a cybersecurity posture is defining the cyber governance structure, including policies, roles and responsibilities, and management oversight.

?

IT inventory and patching

A key component of an effective cybersecurity strategy is understanding the organization’s IT assets, monitoring those assets for potential cyber attacks and keeping those assets patched. Patching of IT systems is a key measure to ensure that new vulnerabilities are resolved. Keeping the IT inventory up to date allows the organization to identify potential issues, e.g., devices or software that reach their end of life or end of support and planning to upgrade or replace them. The inventory is a starting point for managing the patching cycle, by identifying key devices/software that support critical functions or processes that should be patched first. The inventory is also a key source of information to support ongoing monitoring for cyber attacks.

?

Digital mining and OT

In the recent years, the world of OT has greatly evolved and many new solutions have been developed. These new solutions increase automation, add “smart” devices, make data more efficient and available and interconnect networks for integration with systems and technologies that are based on shared and powerful computing power like AI, Big Data, etc.

As part of the interconnectivity, and to make OT components more accessible while being able to collect and analyze data about them, IT and OT networks are also becoming interconnected. While this opens door to great new opportunities, it also introduces a vast landscape of cybersecurity threats to what was once an air-gapped network.

What should mining companies do to improve their cyber security posture?


Threat Modeling

Threat modeling is a process that allows the organization's cybersecurity teams to identify and prioritize the potential cyber risks to their businesses, facilities, and assets. The outcome of the threat modeling will be the use the security teams to create a security plan that will address the risks by relevancy, potential impact, and by the risks' probabilities. This will enable the organizations to invest their resources and efforts efficiently.


Cyber Security Assessment (CSA)

A cybersecurity assessment is a process that provides a clear and detailed image of an organization’s current cybersecurity posture. The assessment plan should be aligned with the organization’s business needs and to combine the site's unique systems and requirements into the process. Security assessments for mining companies and mines are conducted in compliance with the OT and IT security standards. The purpose of these assessments is to identify vulnerabilities in physical structures, personnel protection and safety systems, and business processes, that may lead to a security incident. The CSA be built upon the existing security assessment outcomes and should assess the following domains in compliance with the latest OT security standards, general OT cybersecurity frameworks (NIST, ISA/IEC 62433), and the best common practice in the mining industry:

  • ?Identification and categorization of all assets and systems to evaluate their criticality to the mine operation model and determine their dependencies (internal and external).
  • Identification of the mine's business processes that depend on the above identified assets and infrastructure and evaluates the potential business impact of?an incident.
  • Mapping of the risks and potential threats to each asset and infrastructure, with the related identified vulnerabilities, and assess the likelihood of their occurrence, and determine the priority of each mitigation step, and the security measures required to.
  • Identification, assessment, selection, and prioritization of controls, mitigation, and procedural changes, based on the level of effectiveness in reducing the risk, the potential impact on the mine operations and their costs.
  • Identification of the acceptability of the overall residual risk, human factors, and weaknesses in the infrastructure, policies, and procedures, based on the selected portfolio of controls and mitigation

?

Cyber Security Plan (CSP)??

A cybersecurity strategic plan is a clear and detailed plan that standardizes security across an organization. It helps the organization shift from reactive to proactive security, ensuring that they are ready and prepared to respond to various relevant threats. The cybersecurity plan covers all the technical and operational aspects that may expose the organization to cyber risks and includes the operational teams as well as the senior management teams, across the organization. Whether the mines and mines’ facilities have a security plan or are building one, the results of the security assessments should be reflected in it. This plan should address the risks mapped in the assessment, along with appropriate security measures designed to minimize them and their potential consequences. It is intended that, wherever appropriate, the Cyber Security Plan should be embedded in the mine’s global Security Plan.

A CSP should fulfill the same function as the security plan for the issues identified in the CSA, also considering the impact of measures set out in the security plan for the mine/mine’s facility.

When developing the CSP, a holistic approach must be adopted, covering the people, process, physical and technological aspects of each of the mine?assets. From a cybersecurity perspective, the CSP should contain or reference:

  • The policies that set out the security-related business rules are derived from the assessment outcome.
  • The processes and procedures that are derived from the security policies, and that provide guidance on their consistent implementation, throughout the assets' lifecycle and their use in the mine.
  • The mine’s personnel cybersecurity awareness programs must be aligned with the CSP. A significant number of security breaches caused by people and/or poor processes, personnel, processes, and physical aspects directly related to the technological systems for which cybersecurity measures are required must also be also considered and appropriate measures put into place

?

Managing cyber security

A mine should stablish a cybersecurity management framework through the creation of the CSA and CSP, including a governance model for executing and monitoring cybersecurity-related activities:

  • The identification of the individuals responsible for the cybersecurity of the mine and the mine’s facilities, with an individual fulfilling this role being designated as a CISO OT.
  • Evaluation of emerging technologies and cyber threats' evolution regularly.
  • Implementation plan for new security controls, security products, and new technologies.

?

Security Operations Center (SOC), at the global corporation level

The SOC acts as a centralized unit dealing with security issues that affect a mine/mine’s facility, including those relating to cybersecurity and may form a part of operations’ central supervising the mine, controlling access and managing business continuity and disaster recovery activities. cybersecurity is an integral part of the wider mine’s security. It is about maintaining the integrity and availability of information and systems, ensuring business continuity, and protecting cyber assets from the growing vulnerability arising out of the ‘internet of things’ (IoT).

The key functions of a SOC are to:

  • Observe, by maintaining situational awareness: i.e., to understand potential emerging and actual threats to the mine’s operations. Observation includes detection of unauthorized changes to the mine’s systems or mine’s data, non - secure modes of operation and unauthorized access to mine’s assets.
  • Orient, by analyzing the risk to operations from new or changed threats and determine whether proactive measures must reduce the risk to an acceptable level.
  • Decide, what action may be appropriate either to deny further access to the mine's assets or to respond to the event by identifying suitable controls and mitigation.
  • Act, by implementing the decision(s).

?

要查看或添加评论,请登录

Tomer Maor的更多文章

  • NIS2 Directive(???????)

    NIS2 Directive(???????)

    ??? ?????? NIS2 (NIS2 Directive)? ?????? NIS2 ???? ?????? ???? ?? ??????? ?????? ?????? ??????? (EU) ??????? ?????? ???…

    2 条评论
  • Cybersecurity for Hardware based Products Vendors

    Cybersecurity for Hardware based Products Vendors

    In the past decades, the technological environment, which allows us to enjoy the benefits and advantages of the modern…

    3 条评论
  • Cyber Security in Ports

    Cyber Security in Ports

    Ports serve as important transportation hubs that facilitate goods movement to businesses in local communities and…

社区洞察

其他会员也浏览了