Cybersecurity is Critical to Epiroc’s Digital Transformation

Cybersecurity is Critical to Epiroc’s Digital Transformation

Cybersecurity is mission-critical to Epiroc as it deploys digitalisation, automation and electrification to drive enhanced productivity & sustainability

The mining industry has historically been characterised by its heavy reliance on manual labour and mechanical technologies. Mining operations, deeply rooted in physical processes like drilling, blasting and hauling, have traditionally required significant human intervention and on-site decision-making. 

But today, as the world evolves, mining companies are scrambling to keep pace with rapid technological advancements, shifting safety imperatives and growing environmental consciousness.

Nowhere is this change more evident than at Epiroc, a global leader in mining and infrastructure equipment. With cutting-edge technology, Epiroc develops and produces innovative drill rigs, rock excavation and construction equipment, and provides world-class service and consumables. Founded in Stockholm, Sweden, the company is made up of almost 18,000 passionate employees who support and collaborate with customers in more than 150 countries.

Recent years have seen a flurry of technological innovations that are upending traditional mining practices. Autonomous haul trucks, AI-powered predictive maintenance, and advanced sensor networks are just a few examples of the digital tools reshaping the industry. At the same time, growing regulatory pressure and societal demands are compelling mining companies to prioritise worker wellbeing and environmental stewardship like never before.

As Epiroc navigates this complex and rapidly evolving landscape, the company's commitment to innovation and safety is emerging as a defining hallmark. From embracing cutting-edge technologies to fostering a culture of adaptability, Epiroc is charting a course that could serve as a blueprint for the mining industry’s transformation.

At the forefront of this revolution is Markus Küchler, Epiroc’s Head of IT Security, who is steering his function with a unique blend of technical acumen and people-centric leadership.

Küchler’s journey to Epiroc has been anything but conventional. With both a military and law enforcement background, he has leveraged his managerial skills to navigate the complex landscape of cybersecurity and technological innovation.

“I'm quite proud that, even without a technical background, I've managed to acquire sufficient technical acumen at a managerial level to make informed decisions about innovative technologies. Originally, my training was in law enforcement and legal fields, which are more humanistic disciplines.

“While I may have lacked a deep technical background, I recognised early on that I could focus on people management, driving change and developing individuals and organisations,” he explains.

Küchler’s role at Epiroc proved to be an excellent fit from the start, allowing him to leverage his extensive experience from similar roles in defence manufacturing at Saab and the telecommunications giant, Ericsson.

“What particularly stood out at Epiroc was that – just a week after I began – our senior management had already decided to adopt and support a comprehensive cybersecurity strategy. Being able to immediately execute a well-conceived and robust strategy was a wonderful way to begin my time here.”

Adopting a people-focused approach has been a recurring theme in Küchler's career, and it has served him well in his current role at Epiroc. “Some of my proudest achievements involve elevating our technological, procedural, competence, and skill levels,” he says.

Taking an ‘anti-fragile’ approach to cybersecurity

Küchler's philosophy on cybersecurity is heavily influenced by the work of Nassim Taleb, the renowned author and risk analyst. Embracing an ‘anti-fragile’ approach, Küchler and his team aim to thrive in chaos and unstructured situations, extracting valuable lessons to enhance Epiroc’s processes when it comes to cybersecurity. 

“Imagine how beneficial it would be if we could thrive in chaos and unstructured situations, becoming stronger and more resilient as we navigate through them,” he explains. “The mindset should be to not fear disruptions or incidents, but rather to limit their negative impacts and emerge stronger.”

This adaptability and willingness to experiment are crucial as Epiroc navigates its transformation from a traditional manufacturing company to a technology-driven one. Technologies such as digitalisation, electrification, automation and autonomous capabilities are no longer just advantageous; they are essential to the company's success.

“The potential of AI-powered automation to adaptively manage situations as they arise is tremendous, though we're cautious about setting rigid rules based on our limited understanding of its future trajectory, particularly in areas like AI and machine learning,” Küchler adds.

“Society is still in the early stages of understanding the rapid advancements and implications of these technologies. We believe in actively experimenting and learning before establishing fixed rules, as starting with too many constraints could impede business progress. We aim to foster a business environment that moves swiftly and adaptively, supported by our evolving understanding and technological capabilities.”

Evolution at Epiroc: Rapid pace of transformation

As it looks to become a technology-driven company, the pace of change at Epiroc is accelerating. Today its technology stack is becoming increasingly interconnected and new features and capabilities are being released more frequently. “This creates a perpetual challenge of remaining vigilant and responsive,” Küchler says. “The question arises: how does Epiroc handle this, and what should the IT security function contribute with?

Epiroc is committed to accelerating the transformation of the mining and construction industries. “We're leading the way in digitalisation, automation, electrification and autonomous fleet management. Our goal is to help mining companies realise the vision of fully automated mines. Safety is our top priority, followed by creating agnostic and  versatile solutions for digitalisation, automation, and autonomous operations.”

At the heart of this transformation is Epiroc's unwavering commitment to building and maintaining customer trust, particularly around data sharing. “Looking ahead, the key question is: do you trust us with your data? This is the challenge and opportunity we face, and approaching the aspect of trust through strong cybersecurity capabilities will better position us to continue to lead and drive our industry forward.”

In the thick of a transformation phase

Epiroc's journey has been marked by a dynamic merger and acquisition strategy, integrating innovative companies to bolster its product portfolio. This influx of fresh perspectives and practices has been both challenging and invigorating, as the company works to organise its offerings and ensure seamless collaboration among its growing team of software developers.

“We're really in the thick of a transformative phase at Epiroc right now, especially with this big merger and acquisition cycle we've got going on. The goal of this phase is to fill some gaps in our product lineup through strategic acquisitions.” 

As Küchler explains, many of the companies that Epiroc is bringing onboard have highly innovative outfits. They also bring fresh perspectives and energy into the IT organisation.

“This influx of new ideas and approaches is both challenging and invigorating for us. When we integrate these younger, highly innovative companies, they often shake up our existing structures, cultures, and processes. Their insights can be really eye-opening - they've pointed out many improvements to our methods that have been very valuable to us.

“Right now, we're focused on organising our product portfolio to effectively showcase these acquisitions to the market. Internally, we're also making sure the talented software developers from these new companies have the right platforms for meetings, sharing best practices, and brainstorming. That helps encourage the development of more versatile, holistic solutions. It's a dynamic environment, for sure, but it's also really exhilarating to be right in the middle of it all.”

Cybersecurity a crucial component of Epiroc’s offering

Cybersecurity has emerged as a crucial component of Epiroc's commercial offerings, rather than just a protective measure. “Embedding robust cybersecurity measures is not just a safety strategy – it's a business imperative,” Küchler emphasises. “As our goal is to digitise and transform the industry, having strong cybersecurity measures in place is essential for the journey.”

As Epiroc looks to adopt electrification, automation and autonomous capabilities, building robust cybersecurity is essential. “Looking at the current global landscape, the challenges in cybersecurity are becoming more apparent and increasingly relevant to our operations. The threats are getting closer to home, and the impact of a cyber attack can severely disrupt our ability to function. Epiroc’s customers have during the last couple of years added more cybersecurity requirements as part of normal business operations and in contractual agreements.

“As such, cybersecurity is no longer just a protective measure for us at Epiroc; it has become an integral part of our commercial offerings. What we do “at home” in our SOC-operations, in the Identity & Access Management team, how we structure, monitor and secure our base IT infrastructure, are much more interlinked with our total cybersecurity posture, including our connected machines. Cybersecurity is a unique selling point that distinguishes our large, connected, yellow machines in the market. In today's digital age, any company that aims to deliver digital solutions must be prepared to face significant cybersecurity challenges and turn these into opportunities.

“Therefore, embedding robust cybersecurity measures is not just a safety strategy – it's a business imperative. If our goal is to digitalise and transform the industries we are in, having strong cybersecurity measures in place is essential for the journey. This ensures not only the protection of valuable assets but also the viability and success of our and our customers' technological advancements.”

Strategic partnerships driving success at Epiroc

To achieve this, Epiroc has forged strategic partnerships with leading technology providers, such as Tanium, Palo Alto Networks and Pentera. These collaborations are not just about acquiring the latest tools and solutions; they are a journey of mutual learning, innovation, and the pursuit of industry-leading capabilities.

“Our partners bring substantial value beyond their immediate offerings; they significantly challenge both myself and my team by introducing new knowledge and perspectives. They often arrive with a wealth of experience from implementing their solutions in various settings—an experience that we lack, as many of these applications are new to us. This learning aspect is crucial, and it's important that our partners are willing to share insights on optimal utilisation strategies, organisational structuring, and role definitions to fully leverage the latest technologies we've acquired.

This approach is reflective of how Epiroc engages with its own customers in the mining industry – believing it is important for clients to feel they have a voice in shaping future products and that their feedback is valued and considered.

"Working with partners who share this level of engagement and a mutual desire to exceed limits makes the collaboration much more rewarding and effective," Kuchler says. "This kind of partnership dynamic is crucial for us as we strive to lead and innovate within our industry."

As the organisation continues on its aim to provide fully automated mines, how Epiroc interacts with partners is critical to its success. “It's crucial that our partners are not only proficient in their fields but also possess a significant technological edge and a capacity for innovation that stands out,” Küchler adds.

Maintaining the speed of Epiroc’s transformation

As Epiroc looks to the future, Küchler explains that it is important that the transformation does not lose momentum. “Maintaining speed is essential for our success. Ensuring that the pace of change does not slow is crucial for Epiroc's continued success,” he says.

Another key focus will be on addressing impending cybersecurity regulations, such as the Cyber Resilience Act and the Machinery Directive. Here, careful planning and collaboration with suppliers and partners will be essential to meet the required levels and outcomes.

Küchler also is excited about the potential of emerging technologies, particularly the impact of AI-powered services and tools like ChatGPT. While acknowledging the industry is still in the early stages of understanding these advancements, Küchler remains committed to a mindset of active experimentation and learning.

“Look at the release of ChatGPT a year ago and where we find ourselves now. Within the next 12 to 18 months, we anticipate new understandings, potential concerns and exciting opportunities. This will particularly be the case as we explore the effects of placing machine learning and AI tools directly in the hands of end-users, driving innovation, coding, and collaboration.”

The challenges of Epiroc's transformative journey are not to be underestimated, but the company is embracing the opportunities presented by the dynamic industry landscape. “By fostering a culture of innovation, trust, and adaptability, Epiroc is poised to lead the mining and construction industries into a future marked by enhanced safety, efficiency, and technological prowess,” Küchler affirms.

“Here I am especially pleased that the IT Security function is, since March this year, contributing to present and future academic research: having employed an industrial PhD student via the Epiroc and Örebro University research partnership agreement for exploring ‘Cybersecurity in the mining industry’. Her focus area will be different security aspects in applied AI and Large Language Models, where the testbed for her research will be in present and future mining operations.”

The mining industry serves as a prime example of how automated and autonomous machinery can substantially improve working conditions and reduce exposure to harmful conditions. “In every industry, particularly on a global scale, it's important to recognise that mining operations can still pose significant risks and dangers,” Küchler states. “However, the mining industry serves as a prime example of how automated and autonomous machinery can substantially improve working conditions, whether in surface mining or underground mining

These technological advancements promise to enhance safety across various industries, reducing physical risks and enabling workers to seek new ways to earn a living without compromising their health. “This shift not only promises a safer work environment but also aligns with a broader commitment within the mining industry to enact significant changes in the coming years to improve worker safety and operational efficiency.”

“Here, I also want to highlight the very valuable work that is done by the Global Mining Guidelines Group by providing an arena for manufacturers, mining and construction companies and academia to meet, learn and jointly initiate and drive common developments for safety, sustainability and cybersecurity.”


Make sure you check out the latest edition of Mining Digital and also sign up to our global conference series - Manufacturing LIVE 2024


Mining Digital  is a BizClik brand ​​​​​​​