Top 10: Mining Companies Cybersecurity Strategies
Cybercriminals target mining companies for their operational technology systems, which control critical infrastructure, from pit to port. Such attacks aim to disrupt production and extract ransoms, affecting global supply chains and commodity prices.
The mining sector's increasing automation and digitalisation create greater opportunities for cyber intrusion. As the industry becomes increasingly interconnected through the use of IoT sensors, AR devices, autonomous vehicles and drones, the need for strong cybersecurity measures is becoming ever-more crucial. These technologies can greatly enhance mining operations but can also cause major disruptions if they fall victim to cyberattacks.
Anglo American’s security model “is not as strong as it should be”, the miner’s Chief Information and Security Officer recently warned. A successful cyberattack could threaten the lives of Anglo American’s 50,000 mineworkers, Malcolm Norman said, at a recent cybersecurity event held in the UK hosted by British Telecom.
Norman said the increasing automation of the company’s mining systems leaves frontline workers vulnerable to the impact of hacks, such as from losing control of the lifts or driverless vehicles.
Mining companies typically implement defence measures through security operations centres (SOCs), which monitor network traffic 24 hours a day for suspicious activity. These separate operational networks from corporate systems through 'air gaps' – physical separations between secure and insecure networks. Companies also use multi-factor authentication, requiring staff to verify their identity through multiple methods before accessing systems.
Here, we take a look at 10 mining companies at the forefront of adopting cybersecurity measures.
10 TATA Steel
Country: India
CISO: Dinesh Kumar Shrimali
TCS' Cyber Security services prioritize data privacy, regulatory compliance, and protection against harmful attacks. These services have become increasingly important during the lockdown, specifically in areas such as GDPR compliance and security clearance for associates providing services. To stay ahead in the security technology game, TCS is establishing Threat Management Centers globally.
These centres focus on providing cyber security solutions and services, including managed detection and response services, incident management and breach support, on-demand cyber vigilance services, digital forensics and regulatory compliance.
09 Nippon Steel
Country: Japan
Information & Security EVP: Akio Migita
Nippon Steel offers e-learning opportunities on security, and training sessions on targeted attack e-mails, to promote employees’ enhanced IT literacy and resultant sensitivity to cybersecurity.
In addition to the conventional centralised cybersecurity, the company has also implemented the latest security measures that incorporate the Zero Trust concept to always verify security before being connected. The Nippon Steel Group - Computer Security Incident Response Team (NSG-CSIRT) has steadily increased the number of member companies to 17.
08 South32
Country: Australia
CTO: Erwin Schaufler
South32 consolidates its innovation, improvement, and technology initiatives into a single system to keep track of ongoing projects, prioritise effectively, and enhance safety and productivity. It emphasises user experience, productivity, and service delivery, while investing in network connectivity and core platforms.
07 Kinross Gold
Country: Canada
Senior Director, IT Security: Sura Alshear
For Kinross, a dedicated team of IT cybersecurity professionals manages the IT security risk processes and IT security operations. Kinross manages its IT security risk globally using a centralised, risk-based approach.
This approach is based on the principles of ISO 27001 and NIS. The Audit and Risk Committee of the Board of Directors regularly reviews IT security risks, and receives updates from management on a quarterly basis. The ARC conducts an annual in-depth review of the company's privacy and data security risks, as well as the measures in place to safeguard the confidentiality, integrity, and availability of its information systems and data.
06 Nornickel
Country: Russia
Head of Information Security: Igor Balakshev
Nornickel views digital transformation as a critical aspect of its growth strategy, with a focus on both improving production and benefiting communities. However, the company recognises the importance of securing its IT infrastructure against cyber threats, as these could disrupt industry and social infrastructure across entire regions.
This requires a collaborative approach between the public and private sectors. The company tracks its cyber security performance through its information security management system and assessment reporting. Corporate level evaluations of the performance of the cyber security systems are conducted, and the results are shared with governance bodies and employees through established procedures and initiatives.
06 Antofagasta
Country: Chile
CEO: Iván Arriagada
Antofagasta's approach to cybersecurity changed with the cyber risks introduced by remote working. The company used this time to focus on the digital literacy of its employees. Around 2,200 employees took digital literacy courses with cybersecurity learning as a key focus. Around 10% of these employees even went onto more advanced courses addressing the overall cybersecurity skill shortage.
Antofagasta has deployed private 5G networks to some of its Chilean copper mine sites in partnership with Nokia. The private 5G networks enable secure operations with high capacity and low latency.
04 Teck Resources
Country: Canada
COO: Shehzad Bharmal
Trellix's solution has helped Teck Resources save time and money by improving security operations and easing the workload of its security analysts. The XDR platform components provided by Trellix allowed Teck to respond to attacks more quickly, reducing the time needed to contain and clean up an attack from hours to seconds.
This resulted in better protection against fast-moving attacks. Trellix also analysed outside intelligence and provided Teck with useful information to make informed decisions quickly. This helped Teck mount effective defences against machine-speed attacks. Trellix's solution helped Teck "catch up" with attacks and prevented widespread damage.
03 Fortescue Metals Group
Country: Australia
Head of Digital Technology: Mark Wallace
Fortescue Metals Group is a leading iron ore producer, has implemented several cybersecurity measures to protect its operations. Some of these measures include: network segmentation to limit the spread of any potential breach; regular security audits and assessments to identify and remediate vulnerabilities; use of firewalls, intrusion detection systems, and other security technologies to detect and prevent cyber attacks; employee training programs to raise awareness about cybersecurity and minimise the risk of human error; and partnerships with cybersecurity firms to access the latest technologies and expertise in the field.
02 Anglo American
Country: UK
CISO: Malcolm Norman
Anglo American recognises the increased and almost daily threat from cyberattacks.
The company has a global security team across Australia, the UK, Botswana, Brazil, Chile, Singapore, South Africa, and Spain. Fundamental to Anglo American's approach to cybersecurity is the focus on training current employees and future cybersecurity experts. This is most notably done through the company’s pioneering two-year cybersecurity apprenticeship to introduce new talent and address the overall cybersecurity skills shortage.
01 BHP
Country: Australia
CISO: Thomas Leen
BHP considers cyber threats a top priority, closely monitoring its IT and OT systems. To enhance its cybersecurity, the company is growing its team of specialists, including security architects, incident response personnel, and forensic investigators. The company's employees are dedicated to identifying and responding to threats, as well as analysing past incidents to identify and address vulnerabilities in both its IT and OT systems.
__________________
Check out the latest issue of Mining Digital and sign up to our global conference series, Manufacturing LIVE 2024. Mining Digital is a BizClik brand.
