John G. Dryden
Head of AI, Cyber & Information Security – JAPAC | CISO | Data Science and Next Generation Advanced Analytics (AI/ML) | Social Media
March 31, 2023
What are the key value chains in cybersecurity in the mining industry?
The key value chains in cybersecurity in the mining industry are cybersecurity hardware, cybersecurity software, and cybersecurity services.
Cybersecurity Hardware
With chips now being used in mission-critical servers and safety-critical applications, protecting chips from cyberattacks is becoming more critical and more expensive. Systems vendors like Apple and Amazon are making more and more of their own chips instead of buying devices and intellectual property (IP) made by third-party developers. These vendors are making their own ecosystems and requirements, and security is one of the most important things to think about.
Cybersecurity Software
Identity management, network security, endpoint security, threat detection and response, cloud security, data security, email security, application security, unified threat management, and vulnerability management are all parts of the software part of our cybersecurity value chain.
Cybersecurity Services
Managed security services, post-breach response services, and risk and compliance services are all parts of the services part of the cybersecurity value chain. Services are typically outsourced because of the complexity of addressing cybersecurity-related issues, such as staying on top of vulnerabilities, identifying and responding to threats, and meeting compliance requirements.
As the mining industry becomes more connected through the use of IoT sensors, AR devices, autonomous vehicles, and drones, it becomes more important to have strong cybersecurity measures. These technologies can make mining operations much better, but if they are attacked by hackers, they can cause a lot of trouble.
We take a look at the top 10 companies adopting cybersecurity measures.
1. BHP
BHP considers cyber threats a top priority, closely monitoring its IT and OT systems. To enhance its cybersecurity, the company is growing its team of specialists, including security architects, incident response personnel, and forensic investigators. The company’s employees are dedicated to identifying and responding to threats, as well as analysing past incidents to identify and address vulnerabilities in both its IT and OT systems.
2. Antofagasta
Antofagasta’s approach to cybersecurity with the new cyber risks introduced by remote working. The company used this time to focus on the digital literacy of its employees. Around 2,200 employees took digital literacy courses with cybersecurity learning as a key focus. Around 10% of these employees even went onto more advanced courses addressing the overall cybersecurity skill shortage. In 2022, Antofagasta has also deployed private 5G networks to some of their Chilean copper mine sites in partnership with Nokia. The private 5G networks enable secure operations with high capacity and low latency.
3. Anglo American
Anglo American recognises the increased and almost daily threat from cyberattacks. The company has a global security team across Australia, the UK, Botswana, Brazil, Chile, Singapore, South Africa, and Spain. Fundamental to Anglo American’s approach to cybersecurity is the focus on training current employees and future cybersecurity experts. This is most notably done through the company’s pioneering two-year cybersecurity apprenticeship to introduce new talent and address the overall cybersecurity skills shortage.
4. Fortescue Metals Group
Fortescue Metals Group is a leading iron ore producer, has implemented several cybersecurity measures to protect its operations. Some of these measures include, network segmentation to limit the spread of any potential breach; regular security audits and assessments to identify and remediate vulnerabilities; use of firewalls, intrusion detection systems, and other security technologies to detect and prevent cyber attacks; employee training programs to raise awareness about cybersecurity and minimise the risk of human error; and, partnerships with cybersecurity firms to access the latest technologies and expertise in the field.
5. Teck Resources
Trellix’s solution has helped Teck Resources save a lot of time and money by helping to improve security operations and ease the workload of its security analysts. The XDR platform components provided by Trellix allowed Teck to respond to attacks more quickly, reducing the time needed to contain and clean up an attack from hours to seconds. This resulted in better protection against fast-moving attacks. Trellix also analysed outside intelligence and provided Teck with useful information to make informed decisions quickly. This helped Teck mount effective defenses against machine-speed attacks. Trellix’s solution helped Teck “catch up” with attacks and prevented widespread damage.
6. Nornickel
Nornickel views digital transformation as a critical aspect of its growth strategy, with a focus on both improving production and benefiting communities. However, the company recognises the importance of securing its IT infrastructure against cyber threats, as these could disrupt industry and social infrastructure across entire regions. This requires a collaborative approach between the public and private sectors. The company tracks its cyber security performance through its information security management system and assessment reporting. Corporate level evaluations of the performance of the cyber security systems are conducted, and the results are shared with governance bodies and employees through established procedures and initiatives.
7. Kinross Gold
For Kinross, a dedicated team of IT cybersecurity professionals manages the IT security risk processes and IT security operations. Kinross manages its IT security risk globally using a centralised, risk-based approach. This approach is based on the principles of ISO 27001 and NIS. Kinross’ Vice President of Information Technology oversees the company’s IT and cybersecurity program and is accountable to the Executive Vice President and Chief Financial Officer, who is part of the Senior Leadership Team and has executive responsibility for IT and cybersecurity. The Audit and Risk Committee of the Board of Directors regularly reviews IT security risks, and receives updates from management on a quarterly basis. The ARC conducts an annual in-depth review of the company’s privacy and data security risks, as well as the measures in place to safeguard the confidentiality, integrity, and availability of its information systems and data.
8. South32
South32 consolidates its innovation, improvement, and technology initiatives into a single system to keep track of ongoing projects, prioritise effectively, and enhance safety and productivity. The company emphasises user experience, productivity, and service delivery, while investing in network connectivity and core platforms.
9. Nippon Steel
The company offers e-learning opportunities on security, and training sessions on targeted attack e-mails, to promote employees’ enhanced IT literacy and resultant sensitivity to cybersecurity. Moreover, in addition to the conventional centralised cybersecurity, Nippon Steel is implementing the latest security measures that incorporate the Zero Trust concept to always verify security before being connected. The Nippon Steel Group – Computer Security Incident Response Team (NSG-CSIRT) has steadily increased the number of member companies to 17.
10. TATA Steel
TCS’ Cyber Security services prioritise data privacy, regulatory compliance, and protection against harmful attacks. These services have become increasingly important during the lockdown, specifically in areas such as GDPR compliance and security clearance for associates providing services. To stay ahead in the security technology game, TCS is establishing Threat Management Centers globally.
Santha Subramoni, global head – TCS Cyber Security, says, “These centres will focus on providing cyber security solutions and services, including managed detection and response services, incident management and breach support, on-demand cyber vigilance services, digital forensics, and regulatory compliance.”
Head of AI, Cyber & Information Security – JAPAC | CISO | Data Science and Next Generation Advanced Analytics (AI/ML) | Social Media
Published • 15m
Cybersecurity is the body of technologies, processes, and practices designed to protect networks, computers, programs, and electronic data from attack, damage, or unauthorised access. We are entering the Code War era, where every digital device, no matter how small, can be ‘weaponised’. The potential consequences are dire, hence the growing importance of cybersecurity tools. The mining industry is madly scrambling to get its house in order. Australia has a big target on its back, and we ride the back of the mining sector. . . . . Hashtag(Cyber Security) hashtag#Cybersec hashtag#cybersecurity hashtag#hacking hashtag#security hashtag#technology hashtag#hacker hashtag#infosec hashtag#ethicalhacking hashtag#cybercrime hashtag#tech hashtag#miningtechnology hashtag#hackers hashtag#cyber hashtag#programming hashtag#data hashtag#digital hashtag#australia hashtag#informationsecurity hashtag#cyberattack hashtag#privacy hashtag#malware hashtag#mining hashtag#cybersecurityawareness hashtag#datasecurity hashtag#dataprotection hashtag#python hashtag#ethicalhacker hashtag#pentesting hashtag#johngdryden ***