News

FMG’s Wallace warns miners of cyber security risks amid data rush

Posted on 30 Oct 2019

Gathering data presents enormous opportunities but also significant challenges, according to Fortescue Metals Group’s Head of Cyber Security, Mark Wallace.

Addressing delegates at the 6th International Mining and References Conference in Melbourne, Wallace said much of the industry is sitting on a “gold mine of data”, labelling it “the new strategic asset we need to focus our time on”.

Wallace said the iron ore miner is well positioned as a digital leader, describing the enormous data pulled from its fleet of 200 autonomous haul trucks as an example.

“Each truck has 250 sensors, generating about 91 billion events a month across our fleet. That works out to about 40 TB of data that we have to store, process, pull out the useful bits that we actually want to use and then work out how we’re going to retain this sort of information and control the quality over time,” Wallace said.

That data is already being used to incentivise equipment manufacturers, improve productivity and track performance across its assets, according to Wallace, but he told delegates the company is always looking for new ways to realise its value.

“We’ve found that there’s a new language across our business…Digital twins, robotics, AI, all these words are now spread across our organisation. And there really is a growing understanding across teams that they are now really reliant on data. The value of data has become really, really central.”

But the risks, Wallace said, are ever present, especially as the proliferation of electronic devices continues on its path of rapid growth.

He said the days of simply securing precious information behind a firewall are long gone and the widespread use of tablets, mobile phones, cloud technology and third-party contractors has blurred the lines when it comes to setting up security perimeters.

“The big issue from a mining point of view is what happens if one of these IoT devices actually goes rogue? How do we actually trust the data that is coming off those IoT devices?” Wallace said.

“How do we know that some rogue entity hasn’t just put that IoT sensor out there and is providing you with false information with the intention of damaging your plant or some sort of fraud that’s related to it.”

At the World Economic Forum earlier this year, cyber security-related issues were listed in the top three risks of doing business globally.

Wallace warned Australian companies are under constant threat, with attacks coming from a broader range of sources.

“We are seeing in Australia that there is a real focus in targeting critical infrastructure. These risks are real and we need to keep them in mind,” he said.

“There’s certainly a lot more hacktivists who are trying to disrupt our business. There is nation state-type attack and there’s a lot of financially motivated attacks.”

In closing, Wallace advised that when it comes to preserving its digital assets, the industry should focus on the crown jewels.

“We’ve got hundreds of different data assets that we use for different purposes but which of these assets is actually really important?” he said.

“Identify the crown jewels and focus most of your effort in those areas.

“Most companies that I talk to have 10 cyber incidents every month that they respond to so it’s not a matter of if but when. To respond to that, the real skill here is building resilience – so building that muscle memory within the organisation so that when something does happen, you can minimise the damage and move right along. “