Tag Archives: cyber security

IMDEX on the importance of cyber security in the digital age

As the resources sector is adopting innovation, in particular digital technologies, at an increasingly rapid rate, mining companies should consider the cyber-security risks inherent with leveraging this innovation, according to mining technology company IMDEX.

Paul House, CEO for IMDEX, says the take-up of new technologies is happening on a scale that has not been seen in the past – a confluence of the effects of the COVID-19 pandemic and the need to replace depleted existing mineral reserves.

“This is partly by necessity, to enable remote working, and partly by opportunity, as these technologies will enable faster drilling, more efficient drilling, and better decision making,” he said.

But every tool and technology that is added to a mining company’s arsenal – from exploration to production – increases the attack surface for hackers, according to the company.

IMDEX says it has countered this by achieving the “gold standard” in data security – certification against the exacting standards of ISO27001, an international information security standard recognised in 161 countries. The company received recognition for this information security standard in early 2020.

House said increasingly clients were asking for such security protocols to be in place.

The threat of cyber attacks intensifies as competitors, organised crime, and “state-based actors” seek to gain advantage by malicious means – searching for vulnerabilities in business systems that will allow them access a company’s most important secrets, according to the company.

The Australian Cyber Security Centre (ACSC) has warned that the likelihood and severity of cyber attacks is increasing because of the growing dependence on new information technology platforms and interconnected devices and systems.

“Cyber crime is one of the most pervasive threats facing Australia, and the most significant threat in terms of overall volume and impact to individuals and businesses,” the ACSC said in its annual report last year.

Global communications company Inmarsat, in a 2020 report examining the rise of IoT in mining, said the majority of mining organisations were struggling to meet the security challenges presented by the IoT.

The report found that while respondents in their research were aware of the damage a cyber attack could trigger, the response so far to the threats had been minimal.

IMDEX Information Security Manager, Sameera Bandara, said cyber threats come from various sources, including hackers doing it for fun, criminal enterprises, competitors, and nation states.

“They use proxies and zombies to mask who and where they are and, even if we found them, prosecution would be a problem,” Bandara said.

IMDEX’s approach was that its systems needed to be secure to protect its data and that of its clients.

“IMDEX spends A$20 million ($15 million) a year on research and development,” Bandara said. “If competitors could get access to technology or tools in development by hacking our systems, the financial and reputational costs to IMDEX would be significant.

“But we also needed to protect our clients’ information by making our systems as secure as possible. We can then say if we have your data, then it is secure to a point where an attacker would have to spend considerably more resources to exploit than the value of the data.”

IMDEX supplies a range of technologies and tools that deliver data from exploration through to production, with the data uploaded to cloud-connected management tools and analytic software.

The company addressed the security issue by maintaining an Information Security Management System certified against ISO27001 security certification that covers:

  • Software development processes;
  • The product development lifecycle for its real-time subsurface intelligent solutions;
  • Manufacturing and deployment of products and technologies;
  • Client support processes; and
  • Information technology systems for supporting these activities and digital functions.

Bandara refers to it as the “gold standard” of data security – achieved after an assessment of its information security management system and processes.

“Many companies say they are aligned with the ISO27001 requirements without actually being certified and that’s because a lot more rigour needs to go into getting certified,” he said.

IntelliSense.io joins OTCSA to help tackle cyber security issues in mining

IntelliSense.io has joined the Operational Technology Cyber Security Alliance (OTCSA) to further its aim of providing miners with a safer future with secure optimisation technology that can leverage both operational technology (OT) and cloud environments.

IntelliSense.io has been securely deploying artificial intelligence-based based process optimisation applications on OT networks for its customers globally and, it says, has a future-proof platform.

The OTCSA aims to bridge any dangerous gaps in security for OT and information technology (IT) systems, critical infrastructure and industrial control systems to support and improve the daily lives of citizens and workers in a rapidly evolving world, IntelliSense.io says.

“The convergence of OT and IT networks is exposing industrial control, protection and automation systems to external threats, as seen in the recent past with malwares like Triton, that attacked an oil and gas plant, and in Ukraine, that had its power grid taken down by a cyberattack,” Dr Sandro Barros, CTO, IntelliSense.io, said. “IntelliSense.io has extensive experience on the deployment of AI applications within OT/IT networks and is eager to add its expertise to developing best practices for secure and reliable solutions for the mining industry.”

Elad Ben-Meir, Executive Board Member of the OTCSA and CEO of SCADAfence, said: “We welcome intelliSense.io as the newest member to the OTCSA. As we witness more and more attacks on critical infrastructure, and predictions by Gartner that 75% of CEOs will be personally liable for cyber-physical security incidents by 2024, there is no doubt that the collaboration like we have in OTCSA is the key to success.”

The OTCSA mission is five-fold:

  • Strengthen cyber-physical risk posture of OT environments and interfaces for OT/IT interconnectivity;
  • Guide OT operators on how to protect their OT infrastructure based on a risk management process and reference architectures/designs that are demonstrably compliant with regulations and international standards such as IEC 62443;
  • Guide OT suppliers on secure OT system architectures, relevant interfaces and security functionalities;
  • Support the procurement, development, installation, operation, maintenance, and implementation of a safer, more secure critical infrastructure; and
  • Shorten the time to adoption of safer, more secure critical infrastructures.

The robust security guidelines of the OTCSA which IntelliSense.io will contribute to, cover the entire mining life cycle – procurement, development, deployment, installation, operation, maintenance and decommission – and address aspects related to people, process, and technology.

OTCSA promotes collaboration among leading IT and OT companies, thought leaders in the cybersecurity community, and vendors and OT operators from a variety of industries. Membership is open to any company that operates critical infrastructure or general OT systems to run its business as well as companies providing IT and OT solutions.

IMDEX data security processes receive ISO/IEC recognition

IMDEX has received recognition for its information security management system and processes, being certified against the ISO/IEC 27001:2013 standard recognised in 161 countries.

The certification demonstrates the company operates an information security management system that is compliant with its mandatory requirements, has systematic processes for managing information security risks, and has implemented controls mandated by the standard, IMDEX said.

The news is of particular importance considering the rising popularity of IMDEX’s cloud connectivity platform, IMDEXHUB-IQ™ – which provides secure access to validated data, seamlessly transmitted from a range of sub-surface instrumentation, analytical instruments and mobile form data inputs.

“With cyber threats recognised by consultancy experts EY as one of the top 10 business risks of 2020, IMDEX’s certification means its clients’ data will be safe from security threats,” the company said.

“IMDEX’s certification through SGS – a globally renowned inspection, verification, testing and certification company – comprises a comprehensive range of activities including:

  • “Software development processes;
  • “The product development lifecycle for its real-time subsurface intelligent solutions;
  • “Manufacturing and deployment of products and technologies;
  • “Client support processes; and
  • “Information technology systems for supporting these activities and digital functions.”

Commenting on the achievement of ISO/IEC 27001:2013 certification, IMDEX Chief Operating Officer, Paul House, said: “We know cyber safety is a growing problem globally and IMDEX has worked hard to ensure our information system is secure to provide a solution for our customers.

“It is a significant milestone for our company and provides additional assurance to clients regarding the end-to-end security of their information – for example, ordering and dispatch using our global digital rentals platform, critical data collection and secure transfer with our award-winning cloud solution IMDEXHUB-IQ and ongoing support via our 24/7 Customer Care portal.”

He concluded: “All our stakeholders can be confident we have robust systems and processes in place – which meet the highest industry standards – to protect their data and sensitive information.”

IMDEX’s Chief Information and Transformation Officer, Mathew Regan, added: “The certification demonstrates our company’s commitment to maturing and enhancing our information security posture in line with IMDEX’s growth as a leading global mining-tech company.”

FMG’s Wallace warns miners of cyber security risks amid data rush

Gathering data presents enormous opportunities but also significant challenges, according to Fortescue Metals Group’s Head of Cyber Security, Mark Wallace.

Addressing delegates at the 6th International Mining and References Conference in Melbourne, Wallace said much of the industry is sitting on a “gold mine of data”, labelling it “the new strategic asset we need to focus our time on”.

Wallace said the iron ore miner is well positioned as a digital leader, describing the enormous data pulled from its fleet of 200 autonomous haul trucks as an example.

“Each truck has 250 sensors, generating about 91 billion events a month across our fleet. That works out to about 40 TB of data that we have to store, process, pull out the useful bits that we actually want to use and then work out how we’re going to retain this sort of information and control the quality over time,” Wallace said.

That data is already being used to incentivise equipment manufacturers, improve productivity and track performance across its assets, according to Wallace, but he told delegates the company is always looking for new ways to realise its value.

“We’ve found that there’s a new language across our business…Digital twins, robotics, AI, all these words are now spread across our organisation. And there really is a growing understanding across teams that they are now really reliant on data. The value of data has become really, really central.”

But the risks, Wallace said, are ever present, especially as the proliferation of electronic devices continues on its path of rapid growth.

He said the days of simply securing precious information behind a firewall are long gone and the widespread use of tablets, mobile phones, cloud technology and third-party contractors has blurred the lines when it comes to setting up security perimeters.

“The big issue from a mining point of view is what happens if one of these IoT devices actually goes rogue? How do we actually trust the data that is coming off those IoT devices?” Wallace said.

“How do we know that some rogue entity hasn’t just put that IoT sensor out there and is providing you with false information with the intention of damaging your plant or some sort of fraud that’s related to it.”

At the World Economic Forum earlier this year, cyber security-related issues were listed in the top three risks of doing business globally.

Wallace warned Australian companies are under constant threat, with attacks coming from a broader range of sources.

“We are seeing in Australia that there is a real focus in targeting critical infrastructure. These risks are real and we need to keep them in mind,” he said.

“There’s certainly a lot more hacktivists who are trying to disrupt our business. There is nation state-type attack and there’s a lot of financially motivated attacks.”

In closing, Wallace advised that when it comes to preserving its digital assets, the industry should focus on the crown jewels.

“We’ve got hundreds of different data assets that we use for different purposes but which of these assets is actually really important?” he said.

“Identify the crown jewels and focus most of your effort in those areas.

“Most companies that I talk to have 10 cyber incidents every month that they respond to so it’s not a matter of if but when. To respond to that, the real skill here is building resilience – so building that muscle memory within the organisation so that when something does happen, you can minimise the damage and move right along. “

A timely update from mine software solutions provider Micromine

As the New Year begins, Micromine is reminding mining companies to update their software to avoid potential cyber-security breaches, data loss, system integration issues and operational downtime in 2019.

The reminder comes on the back of Micromine’s release of new versions of Geobank and Micromine in 2018, which delivered a range of new productivity tools features and data security enhancements on both the exploration and mine design and geological data management solutions.

It also comes in the same week mining and metals processing company Nyrstar was hit by a cyber attack.

Micromine Chief Technology Officer, Ivan Zelina, said: “Software updates are often overlooked as they are not as visible as other business processes, but the value of new software versions should not be underestimated in our current, highly digitalised mining environment.

“Investing in software, but not upgrading it, is like buying a new car but never getting it serviced – you simply won’t get the best out of it.”

Potential risks and issues of not upgrading software, according to Micromine, include:

  • Security – all software and saved files become vulnerable to hacking and cyber crimes over time. Developers like Micromine proactively identify and address security threats, holes and bugs in new software versions;
  • Compatibility – many different technology systems and platforms are used simultaneously, which means older versions of software can be slow or not configure properly when integrated with other, newer platforms. As new technology emerges, it’s important that systems remain compatible. For example, Geobank Mobile integrates with the latest magnetic susceptibility devices, barcode readers, GPS, in-built and external cameras and more;
  • Inefficiency – new features and enhancements exist in updated software to make it easier to use, faster and more effective. Micromine invests significantly into continuous research and development to ensure clients enjoy intuitive, feature-rich functionality and interpretive capabilities with each upgrade;
  • Support – older software versions are often not supported as developers focus on improvements to enhance client outcomes. Users operating on outdated versions can waste time and energy on workarounds or lost time addressing issues.
  • People – by providing staff with the latest, innovative software tools, mining companies are more likely to attract and retain the best talent. It provides employees with the opportunity to learn and apply new techniques to problem solving whilst increasing their knowledge and skills.

To ensure clients can easily manage software upgrades, Micromine offers an annual licence programme for Geobank and Micromine.

The company said: “After paying a one-off annual fee, clients receive unlimited software upgrades and patches, complimentary new version training and participation in software beta programs and focus groups.”

Mining and metals processor Nyrstar hit by cyber attack

Nyrstar has been subject to a cyber attack, which has led to certain IT systems, including email, being shut down across its headquarters in Zurich, Switzerland, and, globally, at the Metals Processing and Mining operations.

The company, which announced the attack yesterday, said: “The cyber-attack issue has been contained and Nyrstar is currently working on a technical recovery plan with key IT partners and global cyber-security agencies. “

A number of Nyrstar’s IT systems, including email correspondence, have been shut down to help contain the issue, the company explained, adding that, at the current time, Nyrstar’s Metals Processing and Mining operations were not operationally impacted by the cyber-attack issue.

“Nyrstar has taken precautionary measures to ensure the continued operations of its sites,” it said.

“Nyrstar is continuing to assess and manage the cyber-attack issue to minimise the impact on its operations, customers and key stakeholders from the current situation,” it said. The company’s business continuity plans are being implemented to minimise the impact on the business.

In IM’s recent article on cyber security, Michael Rundus, EY’s Global Mining & Metals Cybersecurity Leader, said the company’s recent Global Information Security Survey identified that 54% of mining companies had experienced a “significant” cyber incident in the past 12 months.

Sherritt signs up for data security trial with Leonovus

Sherritt International has signed up for a trial of Leonovus’ data security software as the nickel and cobalt miner looks to support its evolving storage infrastructure.

The pilot, which starts in January, will see Leonovus apply its “next generation of secure software-defined storage (SDS) solution” at the company’s operations in Canada, Cuba and Madagascar.

John Kiousis, Vice President of Global IT, Sherritt International, said the software will give the company the flexibility to segment data across multiple cloud storage providers, enabling it to take advantage of cost savings while protecting its data.

“Moving to the cloud will extend our IT infrastructure capabilities and support our goal of achieving operational excellence,” he added.

When using Leonovus, customers receive the following benefits, according to the Ottawa-based software provider:

  • “Ability to balance business growth with a flexible hybrid, multi-cloud storage infrastructure;
  • “Greater data security with Leonovus patented ‘encrypt, shred, spread’ capability;
  • “Maintain complete, on-premises control, of their encryption keys;
  • “Greater flexibility and simplicity to meet future data growth requirements through a single pane of glass.”