Tag Archives: Cybersecurity

BHP, Anglo American, Antofagasta, Codelco, Collahuasi team up to tackle cybersecurity

BHP, together with the mining companies Anglo American, Antofagasta Minerals, Codelco and Collahuasi, have launched the Mining Cybersecurity Corporation in an effort to tackle rising cybersecurity risks in Chile.

More than 4 billion cyber-attacks took place in Chile during the first half of 2023, positioning it as the fifth country in Latin America with the most incidents, according to BHP. The unprecedented technological progress in recent years brings important benefits, but also involves several cybersecurity risks.

Studies indicates that, by 2025, cyber attacks will cost companies approximately $10.5 billion.

Aware of the risks to the industry, these companies have come together in what BHP says is an unprecedented initiative led by Corporación Alta Ley and supported by the Chilean Ministry of Mining. The aim of the partnership is to generate and share cyber-intelligence information for early warning and response, and to promote a culture of cybersecurity in mining operations.

Ezequiel Fagetti, Cybersecurity Manager BHP Minerals Americas, said: “As BHP we are enthusiastic about this initiative and, therefore, we want to contribute with our experience in the protection of assets and systems. Cybersecurity is vital for the proper functioning of the different production systems and, ultimately, for us to continue contributing to the country. If we strengthen this aspect, we strengthen the mining industry as a whole, its value chain, and safeguard the benefits for everyone.”

ABB and IBM collaborate on industrial cybersecurity solution

ABB and IBM have announced a collaboration focused on connecting cybersecurity and operational technology (OT) for industrial operations.

As a first result of this collaboration, ABB has developed a new OT Security Event Monitoring Service that combines ABB’s process control system domain expertise with IBM’s security event monitoring portfolio to, ABB says, help improve security for industrial operators.

Industrial control system environments are increasingly targeted in cyberattacks, with IBM’s latest X-Force Threat Intelligence Index finding that attacks on industrial and manufacturing facilities have increased by over 2,000% since 2018.

To better connect OT data with the broader IT security ecosystem, ABB has developed a new offering that allows security events from ABB to be sent to IBM’s security information and event management platform, QRadar.

The ABB solution was designed according to a reference architecture jointly developed by ABB and IBM. It provides the domain knowledge needed to swiftly react to security incidents related to process control, and is especially suited for complex industrial processes in industries such as oil, gas, chemicals and mining, ABB says.

The new event collection and forwarding software, which enables this integration, is currently being used by early adopter customers and will be made broadly available by ABB in the coming months.

This collaboration marks the first time that operational technology (OT) data and process industry domain expertise is being brought directly into a Security Information and Event Monitoring system, allowing threats to be managed as part of an organisation’s broader cybersecurity operations and strategy, ABB says.

Robert Putman, Global Manager of Cyber Security Service for Industrial Automation at ABB, said: “ABB’s collaboration with IBM makes it possible to analyse process control events in the context of security and impact to the operational environment, delivering strong improvement in our OT cyber threat visibility across the board.”

ABB explained: “Disruption of production due to a cyberattack or technical glitches can be costly in terms of lost production and damage to physical assets. Most mature operational monitoring is focused on the performance of the asset, whether it be a gas turbine for electricity, a drive system used to crush ore, or simple monitoring of pollution output from a chemical facility.”

The new ABB offering allows ABB’s process control system data collection and forwarding technology to harvest event log details from ABB process control systems, and share that information with IBM Security QRadar, which uses automation and artificial intelligence to help identify security anomalies and potential threats.

Dr Andreas Kühmichel, CTO, Chemicals, Petroleum & Industrial Products, IBM, said: “We see the integration of these solutions as bringing market-leading capabilities together for a singular view of OT security. With more comprehensive OT and IT security visibility, clients can help reduce the risk of production being suddenly interrupted due to a security event, resulting in costly downtime and broader risk to the company.”

The ABB and IBM technologies involved in this solution are designed on open platforms allowing them to operate on the edge and deploy across hybrid cloud environments spanning on-premise, private or public clouds, ABB says. The joint solution is designed so that security processes operate via automation and do not disturb industrial workflows. The security analysis in QRadar operates through a use case library, which automatically flags incidents and triggers corresponding alarms.

The two companies plan continued collaboration in the realm of OT security to develop new capabilities and offerings that address customer challenges in this space.

Top 40 miners may need to de-risk critical supply chains in face of COVID-19: PwC

The top 40 mining companies are so far weathering the COVID-19 storm mostly unscathed, and certainly better than many other sectors, according to PwC’s 17th annual review of global trends in the mining industry.

In Mine 2020, the report authors said this was a remarkable feat, given that global growth is expected to decline in 2020, something that’s only happened twice in modern times: in 1944, during World War II, and, in 2009, during the global financial crisis.

The ability of the top 40 to ‘resource the future’ continues to be relevant in the current environment as many governments will appreciate mining for being a bedrock of economic recovery out of this crisis, the authors said.

“Our forecast for 2020 suggests the top 40 miners will take a modest hit to EBITDA of approximately 6%,” they said. “Capital expenditure will also slow, freeing up cash flows, and giving miners the capacity to pay dividends should they choose to do so.”

Against this backdrop, the authors did not expect many mega-deals to take place, due to the increased economic uncertainty and practical constraints of site visits and inspections.

The COVID-19 crisis has led to some positive changes around the way these companies operate, according to the authors.

“Although mining has been able to keep operating through the COVID-19 crisis, companies have also had to adapt and evolve,” they said. “Some changes have been for the better, such as remote workforce planning and greater use of automation. Many of these adaptations may become permanent.”

They continued: “In an uncertain environment, miners have focused intensely on controlling the things they can control, and it is serving them well. But the top 40 are not immune from the social and economic shocks ahead, and they cannot afford to let their guard down.

“COVID-19 is challenging long-held assumptions about the unassailable wisdom of ultra-lean principles and global supply chains. Miners may need to think about de-risking critical supply chains and investing more in local communities. A shift towards localisation in supply chains and in deals, as well as different forms of community engagement, may turn out to be enduring consequences of the pandemic.”

The top 40 miners also need to keep on top of the mega-trends that existed pre-COVID, particularly environmental, social and governance (ESG) reporting and cybersecurity, the authors said.

“We analysed how the top 40 are performing on ESG disclosure and found that a few companies are doing most of the heavy lifting, while the rest lag behind,” they said. “But ‘brand mining’ is a collective brand, and every miner needs to play its part.

“On the cyber front, the top 40 have some work to do. At a time when mining companies are becoming more vulnerable to cyberattack as they use more automation and digital technologies, CEOs are expressing less concern about such issues.”

In some respects, the mining sector is well-situated in the wake of COVID-19, the authors said.

“For example, despite recent uncertainty regarding Brazil’s ability to continue mining, iron ore prices have risen, potentially limiting the total impact on the sector,” they said. “Mining companies have strong finances and are mostly still operational, albeit with increased levels of precautionary controls.

“But the longer-term impacts remain uncertain, and ongoing disruption is likely.

“Top 40 miners should take advantage of their current position of financial stability to revisit their strategies. Doing so will ensure their businesses can enhance their resilience over the long term and meet the demands of the global economy to maximise the opportunities to resource the post COVID-19 future.”

Miners not taking cybersecurity risks seriously, report finds

While cybersecurity is today considered a major threat to all industrial companies, a recent report out of Australia has concluded it will take a catastrophic event for it to be taken seriously in the mining industry.

Through interviews, survey and analysis of Australia’s largest mining and service companies, including BHP, Rio Tinto, South32, and Anglo American, the ‘State of Play: Cyber Security Report’, from researchers at State of Play, has uncovered that 98% of top-level executives think a catastrophic event is required to drive an industry response to cybersecurity in mining.

This is despite State of Play Chairman and Co-founder, Graeme Stanway, saying the risk of cybersecurity failures in mining could be severe.

“In an increasingly automated and interconnected world, the risk of rogue systems and equipment is growing rapidly,” he says.

“If someone hacks into a mining system, they can potentially take remote control of operational equipment. That’s the level of risk that we are facing.”

Global Head of Cybersecurity at BHP, Thomas Leen, agreed and said the mining industry is up against archaic processes when it comes to evolving on the cybersecurity front.

“Mining as an industry has a low level of cybersecurity maturity, mainly due to legacy environments that lack basic capabilities,” he says.

The report went on to find that the second most likely driver to instigate change, after a catastrophic event, will be government led initiatives and responses.

Michelle Price, CEO of independent, not-for-profit organisation, AustCyber, believes public-private partnership is the key to driving change in the way the mining industry approaches cybersecurity.

“AustCyber has collaborated with METS Ignited and State of Play to conduct this survey as we see the potential to improve cybersecurity across the mining environment,” she says.

“There are several challenges specific to the mining sector as documented in the Australian Cyber Security Industry Roadmap, developed in conjunction with CSIRO – such as operational technology, connected equipment and sensors, availability of data, anomaly detection and the volatility of markets.

“There are plenty of growth opportunities – especially when the sector collaborates with organisations like AustCyber to have a coordinated voice on the kind of support it needs to push forward cyber resilience.”

South32 Head of Cybersecurity, Clayton Brazil, sees this collaboration as a strength of cybersecurity in the mining industry. “Cybersecurity is incredibly collaborative in mining, we know it’s a critical industry for our nation and we all want to be safer,” he says.

Brazil sees a strong cybersecurity capability as a strategic opportunity for South32. “Done properly, cybersecurity can be a competitive advantage for us,” he said.

Interestingly, when asked what is the most likely motivation for cyber attacks, 50% of responses identified extortion and theft as the most likely cause, followed by competition with 21% and politics with 19%.

METS Ignited CEO, Adrian Beer, says industry growth and sustainability will come from collaboration and the implementation of standards. “Mining operations are still made up of legacy closed systems that have customised integrations between them,” he says.

“However, the modern technology vendor community is trying to overcome these systems with new models; building collaboration and trust between mining and the technology sector will create a secure sustainable future.”

Beer also believes standards have a two-prong role to play. “There is clearly a need for both a strong set of standards to define what good looks like in terms of cybersecurity more broadly, and a set of industry standards to ensure that the specific needs are met to deliver those secure outcomes.”

GMG launches cybersecurity and electric mine working groups

The Global Mining Guidelines Group (GMG) says it has just launched two new working groups on cybersecurity and the electric mine to create safe and sustainable mines of the future.

The Cybersecurity Working Group aims to help mining stakeholders as they look to design safe, secure, reliable and resilient cybersecurity infrastructure that adheres to regulatory, trust, and privacy best practices, GMG said.

The group is to provide guidance for the industry to access and implement existing solutions, be responsive to the priorities of the industry, and look for projects that will benefit from GMG’s open, collaborative principles and processes, it added.

“As digitalisation increases in our industry, so does the risk of cybersecurity incidents,” says Andrew Scott, GMG Vice-Chair Working Groups and Principal Innovator at Symbiotic Innovations. “Industry-wide knowledge sharing and collaboration are important for mitigating these risks.”

Scott added: “The topic has come up in many existing GMG projects including those on autonomous systems, artificial intelligence and interoperability, and it is clear that cybersecurity is a high-priority concern among mining stakeholders.”

The group will work closely with the Mining and Metals Information Sharing Analysis Centre (MM-ISAC) to collaborate on and identify existing projects and prevent duplication, according to GMG.

The Electric Mine Working Group, meanwhile, aims to accelerate the advancement and adoption of electric mining technologies in underground and surface contexts. It will cover all-electric technologies that are replacing those that typically use diesel.

Key objectives include developing guidelines and sharing information on using and testing electric technologies and designing electric mines.

GMG Managing Director, Heather Ednie, said: “The shift toward the electric mine in surface and underground contexts is indicative of our industry’s growing commitment to reducing greenhouse gases and providing safer working environments.

“Previous GMG work on battery-electric vehicles in underground mining brought together a community of companies leading the way in developing and adopting electric mining technologies. As these technologies are increasingly used in surface mines, the need to expand the community has become clear.”

This group will work in parallel with the International Commission on Mining and Metals (ICMM) and its Innovation for Cleaner Safer Vehicles (ICSV) initiative to ensure that the initiatives support each other, GMG explained.

Once launched, these groups will form a steering committee to refine the scope and objectives and identify early projects, GMG said.

The Cybersecurity Working Group will have its introductory virtual meeting on November 11. The kick-off workshop is to define what the industry needs from a cybersecurity perspective; it will be held at the Kennedy Space Centre in Florida, USA. on December 5, held in partnership with the MM-ISAC.

The Electric Mine Working Group will have its introductory virtual meeting on November 21.

Emerson and Cisco to improve plant productivity, reliability and safety

Emerson has partnered with Cisco to introduce a “next-generation industrial wireless networking solution” that, the Missouri-based company says, can improve plant productivity, reliability and safety.

The combination of the Emerson Wireless 1410S Gateway with the Cisco Catalyst® IW6300 Heavy Duty Series Access Point results in the latest in wireless technology with advanced WirelessHART® sensor technology, it said. The solution, according to Emerson, delivers reliable and highly secure data, even in harsh industrial environments like mining.

Emerson said: “To help enable new digital transformation strategies, this industrial networking solution combines Emerson’s expertise in industrial automation and applications with Cisco’s innovations in networking, cybersecurity and IT infrastructure.

“Driven by the demand for greater productivity, lower maintenance costs and improved worker safety, industrial manufacturers are accelerating investment in robust IoT sensor networks combined with scalable operational analytics tools to improve organisational collaboration and decision making. In these environments, network performance and security are critical for success.”

The new wireless access point supports mobile applications that offer instant access to process control data, maintenance information and operation procedures, enabling improved plant productivity and worker safety.

Liz Centoni, Senior Vice President and General Manager of IoT at Cisco, said a secure connection that scales easily is the foundation for every successful IoT deployment. “By using the power of the intent-based network, Cisco provides a secure, automated, rock solid infrastructure helping IT and operational teams work together to reduce complexity and improve safety.”

This wireless access point provides enhanced Wi-Fi bandwidth necessary for real-time safety monitoring, including Emerson’s Location Awareness and wireless video. These applications enhance personnel safety practices, improve plant security and help ensure environmental compliance, according to Emerson.

“A reliable and fast connection between devices and people streamlines decision making by providing real-time analytics,” Emerson said. “It also enables a mobile workforce to virtually come together, collaborate and resolve critical issues in a timely manner.”

Bob Karschnia, Vice President of Wireless at Emerson, said the need for products installed in industrial plants to last for years – even decades – was a key criterion for this new networking solution.

“This kind of longevity was a critical design and engineering requirement to ensure this new wireless access point was future-proofed to meet a rapidly evolving technology landscape.”

Deloitte urges miners to take proactive approach to disruptive technology, cybersecurity

Professional services company Deloitte today has released two global mining reports to coincide with the opening of the International Mining and Resources Conference (IMARC) in Melbourne, Australia.

The two reports explore cyber risk (An integrated approach to combat cyber risk: securing industrial operations in mining) and human capital trends (Beyond HR: rethinking work and operations in the mining industry) and their impact on the global mining sector.

Deloitte’s National Mining Leader, Ian Sanders said that based on findings from both reports, organisations needed to prepare for the changes that would come with developing future mines.

“Disruptive technologies are prompting massive transformation for mining companies,” Sanders said, adding: “A survey of energy and resources leaders reveals 76% consider artificial intelligence and robotics as critical factors for success but just 31% are ready to adopt the technology.”

The cyber risk report examines how cyber threats are disrupting the mining value chain and outlines approaches companies can take to secure their operations.

“Despite cyber attacks growing in number and sophistication across many industries, the mining industry has been spared in comparison,” Sanders said.

“But as the industry advances towards digitalisation and intelligent mining, it’s becoming more and more important to proactively secure operations against cyber threats.”