Mining companies’ digital transformation roadmaps must be cognisant of cyber risks
Against the backdrop of a slowed economy and an increasingly volatile market, digital transformation in mining companies has become a business imperative to drive efficiencies, optimise competitiveness and reduce risks associated with human error. This shift, which brings the convergence of operational technologies (OT) and IT, creates new cyber security challenges for mining enterprises and calls for proactive strategies to manage these risks.
“A combination of market volatility, rising costs and changing global demand are driving a shift in the mining industry. As with most industries, mining companies are increasingly looking for ways to leverage technology to improve the efficiency of their operations and reduce their operational risks. Most of our mining clients have collapsed their IT and OT under one management structure.
“While mining companies must ensure that their OT and IT systems are effectively aligned to create value, they must have stringent measures in place to manage the cyber security-related risks associated with this convergence. As mining was one of the highest cyber-attacked industries in 2019 (1), it is crucial to make sure the convergence of systems eliminate room for these kinds of threats and that access control is well-managed,” says Charl Ueckermann, CEO at AVeS Cyber Security.
Citing the World Economic Forum’s Digital Transformation Initiative white paper, Ueckermann says digital mining is set to become a significant driver for the global mining sector. The white paper states that digitisation could create more than $320 billion in value for the industry by the end of 2025. (2,3)
Although South African mining companies lag behind their Australian mining counterparts, technology, digitalisation and data planning are becoming more advanced. Ueckermann says leading mining companies in southern Africa are actively implementing massive digital transformation projects that are connecting more systems. For example, one such mine is based in the Northern Cape, South Africa. It has one of the biggest undeveloped zinc orebodies globally and is building its entire strategy around being a fully digital mine in the near future.
Mines are also adopting industrial Internet of things (IIOT) and intelligent automation processes across pit-to-port chains, from autonomous vehicles to robotic drilling. IOT systems are implemented for multiple reasons, such as gathering and displaying production data to monitor key performance areas, tracking environmental data to monitor health and safety issues, and gaining overall visibility in areas that were not visible or accessible before.
“Connected systems, including the mining operations’ programmable logic controllers (PLCs), are now all operating on common Ethernet protocols and not propriety protocols as they used to in the past, which requires the implementation of secure operating systems and networks.”
Mining companies should first have a comprehensive understanding of their OT and IT environments and how the different parts of the organisation are connected before they implement OT security solutions. Translating their understanding into governance policies before they call on technology to protect their systems and data will result in more cost-effective and long-term solutions.
An OT security vulnerability assessment should be performed on interconnected systems to understand how they are exposed to other engineering workstations/SCADA systems and the Internet. This includes all Internet-connected devices, such as smartphones, which employees might be plugging into their computers. This is a vital building block to determine where are the high-risk security areas of the operations, and where to prioritise security efforts. Knowing what to tackle first is crucial and will be important when security alerts are set up to notify OT security experts of anomalies or possible security incidents.
AVeS Cyber Security recommends that mining organisations implement a security operations centre from where interconnected systems can be managed from one place, and the mine’s OT security posture can be monitored and analysed on an ongoing basis.
“With supporting technologies, mining companies can implement role-specific dashboards that are presented on the production floor and provide real-time access to data that is relevant to specific roles. These dashboards help people make better decisions on the fly because they have all the information they need on hand, whether the information is on a screen in their hands or on a screen next to their workstation in the processing plant.
There are three main areas for dashboards that include executive dashboards, maintenance or engineering dashboards and logistical dashboards. Executive dashboards can, for example, provide data on financial performance indicators in the office; maintenance and engineering dashboards can provide information on environmental performance indicators in the production plant; and logistics dashboards can, for example, provide important on-time shipping schedule data in the loading bay.”
“Dashboards can be built in line with key performance areas (KPAs) to get predictability around production efficiencies and production risks. It is possible to visually track, analyse and display KPAs, key metrics and workflows to monitor risks of the different areas and production processes.
“Dashboards can connect you to essential data in your files, attachments, services or APIs, and visualise the data in a single dashboard in a way that makes sense, whether it’s displaying it in the form of tables, line charts, bar charts or gauges. A data dashboard is the most efficient way to track multiple variables because it provides a central location for businesses to monitor and analyse performance, and make informed decisions in real-time. Real-time monitoring reduces the hours of analysing and long lines of inefficient back-and-forth communication, which can result in miscommunication that previously challenged businesses. It can, therefore, assist in identifying when something is ‘out-of-the-ordinary'.”
Ueckermann concludes: “These are exciting times for mining companies. Leveraging digital mining technologies has tremendous potential to create value and drive efficiencies in mines all over the world. For a start, with machines becoming more automated and interconnected as well as connected to the Internet, mines can now collect real-time data about stock levels, as well as minimise human safety hazards.
“New smart mine environments should be built on a foundation of industry-specific cyber security solutions to manage risks effectively. With IT and OT convergence, digital roadmaps need to be implemented to achieve a decent risk profile.”
- Symantec, (2019, 02). Internet Security Threat Report: Volume 24. Retrieved from Broadcom: https://www.broadcom.com/support/security-center/publications/threat-report
- Accenture, W. E. (2017, 01 01). Mining and Metals Industry. Retrieved from Word Economic Forum: http://reports.weforum.org/digital-transformation/wp-content/blogs.dir/94/mp/files/pages/files/wef-dti-mining-and-metals-white-paper.pdf
- Claassen, L. (2018, 06 18). Mining goes digital. Retrieved from Brainstorm Magazine : http://www.brainstormmag.co.za/verticals/14315-mining-goes-digital
AVeS Cyber Security
AVeS Cyber Security is a specialist in industry-specific IT Governance & Architectural services, combining expert knowledge and services with leading technology products to provide comprehensive Information Security and Advanced IT Infrastructure solutions. Over the past 22-years, AVeS Cyber Security has strategically honed its solutions and services to help Southern African businesses future-proof their IT environments against the constantly evolving threat landscape while achieving their digital transformation aspirations. The company offers a leading portfolio of professional services, products, and training in security, infrastructure, and governance solutions. In 2019 and 2020, the company won six awards from some of the world’s top technology vendors, indicating competency, strength, innovation and robustness in an industry that is fast growing in complexity due to evolving challenges, such as ransomware, advanced targeted attacks and the Internet of Things. The awards include Kaspersky's Africa Partner of the Year 2019 and 2020, Kaspersky's Top META Learning Partner 2020, ESET's Regional SMB Sales Champion 2019, ESET's Product Champion 2019, and Symantec's SMB Partner of the Year 2019. AVeS Cyber Security also received four new partner statuses, namely, Microsoft Gold Datacentre Partner, DellEMC Gold Partner, Veeam Silver partner and Sophos Platinum partner.