The risks that miners face go beyond the “basic” Information Technology (IT) cybersecurity risks that all companies face. Miners are also exposed to attacks to their Operational Technology (OT) systems. Very roughly defined, IT is about data and software and OT is about automation and hardware, but the line between them is blurring.
In the past, when mine sites were closed to the outside world and data was not shared outside the mine, the risk was more contained. Now, however, there is a true need to share data both internally within the mining corporation and externally with partners, so the potential for risk exposure of OT systems increases. Managing the risks requires extra hardening on the control networks and the outbound/inbound connections.
With cybersecurity, everyone needs to plan for the eventuality of an attack. There are really only two types of companies: those who have been attacked and those who don’t know they have been attacked. The difference is the level of situational awareness of what is really going on and preparedness. By being prepared and knowing how to respond to attacks, the impact can be minimized.
Cybersecurity is everyone’s business
To me, the key things in strengthening cybersecurity are the following:
1. Having robust and clear guidelines on what kind of outbound and inbound connections are allowed and how they should be set up.
2. Being able to monitor in real-time what is happening inside the OT and IT networks as well as the outbound/inbound connections.
3. Making good plans for the worst-case scenario, including escalation paths, recovery procedures, and backup systems and data storage.
Of course, this is not about miners only, as cybersecurity is the responsibility of the whole ecosystem. When we as an original equipment manufacturer deliver data-driven solutions to miners, we make sure that our solutions have industrial strength cybersecurity and are also audited by a third party. Our customers verify our work and provide also their own specific standards that we respect and comply with. Working with trusted automation vendors like Rockwell Automation to standardize the data collection and data sharing approaches across multiple mining sites helps greatly in this regard.
When we are pulling data from our customers’ sites to provide analytical services, such as Metso Metrics™, or monitoring through the Metso Performance Center, we need to go through several steps to make sure we comply with all the requirements imposed by the customer’s IT. When everyone is doing their part and also checking each other’s work, we can jointly maximize cybersecurity.