Visibility required

Despite a recent report from State of Play revealing that 98 per cent of global mining executives think it will take a catalytic or catastrophic event to drive a sector-wide response to cyber security in the mining industry, there is already evidence to suggest that the time is now.

As IT and operational technology (OT) continue to converge, every aspect of critical infrastructure, including the mining industry, will be subject to both the benefits but also the threats of this merged approach.

Due to this convergence, it’s becoming easier for the mining industry to connect people, equipment, and data across mines, plants, rail and ports, subsequently leading to better insights that enable faster, smarter decisions and deliver better outcomes for the organizations. Additionally, through IT-OT convergence and digital transformation – something which dramatically accelerated last year – mining operators have the potential to create safer, more sustainable, and more profitable operations. Nevertheless, the mining industry does not have the correct processes or technological infrastructure in place to full take advantage of this connectivity while simultaneously protecting its assets. This transition is also leading to a rapidly expanding attack surface which, together with legacy devices and opportunistic adversaries, is putting the mining industry at greater risk of cyber-attack.

In order to combat the cyber risks and take full advantage of IT-OT convergence, mining operators need full visibility into their new network to ensure they know what assets they have, who’s accessing them and how they can be protected from cyber threats and potential vulnerabilities.

Operational security risk profile
With increasing connections to IT infrastructure, the integration of multiple remote sites, and an array of legacy equipment being used, many in the mining industry are looking for a way to simplify their OT security profile. By doing so they hope to ensure they have full visibility into all of their assets and are able to keep track of, and if necessary, mitigate any potential cyber risks in a straightforward and efficient manner.

Having worked with a number of mining organizations globally, we’ve seen first-hand many of the issues they face when it comes to achieving a comprehensive view of their entire operational security risk profiles.

The majority of large mining companies face the challenge of securing overall operations from a central security operations center (SOC) all the way down to the site and process level. To overcome this would mean finding a solution that applies to a dispersed set of operational control systems, whilst also addressing concerns such as operational complexity; the use of legacy technology; and the restriction in possible downtime.

Firstly, the majority of mining organizations, especially the larger ones, operate in complex environments, involving multiple units and control systems from several industrial control system (ICS) vendors, across broad and often remote geographical areas. Without the adequate technology and processes in place, keeping an eye on their entire ecosystem is close to impossible.

Secondly, a reliance on traditional, IT-centric tools and legacy equipment that has been in place for 20+ years is a common challenge. Insufficient documentation of their system and network resources together with a number of sites located in array of geographies, makes the task of assessing their risk profile a particularly daunting one.

Thirdly, due to the size and complexity of large mining organizations, they must operate continuously, without any downtime, in order to function optimally. Even if systems go down temporarily, losses can be difficult to recover.

Gaining visibility
In order for mining organizations to tackle the above challenges and understand their operational risk profile, they require a deep level of visibility into their ICS networks. The solution to this can be broken down into three key parts.

Part of the solution is for organizations to implement continuous threat detection which provides a full spectrum of OT visibility, continuous security monitoring, and real-time risk insights without impacting any operational processes.

Another key aspect, especially for those organizations with sites spanning across various geographies, is to be able to safeguard the OT networks from threats introduced via unmanaged and unmonitored access by remote users, including third-party vendors, contractors and technicians.

Lastly, leaning on technology which simplifies the management and consolidation of data across the organization’s entire OT network, enables mining operators to view all of the company’s assets and activities, as well as receiving security alerts, across all of their sites.

The security element of the current IT-OT convergence process is something that still needs work within many organizations on which the running of critical infrastructure relies. However, for mining organizations, starting with gaining visibility into the entire network and architecture and consequently simplifying and understanding their operational security risk profile, is a step in the right direction.

Emanuel Salmona is General Manager, EMEA, at Claroty. Claroty bridges the industrial cybersecurity gap between information technology (IT) and operational technology (OT) environments. Organizations with highly automated production sites and factories that face significant security and financial risk especially need to bridge this gap. Armed with Claroty’s converged IT/OT solutions, these enterprises and critical infrastructure operators can leverage their existing IT security processes and technologies to improve the availability, safety, and reliability of their OT assets and networks seamlessly and without requiring downtime or dedicated teams. The result is more uptime and greater efficiency across business and production operations.
For further information please visit: