Global site

ABB's website uses cookies. By staying here you are agreeing to our use of cookies. Learn more

Cyber security in mining

The mining industry today is more exposed to cyber security risks than ever. Luckily, you have a strong partner on your side.

Are you looking for support or purchase information?

The productivity of modern industry depends on sophisticated computer-controlled automation systems that have become so powerful, and so ubiquitous, that they amount to a new industrial revolution – the internet of things.

Progress is, however, often accompanied by unintended consequences. In the case of automation, the computers that make production smarter also make it more vulnerable to external interference. The possibility of infection by the malicious code that infests the internet is one thing: the Stuxnet worm was one memorable example of a virus that targeted industrial control systems; since then we have also had a sophisticated attack on a German steel mill that crippled a blast furnace, as well as many day-to-day attacks that don’t make it to the headlines, but which also cause damage and delay.

As our experts design these cutting-edge control systems, we also know how to make them as resilient as possible. To this end, our expert team has formulated a set of measures aimed at protecting their reliability, integrity and availability. The general idea is to set up a “defense in depth”, an important part in which is played by ABB’s distributed control system, ABB Ability™ System 800xA.
WannaCry and NotPetya wreaked havoc on companies running WindowsXP, but failed an entry-level cyber security test: keep systems patched and updated.

5 things you can do now to be prepared:

1

Assessments - identify and assess risks, start with basic

  • benchmark (traffic light report)
  • fingerprint (details with actions)
  • security and risk assessment
  • asset inventory 
 

2

Protections - implement firewalls and malware protection:

  • firewalls
  • anti-viruses
  • whitelisting
 

3

Hardening - harden the systems to eliminate vulnerabilities:

  • remove unused software and apps
  • lock down configurations
  • add user access control and permissions 

 4

Patching - all software has vulnerabilities, keep the system updated:

  • update operating system software with patches
  • update device firmware
  • refresh hardware and software as needed
 

5

Back-up and recovery - it is impossible to mitigate 100% risks:

  • without back-ups of applications and configurations there is no recovery
  • your best ensurance is having back-ups
  • all digital assets should be backed up

ABB knows how to protect your system - from the very beginning

We at ABB recognize the importance of integrating cyber protection into our products (more than half of which relate to software). This starts at the earliest design and development stage and runs through testing, commissioning and lifetime support.

Among the services we can offer our clients are a number that continuously scrutinise their IT systems. For example, the list below gives some of our standard protections:

  • Beyond the usual back-up, audit and encryption functionality, System 800xA’s Cyber Security Fingerprint can analyze a system’s configuration, together with the computers of key personnel, and identify potential weaknesses.
  • Whitelisting” is an option for clients with enhanced security needs. This prevents any unauthorised changes being made to applications, and it can operate in conjunction with solutions such as Industrial Defender Automation Systems Manager™, which monitors changes to registries, processes and the number of devices on the network.
  •  Enhanced access control for critical operations, such as altering the control system, batch operations or configuration changes. This can include asking the user to prove their identity, or requiring a second user to “vouch” for them.
  • Validated Microsoft security updates and 3rd party antivirus files for ABB control system minimize user efforts in evaluation, installing and testing of security patches and reduce risk of introducing an unauthorized patch into a running system.

 

How to protect high demanding mining equipment?
Another key service to mine customers in addition to our cyber security is ABB’s remote diagnostic service. This collects data from equipment such as gearless mill drives and sends it to a remote ABB control center. The center acts as a knowledge bank, a control room and a communication hub: if a problem occurs, our expertise in automated control together with our understanding of the mining processes mean it can be solved before it causes an unplanned shutdown. All of these communications are handled by a secure remote platform, so that the integrity of the overall control system is not affected; indeed, security is designed into every layer of the platform, eliminating the need for virtual private networks or cumbersome changes to security procedures.


But why is all this so important for you as a mining operator?
The answer is that you cannot afford to take the risk of unauthorized interference with your operations. A virus such as the one that wrecked the German blast furnace is an even more serious matter when your facility is inside the Arctic Circle or half way up a mountain in the Andes. 

In the future, the operation of mines will rely less and less on site staff and more and more on digital systems that optimize productivity and minimise health and safety risks. And as distributed control systems become ever more critical to the operation of a mine, so does the need to protect these systems from interference. This makes our unique combination of mining experience and our suite of security measures an indispensable partner for the mining company of the future.  

Learn more

ABB Ability™ MineOptimize - our unified, cross-functional, enterprise-wide approach to digital transformation in mining