Need for a complete cybersecurity solution in mining

Addressing key issues around cyber safety in an increasingly connected and digitalized industrial world.

Share this page

^{Based on an original article by Apala Ray, Global Cybersecurity Manager, Process Automation Process Industries in International Mining's February 2021 issue

View the original article ("Gone phishing") as PDF}

Digital and automation solutions offer mining operators unprecedented visualization across their operations, allowing them to make smart, informed decisions that improve production efficiency.

However, this increased interconnectedness between operational technology (OT) and information technology (IT) systems also makes industrial plants more vulnerable to sophisticated cyberattacks.

These threats can take the form of generic ‘white noise’ attacks that impact both IT and OT systems, as well as attacks using custom malware specifically crafted to infiltrate the target environment.

In response, cybersecurity must be addressed at each phase of an automation asset’s lifecycle, from design and development to operations and maintenance, identifying what needs to be protected, detecting attacks and security breaches, and establishing effective back-up and recovery plans.

Why us?

Despite this impending threat, cybersecurity is not top of mind for miners implementing new OT, according to a 2019 State of Play report on cybersecurity in mining. Through interviews, survey and analysis of Australia’s largest mining and service companies, including BHP, Rio Tinto, South32, and Anglo American, the ‘State of Play: Cyber Security Report’, from researchers at State of Play, uncovered that 98% of top-level executives thought a catastrophic event was required to drive an industry response to cybersecurity in mining.

The reality is that this ‘catastrophic event’ has not yet occurred in the mining space, although it is getting nearer.

It is crucial to plan responses to cybersecurity threats that have wide-ranging impact from commercial loss to use of systems to trigger catastrophic worldwide events

A layered approach to cybersecurity

Cybersecurity solutions have necessarily adapted and evolved in response to such threats, but the onus is on mining companies to develop a coherent cybersecurity strategy, and integrate measures into existing processes in order to protect assets, processes and people from this imminent danger.

This can be successfully achieved by partnering with a recognized technology leader. ABB acts as a maintenance service provider, an integration service provider, and also as a product supplier. The company’s cybersecurity portfolio is built around three layers: foundation, service and operation.

In the mining sector, the first foundation layer is of particular importance. US Homeland Security reports that 98% of cyberattacks can be mitigated if industrial operators have basic digital hygiene and process controls in place, including the latest anti-virus software and a regular back-up system.

To protect industrial facilities against undetected ‘zero day attacks’ from Advanced Persistent Threats (APTs) such as ransomware, ABB also advises that network segregation and recovery processes are put in place, the latter allowing mining companies to maintain production following a cyberattack.

An ideal cybersecurity portfolio is built around the three layers of foundation, service and operation.

ABB Ability™ CyberSecurity Fingerprint

ABB Ability™ CyberSecurity Fingerprint provides customers with an initial in-depth site survey to assess their existing cybersecurity control system. By combining data from an asset risk review done using ABB Ability™ Cyber Security Benchmark control system and insights from plant personnel, ABB can advise on risk mitigation and how to improve overall cybersecurity profile.

ABB used ABB Ability™ CyberSecurity Fingerprint with a Swedish mining customer’s cybersecurity policies, producing a detailed plan that analyzed the plant’s control system security and recommended new actions that could provide further protection.

It is important not to view cybersecurity as an isolated, standalone solution. It is an ongoing, holistic process that requires security patches and antivirus software to be constantly reviewed. Keeping these basic function controls updated is part of the second layer of ABB’s cybersecurity portfolio.

The third layer of protection involves operational security monitoring in collaboration with strategic partners, using advanced analytics to predict and identify evolving security threats, and adapting proven solutions from the IT sector (IBM QRadar and Splunk, for example) for use in the OT space.

Standard procedure

Collaboration, integration and clearly defining roles within the cybersecurity process are also key considerations for industrial customers to ensure they comply with standards such as IEC 62443.

The asset owner, the maintenance service provider, the integration service provider, and finally the product supplier all have clearly defined responsibilities, and must work together. Industry standards such as IEC 62443 help mining operators and technology providers such as ABB to identify risk: do we need high-end solutions or can we afford to employ lesser measures based on the risk exposure?

As asset owners, customers are in charge of cybersecurity strategy and associated risk throughout the lifecycle. The maintenance service provider reviews the technical, process and organizational measures across the holistic protection scheme to assess if security measures are fit for purpose.

The integration service provider develops and validates this holistic protection scheme and maps the residual cybersecurity risk. The product supplier takes into account requirements of the target market, shares technical documents with integration and commissioning providers, undertakes vulnerability assessments, and ultimately deploys cybersecurity technologies for industrial clients.

100% cybersecurity is not possible, as the threat landscape changes everyday. Mining companies must collaborate with standards organizations and trusted technology leaders to be able to adapt rapidly in response.

Assessment service

ABB Ability™ Cyber Security Fingerprint

Thought leadership

Cyber security in mining

Case study

Boliden in Sweden mitigates risk with ABB Ability™ Cyber Security Fingerprint

Select region / language

Europe
Americas
Middle East and Africa
Asia and Oceania

Global - English
Austria - German
Belgium - Dutch | French
Bulgaria - Bulgarian
Croatia - Croatian
Czech Republic - Czech
Denmark - Danish
Estonia - Estonian
Finland - Finnish
France - French
Germany - German
Greece - Greek
Hungary - Hungarian
Ireland - English
Italy - Italian
Latvia - Latvian
Lithuania - Lithuanian
Luxembourg - French
Netherlands - Dutch
Norway - Norwegian
Poland - Polish
Portugal - Portuguese
Romania - Romanian
Russia - Russian
Serbia - Serbian
Slovakia - Slovakian
Slovenia - Slovenian
Spain - Spanish
Sweden - Swedish
Switzerland - French | German | Italian
Turkiye - Turkish
United Kingdom - English

Global - English
Argentina - Spanish
Aruba - Spanish
Bolivia - Spanish
Brazil - Portuguese
Canada - English | French
Chile - Spanish
Colombia - Spanish
Costa Rica - Spanish
Dominican Republic - Spanish
Ecuador - Spanish
El Salvador - Spanish
Guatemala - Spanish
Honduras - Spanish
Mexico - Spanish
Panama - Spanish
Peru - Spanish
Puerto Rico - Spanish
United States of America - English
Uruguay - Spanish

Global - English
Algeria - English | French
Angola - English | French
Bahrain - English | French
Botswana - English | French
Cameroon - English | French
Côte d'Ivoire - English | French
Egypt - English | French
Ghana - English | French
Israel - Hebrew
Jordan - English
Kenya - English | French
Kuwait - English
Lebanon - English
Madagascar - English | French
Mali - English | French
Mauritius - English | French
Morocco - English | French
Namibia - English | French
Nigeria - English | French
Oman - English
Pakistan - English
Palestine - English
Qatar - English
Saudi Arabia - English
Senegal - English | French
South Africa - English
Tanzania - English | French
Tunisia - English | French
Uganda - English | French
United Arab Emirates - English
Zambia - English | French
Zimbabwe - English | French

Global - English
Australia - English
Bangladesh - English
China - Chinese | English
India - English
Indonesia - English
Japan - Japanese
Kazakhstan - Russian
Malaysia - English
Mongolia - Mongolian | English
New Zealand - English
Philippines - English
Singapore - English
South Korea - Korean
Sri Lanka - English
Taiwan (Chinese Taipei) - Chinese - Traditional
Thailand - English
Vietnam - English

abb.com privacy settings

Our website uses cookies which are necessary for running the website and for providing the services you request. We would also like to set the following optional cookies on your device. You can change these settings any time later by clicking "Change cookie settings" at the bottom of any page. For more information, please read our privacy notice.

Analytics

We collect statistics to understand how many visitors we have, how our visitors interact with the site and how we can improve it. The collected data does not directly identify anyone.

Preferences

We store choices you have made so that they are remembered across visits in order to provide you a more personalized experience.

Advertising and tracking

Your browsing behavior is tracked across websites by advertising and social network service providers. You may see tailored advertising and content on other websites based on your browsing profile.

Show details

Hide details

privacy notice.

Accept selected

Refuse all

Accept all