MM-ISAC ANNUAL CONFERENCE

November 29-30 | Kennedy Space Center, FL, USA

Are your mines cyber resilient? Are you able to stay up-to-date on the latest threats and best practices, to ensure your company is protected? The MM-ISAC brings leading companies across the mining and metals industry together to share threat intelligence and best practices, and to navigate the challenges of engaging the company-wide team in the cyber protection of our operations. Together we are looking at ways of ensuring the cyber security of our OT, especially as we rely on the cloud to operate our systems and equipment and with the advent of increased robotics and automation, IOT, and new players in the industry.

Why go it alone? Cyber security should be an industry-wide effort.

The MM-ISAC Annual Conference will be held at the Kennedy Space Center in Florida on November 29-30. We aim to have every MM-ISAC member represented, and we’re opening our doors to include anyone from across the global mining industry focused on improving the cyber security of their operations. As a member of the MM-ISAC this is the top opportunity to work face-to-face with your peers from across other mining companies.

You will hear presentations from mining companies on how they are handling challenges such as the cyber security of their autonomous mining systems; how to deploy best-in-class approaches to engage the broad workforce in the protection of the company; and programs and processes to ensure the cyber resiliency of our supply chain. In addition, keynote speakers from leading companies in cyber security will advise on how we can leverage the latest

intelligence and solutions and adapt them to the mining context.

Cyber security is about relationships. MM-ISAC members need to be able to rely on each other in times of crisis and, moreso, to avoid crises from occurring. Through participation in the annual event, members can develop synergies and identify opportunities to collaborate and assist each other.

The event kicks off with a simulated cyber attack as an opportunity to test our processes and ensure we are poised and ready. There is no other opportunity for global mining companies to come together and ensure our systems are strengthened and ready to face whatever challenge might arise.

This event is in person. We need to make time to ensure our network and our knowledge base is active and advanced.

Program

NOVEMBER 29 — MM-ISAC MEMBERS ONLY

8:30 am–noon Tabletop Exercise: Simulation of an Attack

1–3 pm Roundtable: Cyber Security in Mining

Cyber security is increasingly complex for mining companies as the digitalization and automation of our mines advances swiftly. What can we achieve together in 2023 to protect our mines? We will work towards defining a roadmap for increasing the collaboration in 2023. Each participants will share their critical issues and we will dig-in on pathways for solutions covering many of the cyber security priorities today. Topics will include: insider risk; cyber security for OT; supply chain resiliency; shifting from prevention to active management control; current threat intelligence including the recent ASIO threat assessment on espionage and foreign interference in mining.

3–5 pm Annual General Meeting

NOVEMBER 30 — OPEN TO EVERYONE

8:30 am Introduction and MM-ISAC Information

Heather Ednie, Executive Director, MM-ISAC

The Mining and Metals Information Sharing Analysis Center
(MM-ISAC) brings leading companies across the mining and metals industry together to share threat intelligence and best practices, and to navigate the challenges of engaging the company-wide team in the cyber protection of our operations. Members share intelligence and collaborate on critical topics through working groups and peer meetings. 2022 priorities have included supply
chain resiliency, cyber security for OT, internal processes, and threat
intelligence.

9:00 am Keynote: Cyber Security in Mining

Rob Labbe, CISO, Teck and Chair, MM-ISAC

Rob will discuss how you can work with your site teams for better IT/OT security integration and what we can do together to rethink how we work to enable us to focus on what matters.

9:45 am Threat Briefing — 2022 and Beyond

Cherie Burgett, Director of Cyber Intelligence Operations, MM-ISAC

Cherie will cover the threat landscape in mining and metals for this year and share what to expect for 2023 and beyond.

10:30 am Break

11:00 am Emerging and Merging Tech in 3rd Party Risk Management

Matthew Ancelin, Principal Solutions Architect – Alliances, SecurityScorecard

As 3rd party risk becomes more established and settles into
the norm of Risk and Cyber operations, we are seeing a convergence of technologies and datasets being brought to bear against this struggle. This talk will review some of those

technologies, such as 3rd party ratings, attack surface management, and automatic vendor illumination. We will uncover how companies are using these technologies to provide efficiencies to TPRM programs, help better protect themselves, and help make their vendors better stewards of the data they are entrusted with.

12:00 pm Presentation by Varonis

12:05 pm Lunch

1:00 pm Why add SBOM to your OT Security?

Larry Pesce, Product Security Research and Analysis Director, Finite State

Software Bills of Materials (SBOMs), when done right, give you a complete list of every software component that’s in an OT product, down to its deepest levels. The best SBOMs provide a comprehensive inventory of every component in a connected device and have been used extensively in procurement, compliance, and product and software supply chain security applications. In this session, Larry will present on SBOM, how SBOM builds supply chain resiliency, and how and why you should integrate SBOM into your OT security program.

2:00 pm Impacts of Ransomware

Thomas Wilcox, Sr Director Security and Compliance (CISO), Hyperproof

Ransomware is big business. Thomas will teach you about the pervasiveness of ransomware, how it is impacting organizations and what can be done to combat the rising consequences.

3:00 pm Break

3:30–5 pm Roundtable: Securing Mining into 2023

Speakers

Thomas Wilcox

Thomas Wilcox spent 21 years building a successful start-up where he sat in the CIO, CTO and CISO roles. Throughout his career he helped clients overcome chaotic scenarios, including driving cultural turnarounds, creating post-breach recovery plans, implementing maturity roadmaps for information security and creating security mindsets in his clients. He has years of experience working with large and small companies. Thomas held influential advisory and executive roles at Bridgestone Americas, Allscripts, Mid-American Energy and others. This wealth of experience has provided him with countless hard lessons as well as many solutions to problems still faced by most enterprises.

Matthew Ancelin

Matthew Ancelin has been a technologist for 38 years and a cybersecurity professional for 14 years. Currently he serves as Principal Solutions Architect for Alliances at SecurityScorecard. He held previous cybersecurity roles at both Palo Alto Networks and McAfee. Matthew is a veteran of the US Army Signal Corps, where he specialized in secure microwave communications systems. He has earned the CISSP (Certified Information Systems Security Professional), Palo Alto Networks’ PCNSE (Certified Network Security Engineer), and Shared Assessments CTPRP (Certified Third Party Risk Professional).

Larry Pesce

Larry Pesce is a lifelong tinkerer and explorer whose curiosity for electronics and obsession with how things work led him to his role as Finite State’s Product Security Research and Analysis Director. In his role, Larry serves as a senior consultant, providing expert guidance and services to product security teams worldwide, including product security program design and development, product red-teaming and penetration testing, software supply chain risk management, and vulnerability management. Prior to joining Finite State, Larry spent the last 15 years as a penetration tester (amongst wearing multiple other hats) focused on Healthcare, ICS/OT, Wireless, and IoT/IIoT/Embedded Devices. An established cybersecurity thought leader, Larry serves as a principal instructor and course author at the SANS Institute and has co-hosted the popular Paul’s Security Weekly podcast for more than 15 years.

Rob Labbé

Rob is an accomplished senior executive with more than 20 years of success across the IT security industry, within mining, software development, telecommunications, retail, oil & gas, manufacturing and healthcare. Leveraging extensive experience in cyber security risk management and critical infrastructure, he is a valuable advisor for an organization that is concerned around the security of their manufacturing or industrial networks, needing to enable a digital transformation. His broad areas of expertise include risk management, building diverse cyber security teams, vendor management, training, and professional development. Throughout his executive career, Rob has held leadership positions with Microsoft and Fidelis IT inc. and is currently CISO at Teck Resources Limited and Chair of the Mining and Metals Information Sharing and Analysis Center (MM-ISAC).

Cherie Burgett

Public Speaker, Theologian, and ISAC Operations, Director. As the Director of Cyber Intelligence Operations for the Mining and Metals Information Sharing Analysis Center (MM-ISAC), Cherie Burgett leads the ISAC’s cyber intelligence program, enables sharing and coordinates responses to active threats. She provides the link between the public and private sector, and supports companies to develop strategies as they undergo digital transformation.

Heather Ednie

Heather Ednie is an influential mining professional who has more than 20 years’ experience in the mining and metals sector, developing and spearheading vital business solutions through communications and association management. In September 2021 she became the Executive Director of MM-ISAC to develop and implement the strategy to support its mission to improve the cyber resiliency of mining and metals companies. Since 2012 she has also been the CEO of Global Mining Guidelines Group (GMG) whose purpose is to be a catalyst for the operationalization of innovation in the global mining industry to improve the safety, sustainability and productivity of our mines.

Event Partner

Event Sponsor

LOCATION

Kennedy Space Center, The Astronauts Memorial Foundation Building M6-306, State Road 405 Merritt Island, FL 32899, USA

MM-ISAC ANNUAL CONFERENCE