Cyber criminals share knowledge and tools freely. Their attacks not only pose a financial and production risk, they put our shared progress in safety and sustainability at risk. Organizations can no longer adequately defend themselves in a hostile threat landscape without participating in a threat sharing community comprised of their peers. Coordinated attacks demand a unified and cooperative defense.
In order to build true cyber resilience, MM-ISAC working groups will collaborate with other industry and security organizations to develop an industry cyber-resilience framework, operational guidance and assessment tools. These working groups will allow mining and metals companies to develop a cybersecurity framework optimized for the industry. Companies will use these tools to assess their current cyber security positioning and protect vital mining operations are resilient keeping organizations secure, safe and operational.
To strengthen cybersecurity preparedness, it is essential to maintain and update Incident Response Plans (IRPs) with the latest practices and threats in mind. Ensuring it remains effective against the quickly evolving threats that come with rapid digitization of mining and metals sector.
Additionally, organizations should streamline IT and OT IRPs, equipping teams with standardized incident response skills tailored to industrial control systems in IT and OT.
Regular tabletop exercises further validate the IRP’s effectiveness by simulating real-world scenarios, helping teams refine their response strategies and improve overall resilience.
To enhance cybersecurity readiness, organizations should look at emerging risks and threat intelligence and be able to answer the questions
“Are we vulnerable?” and “Why is this important?”
Conducting a quarterly threat hunt helps identify organizational weaknesses to current threats and strengthen proactive defense strategies. Additionally, providing guidance on the intelligence program ensures that threat detection and response efforts remain relevant to the mining and metals sector. Enabling organizations to have a eagle eyes view of current risks to evolving cyber risks allowing for teams to be effective and adaptive.
Stay ahead of evolving threats, organizations should define and update reference architectures to align with emerging technologies and security challenges. Additionally, offering guidance on secure design principles and best practices ensures that systems are built with resilience, reducing vulnerabilities and strengthening overall cybersecurity and organizational resilience postures.
As mining organizations increasingly adopt automated processes, ensuring secure architecture and appropriate threat models to ensure safety on site. It is critical to address evolving risks, organizations should look into the Autonomous Hauling Systems (AHS) Threat Models to account for underground operations, LTE, and other emerging technologies. Ensuring alignment with industry standards and security best practices helps maintain a strong security posture, protecting automated systems from cyber threats and operational disruptions.
Helping build a complete picture of the threats that affect our industry, we are proud to offer to our members a trusted and protected Threat Intelligence Platform that offers automated and analyzed intelligence. Our platform is designed to be used by companies of all sizes and maturity. Deployment options range from a stand-alone network appliance coupled with an easy to use web portal providing a turnkey option to integrate with existing tools
Helping build a complete picture of the threats that affect our industry, we are proud to offer to our members a trusted and protected Threat Intelligence Platform that offers automated and analyzed intelligence. Our platform is designed to be used by companies of all sizes and maturity. Deployment options range from a stand-alone network appliance coupled with an easy to use web portal providing a turnkey option to integrate with existing tools
To address the increasing security risk within the mining and metals industry supply chain, the MM-ISAC and Mirai Security have developed a streamlined methodology that produces a cyber security risk rating for vendors to demonstrate how they’re doing from a security standpoint. Suppliers can now benefit from filling out one questionnaire for potential business with multiple mining companies. Find out more
Effective Incident Response is dependent upon an educated workforce. Leveraging available cyber resilience workforce education and resources to develop customized Sector-specific cyber resilience curriculum that reflects organizational policies, processes, procedures, and role-based responsibilities.
MM-ISAC membership includes access to the Global Cyber Range (provide by the Global Institute for Cybersecurity + Research) providing cybersecurity education, a virtual network environment to practice cyber skills, and National Cyber First Responder training/certification.
Keep on top of what’s happening at the MM-ISAC
Mining and Metals Information Sharing and Analysis Center
#2700-685 Center St S
Calgary, Alberta, T2G 1S5 Canada
© 2024 MM-ISAC. All rights reserved.