What We Do

Cyber criminals share knowledge and tools freely. Their attacks not only pose a financial and production risk, they put our shared progress in safety and sustainability at risk. Organizations can no longer adequately defend themselves in a hostile threat landscape without participating in a threat sharing community comprised of their peers. Coordinated attacks demand a unified and cooperative defense.

OUR WORKING GROUPS

In order to build true cyber resilience, MM-ISAC working groups will collaborate with other industry and security organizations to develop an industry cyber-resilience framework, operational guidance and assessment tools. These working groups will allow mining and metals companies to develop a cybersecurity framework optimized for the industry. Companies will use these tools to assess their current cyber security positioning and develop the roadmap to reach their desired end state.

INTERNAL PROCESSES

Focus areas will include developing and gathering templates, checklists and more that are specific to our industry; developing an incident response plan, maturity model, and benchmarking mechanism; guidance from peers for software of SOC; building a vulnerability management process; and more.

THREAT INTELLIGENCE AND THREAT HUNTING

Focus areas will include sharing with peers findings, intelligence, indicators and how members are handling cyber events; threat hunting; how to collect and communicate threat intelligence with different audiences in a company; how to get ahead of headlines; and more.

SUPPLY CHAIN RESILIENCY

Focus areas will include growing the MM-ISAC Cyber Security Readiness Rating program (priority); helping the vendor community to improve; and how to build highly functional relationships with both vendors and various departments across the mining company.

CYBERSECURITY FOR OT

Focus areas will include high-level guidance around OT risk assessment; sharing best practices and what each is doing; dealing with IoT and cloud architectures as a mining community; dealing with onboard systems available through public websites.

OUR PROGRAMS

INFORMATION SHARING: Threat Intelligence Platform

Helping build a complete picture of the threats that affect our industry, we are proud to offer to our members a trusted and protected Threat Intelligence Platform that offers automated and analyzed intelligence. Our platform is designed to be used by companies of all sizes and maturity. Deployment options range from a stand-alone network appliance coupled with an easy to use web portal providing a turnkey option to integrate with existing tools

INFORMATION SHARING: Secure Communications Platforms

Helping build a complete picture of the threats that affect our industry, we are proud to offer to our members a trusted and protected Threat Intelligence Platform that offers automated and analyzed intelligence. Our platform is designed to be used by companies of all sizes and maturity. Deployment options range from a stand-alone network appliance coupled with an easy to use web portal providing a turnkey option to integrate with existing tools

MM-ISAC CYBER SECURITY READINESS RATING PROGRAM

To address the increasing security risk within the mining and metals industry supply chain, the MM-ISAC and Mirai Security have developed a streamlined methodology that produces a cyber security risk rating for vendors to demonstrate how they’re doing from a security standpoint. Suppliers can now benefit from filling out one questionnaire for potential business with multiple mining companies. Find out more

TRAINING AND STAFF DEVELOPMENT

Effective Incident Response is dependent upon an educated workforce. Leveraging available cyber resilience workforce education and resources to develop customized Sector-specific cyber resilience curriculum that reflects organizational policies, processes, procedures, and role-based responsibilities.
MM-ISAC membership includes access to the Global Cyber Range (provide by the Global Institute for Cybersecurity + Research) providing cybersecurity education, a virtual network environment to practice cyber skills, and National Cyber First Responder training/certification.