Mining is a highly technological industry that, in order to protect employee health and increase productivity, uses digital tools within its extractive businesses. Mining 4.0 is a concept that produces greater efficiency and integration, but also greater exposure to cyberattacks.
To this end, Mining Minister Baldo Prokurica launched a strategic cybersecurity plan for the mining industry, which aims to strengthen computer systems, jointly address threats and attacks in the sector, and develop response protocols.
The plan was announced by the minister at the EXPOMIN Virtual 2020 trade fair, and provides mining companies with support and specialized technical expertise from the Public Security and Interior Ministry's Computer Security Incident Response Team (CSIRT), who can appropriately manage these threats.
It also established that Alta Ley Corporation, which has ample experience with these issues, will be responsible for coordination between mining companies, unions and public agencies, and for implementation.
"We are immersed in a context of automation, remote working, virtualization and digitalization within the framework of Mining 4.0. As efficiency and integration increases, so the mining industry is increasingly exposed to new cybersecurity risks and hacker attacks. Mining is the most important industry in Chile, and its valuable critical infrastructure needs protecting," said Minister Baldo Prokurica.
He added that a cyberattack can affect various areas of a mining company, for example, the extraction, processing or refining process, the supply of basic resources such as water and energy, or marketing and accounting within the finance area.
In fact, the mining industry has recently been attacked, such as in April 2019 when GRUPO CAP computer technicians discovered that cybercriminals had violated the system and installed a virus to steal and encrypt important company files.
This was a "ransomware" attack, the name given to software criminals who "hijack" a system, and it spread rapidly as experts were initially unable to react. According to internal information, 387 computers and 44 servers were infected at various companies within the CAP group. There have also been attacks on the finance industry, such as those at Banco de Chile and Banco Estado.
The mining industry values the cybersecurity plan
"Cybersecurity is a challenge that we identified in our roadmap called Digitization for Mining 4.0," said Joaquín Villarino, Executive Chairman of the Mining Council. He added that the document launched by the trade association Alta Ley and Fundación Chile last July, aimed to streamline the digitization process and accelerate the adoption of new technologies by the mining industry.
"The solutions presented in this roadmap aim to protects us against any threats to the information processed, transported and stored in management systems used by the mining industry. This is a significant issue for the mining industry, so it is very important that it is included in the strategic plan announced today by the Ministry. This will help us to be better prepared to respond to any potential attack on the mining industry," said Joaquín Villarino.
SONAMI's Chairman, Diego Hernández, valued the minister’s strategic plan. "In a scenario where the mining industry has started to introduce digital tools to its productive processes, it must also develop the abilities to appropriately manage the risks associated with these technologies."
Mr. Hernández added that, given the characteristics of the mining industry, "We can confirm that most of the facilities, plants and equipment constitute critical production infrastructure. The increasing integration of operational and digital technologies leaves operations increasingly exposed to cyberattacks, which represent a new “operational risk” to this infrastructure."
He added, "We believe it is essential to work collaboratively and prepare common policies, standards and protocols, for mining companies and for their suppliers and contractors. Therefore, SONAMI is very pleased to join this initiative, which aims to preserve the security and operational continuity of our industry.”
The strategic plan has six pillars: Resilience, Awareness, Network Strengthening, Supplier Relationships, Risk Management and Monitoring, through five articulating axes:
-
Identify: Assess the organization's assets, systems, data and competencies including the context and resources that support critical activities, and its exposure to cybersecurity risks.
-
Protect: Develop and implement safeguards to contain the impact of a cyberattack.
-
Detect: Implement measures that identify when a cyberattack occurs through continuous monitoring.
-
Respond: Define how the organization should react to a cyberattack and mitigate its impact.
-
Recover: Define resilience management measures and plans for returning to normality.
Check out the presentation by the Mining Minister, Baldo Prokurica, Here.