Fingerprint The Industrial Cyber Security Journey Consultancy — Risk Reduction Roadmap
MINING 4.0 HOW DO WE GET THERE?
14
Reference Architecture
— Cyber security implications
Backup
ABB’s approach is articulated in a six-stage risk reduction roadmap, which Gogarty explains below: Risk Assessment Malware Protection Cyber Security Workplace ™
Security Updates
Syst Harde
— Risk Reduction Roadmap The Industrial Cyber Security Journey
1. Assess “This involves a ‘boots on the ground’ security assessment where we look at three aspects – people, processes and things and provide customers with a list of suggested improvements.” 1 2 Assess Consultancy Plan Reference Architecture Malware Protection Security Updates Backup System Hardening
Impleme
Fingerprint
3
Cyber Security Workplace ™
Risk Assessment
As connectivity in mines increases, so do concerns about cyber security. These concerns are warranted considering the escalation of industrial incidents in recent years – one only has to consider the massive damage to pipeline operations caused by a ransomware attack in the US in 2021 14 . Additionally, the 2022 ‘State of Industrial Cybersecurity’ survey revealed that nine out of ten organisations had their production or energy supply impacted by cyber attacks in the previous 12 months 15 . “As banks and online businesses have become more difficult to exploit, cyber criminals are increasingly turning their attention to industry. These attacks are designed to disrupt production in an attempt to extort money out of operators. Australian mining companies should be acting now to protect themselves, before they become a the victim of a disruptive attack.” advises Paul Gogarty, ABB Global Cyber Security Lead for Process Industries. “Cyber crime is a growing business, which isn’t going away. These criminals are more likely to target systems with weak security, and current statistics show that 75% of companies who have been affected by ransomware are likely to be attacked a second time within the next year.” The good news for mining companies just embarking on their digitalisation journey, is that cyber security in Mining 4.0 can be achieved seamlessly if it is part of the plan from the beginning, and implemented as digital solutions are rolled out. April 14, 2022 1 2 Assess Plan Fingerprint Risk Assessment Consultancy Reference Architecture Malware Protection Reference Architecture Malware Protection Security Updates Backup System Hardening Training Asset Inventory Cyber Security Workplace ™ Application Allowlisting Cyber Security Workplace ™ April 14, 2022
Training
A Inv
Application Allowlisting
April 14, 2022
Ne Mon
Maintenance
System Hardening 2. Plan “We sit with our customers and create a home improvement plan by identifying short, medium and long term improvement categories – often the short term Asset Inventory improvements can be done immediately, are low cost and typically have high impact.” Training Security Service Security Operations 3 Plan Implement Foundational Security
Assess
Security Updates 1 2 Backup
k Reduction Roadmap ndustrial Cyber Security Journey
Security Blueprints
3. Implement “This is implementing the steps of the plan, and where we would utilise the ABB ICS Cyber Security Reference Architecture. This template solution provides a common vocabulary for implementing improvements. It is vendor agnostic and based on the IEC 62443 control system security standard to create a secure area between the production and external systems.” 3 4 Network Monitoring Event Monitoring Security Operations Incident Response Foundational Security Security Service Security Operations Security Blueprints Foundational Security Security Service
Implement
Maintain
Application Allowlisting
print n Roadmap r Security Journey Consultancy
Maintenance
Risk Assessment
Event Monitoring
Security Operations
Incident Response
Network Monitoring
Security Operations
Security Blueprints
Maintenance
4. Maintain “Maintenance is key to the big picture of cyber security – if you’re not exercising your security controls such as updating the antivirus software or doing patches, then you’re going to become exposed.” 4 5 6 Maintain Detect Monitor & Respond Incident Response
Assess ecurity lace ™ ncy
Plan
Implement
Reference Architecture
1 2 Malware Protection
3
Backup
Security Updates
Event Monitoring
System Hardening Application Allowlisting
Training
Network Monitoring
Asset Inventory
Security Operations
Maintenance
2022
Backup
5. Detect “The next step is situational awareness, where we install monitoring systems to detect malicious activity.” Monitor & Respond
Implement
Maintain Detect
System Hardening
3
4 5 6
Training
Asset Inventory
6. Monitor and Respond “Following on from the last step, we act to stop the malicious activity, before it can do any damage to the system, or disrupt operations.”
Implement
Maintain Detect
Monitor & Respond
3
4 5 6
Made with FlippingBook interactive PDF creator