Convergent Quantitative Cyber Risk Assessment to Optimize Enterprise Reliability

Convergent Quantitative Cyber Risk Assessment to Optimize Enterprise Reliability

Mar 7th, 2018

.Convergent Quantitative Cyber Risk Assessment to Optimize Enterprise Reliability will be the theme of our paper at CIM 2018 conference.

Reportedly KPMG’s Toronto office produced a text entitled “Insights Into Mining” stating that mining companies “may be” underestimating the risk of cyberattacks. Indeed they consider this risk will increase as more companies embrace mining automation, IoT, etc.

The report also emphasizes that mining executives believe based, like usual, on “feeling and perceptions”  that innovation and the risk of disruption are in 16th ranking of concerns. Feeling and perceptions do not include rational risk assessments. Meanwhile cyber-security “risks” rank 18th. That is in an contradiction with KPMG’s own views.

Convergent Quantitative Cyber Risk Assessment to Optimize Enterprise Reliability

As lots of jobs in mining will be automated, it is difficult to believe that the executives’  ranking may be correct. At Riskope we definitely agree with KPMG’s report.

Information technology (IT) , Internet of Things (IoT), and spreading connectivity are beneficial and generate risks

Like other industries mining is information dependent, from exploration, to design, maintenance and closure. Without proper information and adequate algorithms to tackle it there is no business!

Information technology (IT) , Internet of Things (IoT), and spreading connectivity are bringing very significant benefits to mining, streamlining operations, increasing efficiency.

However, their ubiquitous deployment increases the mining industry’s exposure to cyber criminals and possibly terrorists. This phenomenon is general and occurs in every single industrial, infrastructural and service space, not only in cyber risks in mining.

Reportedly at least one major mining company has been the target of a massive hack, but serious infrastructural damages have only seldom been inflicted, and not in mining (as far as we know), but in other industries.

Techniques and tools of cyber attacks evolve continuously. They become more sophisticated. The distinctions between actors and threats  is more and more blurred and attack prospects more worrying. Consequences of an attack are always multi-dimensional, spanning from physical to psychological.

Convergent Quantitative Cyber Risk Assessment to Optimize Enterprise Reliability

Given the rapid escalation in the number and sophistication of cyber attacks infrastructural damages are to be expected “any time”, anywhere.

Interdependencies, common cause failures and “long chain events” make things worse in any of the consequences dimensions. Furthermore, any infrastructural damage, especially those with environmental consequences or harm to people, will lead to significant crisis potential, reputational damages and legal consequences.

The wide spectrum of threats and potential consequences spanning across the various functions of a mining company, from management to production and logistics, show that siloed approaches do not work. Integrative ones are slightly better and, finally, convergent approaches offer an optimum reliability increase while mitigating risks.

Cyber risks in mining companies are a significant part of reality. We have to evaluate them using appropriate tools. They require enough sophistication to grasp the complex reality, yet operable enough to avoid paralysis by analysis.

Broad spectrum protection investments and particularly poorly prioritized ones are not efficient. Indeed  they are oftentimes limited in scope by other operational requirements. Furthermore those investments are oftentimes based on “simplistic” hazard analyses. Those do not help making optimum decisions.

Indeed, it is simply not possible to protect each property from each threat.

Cyberdefense must be rooted on convergent prioritized Risk Management. Standardized audits and practice of indolent regulations, or the biased advice of fear monger solutions sellers do not solve problems.

Cyber risks in mining companies are a reality. The deployment of an adequate silos-busting convergent analysis methodology will eliminate mitigative capex squandering. Additionally the overall enterprise reliability will increase.

The goal is to optimize mitigative investments and increase reliability while including cyber-risks in the best possible way.

Contact Riskope to learn how ORE can support your endeavors.

Tagged with: , , , , ,

Category: Consequences, Risk analysis, Risk management

Leave a Reply

Your email address will not be published. Required fields are marked *

Riskope Blog latests posts

  • ORE2 tailings deployment steps
  • 22-09-2021
  • ORE2 Tailings deployment steps: 5.1 Failure definition We designed ORE2_Tailings™  to support RIDM for tailings dams portfolios reliability enhancements. One…
  • Read More
  • first steps ORE2 tailings workflow
  • 15-09-2021
  • First steps ORE2 tailings workflow: 2 – ARCHIVAL DOCUMENT SEARCH METHODOLOGY The archival documents delivered by the client to Riskope…
  • Read More
  • ORE2 tailings technical explanations
  • 8-09-2021
  • The first ORE2_Tailings™ deployment for a given client and selected TSF portfolio is an a priori endeavor insofar it delivers…
  • Read More
  • Get in Touch
  • Learn more about our services by contacting us today
  • t +1 604-341-4485
  • +39 347-700-7420

Hosted and powered by WR London.