Convergent Quantitative Cyber Risk Assessment to Optimize Enterprise Reliability

.Convergent Quantitative Cyber Risk Assessment to Optimize Enterprise Reliability will be the theme of our paper at CIM 2018 conference.

Reportedly KPMG’s Toronto office produced a text entitled “Insights Into Mining” stating that mining companies “may be” underestimating the risk of cyberattacks. Indeed they consider this risk will increase as more companies embrace mining automation, IoT, etc.

The report also emphasizes that mining executives believe based, like usual, on “feeling and perceptions”  that innovation and the risk of disruption are in 16th ranking of concerns. Feeling and perceptions do not include rational risk assessments. Meanwhile cyber-security “risks” rank 18th. That is in an contradiction with KPMG’s own views.

As lots of jobs in mining will be automated, it is difficult to believe that the executives’  ranking may be correct. At Riskope we definitely agree with KPMG’s report.

Information technology (IT) , Internet of Things (IoT), and spreading connectivity are beneficial and generate risks

Like other industries mining is information dependent, from exploration, to design, maintenance and closure. Without proper information and adequate algorithms to tackle it there is no business!

Information technology (IT) , Internet of Things (IoT), and spreading connectivity are bringing very significant benefits to mining, streamlining operations, increasing efficiency.

However, their ubiquitous deployment increases the mining industry’s exposure to cyber criminals and possibly terrorists. This phenomenon is general and occurs in every single industrial, infrastructural and service space, not only in cyber risks in mining.

Reportedly at least one major mining company has been the target of a massive hack, but serious infrastructural damages have only seldom been inflicted, and not in mining (as far as we know), but in other industries.

Techniques and tools of cyber attacks evolve continuously. They become more sophisticated. The distinctions between actors and threats  is more and more blurred and attack prospects more worrying. Consequences of an attack are always multi-dimensional, spanning from physical to psychological.

Convergent Quantitative Cyber Risk Assessment to Optimize Enterprise Reliability

Given the rapid escalation in the number and sophistication of cyber attacks infrastructural damages are to be expected “any time”, anywhere.

Interdependencies, common cause failures and “long chain events” make things worse in any of the consequences dimensions. Furthermore, any infrastructural damage, especially those with environmental consequences or harm to people, will lead to significant crisis potential, reputational damages and legal consequences.

The wide spectrum of threats and potential consequences spanning across the various functions of a mining company, from management to production and logistics, show that siloed approaches do not work. Integrative ones are slightly better and, finally, convergent approaches offer an optimum reliability increase while mitigating risks.

Cyber risks in mining companies are a significant part of reality. We have to evaluate them using appropriate tools. They require enough sophistication to grasp the complex reality, yet operable enough to avoid paralysis by analysis.

Broad spectrum protection investments and particularly poorly prioritized ones are not efficient. Indeed  they are oftentimes limited in scope by other operational requirements. Furthermore those investments are oftentimes based on “simplistic” hazard analyses. Those do not help making optimum decisions.

Indeed, it is simply not possible to protect each property from each threat.

Cyberdefense must be rooted on convergent prioritized Risk Management. Standardized audits and practice of indolent regulations, or the biased advice of fear monger solutions sellers do not solve problems.

Cyber risks in mining companies are a reality. The deployment of an adequate silos-busting convergent analysis methodology will eliminate mitigative capex squandering. Additionally the overall enterprise reliability will increase.

The goal is to optimize mitigative investments and increase reliability while including cyber-risks in the best possible way.

Contact Riskope to learn how ORE can support your endeavors.

Tagged with: Convergent Quantitative Cyber Risk Assessment, Information technology, Internet of Things, IoT, IT, Reliability

Category: Consequences, Risk analysis, Risk management