Practical IIoT and Wireless Network Practices for Modern Mining

Upgrade to site-specific 5G network

Pro: Site-specific 5G networks are up to 20 times faster than traditional LTE networks; the added speed allows the benefit of additional connections. Con: Additional connections means additional cybersecurity implications that must be addressed.

Additional actions/considerations for choosing among the five options:

• Give network components due consideration (for likely types of scenarios) and make sure the design receives a third-party review if safety and production rely on it.

• Identify all details to be included in the design. 

• Conduct a constructability review for an initial state and a future state, as mines evolve over time.

• Calculate the current bandwidth requirements of all mine equipment and systems, and estimate bandwidth requirements for anticipated future technologies to produce a target bandwidth with a suitable safety margin.

• Perform a proof-of-concept test for each option or case under consideration to ensure the system functions as advertised in your environment. Test physical and electromagnetic functions, performance under additional security, performance beyond vendor default, and performance when adding potential overhead of various additional protocols (safety, functionality, or integration). 

Consider the following major priorities when comparing the solutions: 

• maximizing your bandwidth return relative to cost

• having a proven, established enterprise solution ready for mine deployment

• fulfilling cybersecurity requirements, default and specific to risk profile (such as for autonomous mining)

• having straightforward scope/implementation requirements to minimize schedule delays of the rollout

• having a low operating cost relative to the capital cost, but more importantly to the total cost of ownership

• minimizing reliance on the vendor for support for servicing as well as achieving a service level in response to the specific needs for the site. The Information Technology Infrastructure Library (ITIL) foundation provides a good framework to consider the details of service functions in IT and OT.

IIoT security considerations

IIoT devices leverage wireless technologies such as LTE, 5G and Wi-Fi. They also leverage cloud technologies for analytics and storage, and low-power-consumption technologies for operational longevity. These technologies allow IIoT devices to be widely adopted in mining sites supporting autonomous mining or other processes. However, IIoT devices often have significant cybersecurity vulnerabilities to security threats.

Cyber threat actors frequently exploit security vulnerabilities in IIoT devices. A mining company faces different threat actors depending on its profile. Many mining companies have assets worth multiple billions of dollars, and many of these assets operate critical infrastructure, such as water and power supplies. Mining companies have exploration knowledge about future mining assets that, for example, influences decisions about adjacent infrastructure investments. Hence, various motivations attract intense interest from different cyber threat groups, including nation states, cyber terrorists or even disgruntled employees.

Either external or internal threat actors can exploit a wide range of vulnerabilities in IIoT solutions, and the impact can seriously damage physical assets and risk the health and safety of people. For example, bad actors can hack the sensors used to monitor tailings dam water levels and maliciously change readings to be lower than the actual ones. This can delay or prevent an emergency response to a spill of the tailings water, resulting in damage to the environment and potential loss of human life. 

Another example of an IIoT cyber threat target is the sensors used for stockpile slope monitoring. Sensors are commonly used to monitor the angle or stability of large stockpiles of different materials. If the stockpile slopes cannot be monitored correctly due to hackers intentionally changing the sensor data in the monitoring system, the stockpiles can collapse. This can cause production delays, financial loss, equipment damage, and loss of human life. 

Common IIoT device vulnerabilities include:

• Hardware devices that are unmanaged: No device registration, tracking, compliance monitoring, or access control. 

• Hardware and software versions that are out of date combined with versions of operating systems and applications that are no longer supported, leaving significant exposure.

• No endpoint protection, which makes the devices vulnerable to malware infection.

• Communication channels that are unencrypted or have no or weak authentication or are using unsecured protocols. 

• Network IIoT devices connected to untrusted networks or the IIoT exposed to the Internet without proper security protections.

• Unprotected data in transit and storage, exposing sensitive or critical data either at rest or in transit.

• Unsecured IIoT services running either on premise or in the cloud.

• Increased exposure of critical IIoT through connected and converged IT/OT infrastructure. 

• Software as a service (SaaS) with no segregation of customer data and unsecured cloud services. Vendor implementations have varying levels of security and are often open (not secure) by default.

• The supply chains are not well secured due to history and missing government practices on how third-party-supplied software/firmware/hardware should be secured. 

• The lack of physical access control for installed IIoT devices.