- By Bas Mutsaers, Mark O. Harris , Joanne Sun, Robert Zwick
- Connectivity & Cybersecurity
How wireless technology, IIoT, and good cybersecurity practices can support modern mining and metals facilities.
Modern metals and mining companies are sophisticated and often highly automated businesses with long histories. Current macroeconomic trends and business pressures increasingly demand that operations respond to technology advances, including faster and more reliable communications. The Industrial Internet of Things (IIoT), edge and cloud computing, 5G wireless communications, and other new technology promise increased functionality, but also require new approaches to security and daily governance to protect the investments needed to support them.
Here we share practical considerations about how wireless technology combined with good cybersecurity practices can support modern industrial facilities. Our examples come from mining and metals operations but apply to modern industrial operations of all types. Our focus is on wireless communication and IIoT, where practices are less mature, use and functionality are expanding quite rapidly, and security practices need to keep up with the growing risks that the sheer volume of additional endpoints will create.
Need for near-real-time data
With sustainability increasingly guiding the central decision-making processes, production functions, and the wider enterprise, businesses expect communication and processing to happen efficiently and with the lowest possible carbon production. This translates to producing with minimum energy consumption and with the least impact on water demands and water quality. Shareholders and the wider public are demanding sound environmental, social, and governance (ESG) and best practices for energy efficiency.
The efficiency of these processes can only happen with the right data. Tracking production to a level of trace metal specificity is being increasingly requested for the related Scope 1, 2, and 3 reporting needs of the downstream production and purification companies. Companies can address requirements for such near-real-time data to support business needs separately or by a combination of wired and wireless solutions.
Communication can happen over hardware spread across the premise, or it can move wirelessly to the cloud for bulk data storage. IIoT devices deployed at industry sites communicate with field gateways/edge devices via an edge network (typically a wireless network). Data is collected from sensors and systems, analyzed at the edge hub level for real-time integration, or sent to a central cloud-based service. This data is aggregated with other data and delivered for advanced data analytics, such as digital twin, virtual reality, and value chain optimization (figure 1).
The edge network is critical communication infrastructure that enables fleet automation, decision automation, and optimization of production processes in the pit. Through the edge network, companies manage operations and maintenance with integrated planning and live fleet updates from drills, haul trucks, shovels, sensors, and unmanned aerial vehicles or drones.
Edge compute capacity is commonly achieved by deploying compute/storage hardware at the industry site data center close to the operation site. Data collected from IIoT devices can be processed quickly, and real-time integration with operational management systems takes care of hygiene, water management, energy and power quality, and product and assay management. Without IIoT, these processes would normally be manual, slower, and less accurate. With edge computing, the data reaches decision makers more quickly. Many workflows are therefore shortened, resulting in better decision making and overall plant efficiency.
Wireless trends in metals and mining
The use of wireless communication is already large and growing in mining and metals operations, often because the work is dangerous or spread over large areas. Steel is manufactured with very hot smelting processes, for example, and many operations use robotics for productivity and safety. There is a growing interest in autonomous robotic operations, including the management of in-process inventory, because these products are heavy and hard to handle.
In secondary steelmaking, requirements for speed and custom-made production volumes and grades are increasingly affecting efficiency, as these processes are added (through intelligent real-time scheduling) on top of brownfield applications and existing architectures, producing new safety scenarios and challenges. This strains existing wireless communications infrastructure.
Mines generally have similar challenges to efficiency, as well as multiple production- and safety-critical systems that are reliant on a consistent wireless connection. Mining continues to increase its levels of automation, and this includes the need for data connections to traditional (crewed) heavy mobile equipment (HME) and to autonomous or remote-controlled HME such as drills, haul trucks, excavators, and dozers.
The following mine systems are typically reliant on some kind of wireless connection:
- operations and fleet management
- remote HME operations
- collision avoidance for mobile equipment
- asset health monitoring and reporting
- ore and grade control, drill patterns
- high-precision GPS for GPS corrections
- geotechnical monitoring
- fatigue monitoring of personnel
- underground remote equipment operation
- electrical power equipment monitoring and control
- leaching field monitoring
- condition-based monitoring of intelligent instruments and control elements.
When it comes to cybersecurity, every industrial sector has its own requirements, but mining and metals companies are benefiting from the work of the ISA Global Cybersecurity Alliance to advance cybersecurity readiness and awareness in manufacturing and critical infrastructure facilities and processes. Secure communication is key, because mining and metals information also involves business information as products change hands across the value chain.
Another more local example of the need for secure communications happens when contractors who manage the pit fleet are moving material at the right grade from the pit to the owners of the plant: If trusted information is available for decision making, sites can realize the highest potential value of the ore based on specific productivity key performance indicators and other requirements.
Updating a 10-year-old wireless data network
Consider the situation facing a mining operation with a 10-year-old wireless data network. At this point, it is likely at its bandwidth capacity, which limits new technologies and upgrades to existing systems (e.g., collision avoidance, turn-by-turn dispatch directions). Besides the environmental challenges of dust, vibration, and other dynamics affecting operation of the current network, there is a risk of increased system failure as the network ages, demands for performance and data rate increase, and spare parts availability diminishes over time. Likely after 10 years, parts are no longer commercially available and must be procured through third-party sellers.
To mitigate the risk of unplanned system failure and therefore outage of several production- and safety-critical systems, management would have determined that the current wireless system must be upgraded or replaced with fit-for-purpose wireless technology that meets current and future bandwidth and cybersecurity needs. The new network must adapt to the current complexity of mine topography and evolve as the mine is further developed, either in an open pit or deeper and deeper underground.
Execution of the upgrade (modernization versus migration) also needs to accommodate new and updated wireless technologies to improve safety, such as systems for driver safety and collision avoidance, upgraded fleet management, and improved production and processing capabilities. Ideally systems are “future ready” for some of the expected innovation currently in pilot stages at the mine to prevent regret costs.
Given these requirements, the mine site has five options: run the existing network to failure; upgrade the current mesh network with no changes; replace it with a hybrid mesh/LTE network; replace it with a hybrid mesh/LTE network “as a service”; or install a site-specific 5G network. Here are considerations for each choice.
Run the existing network to failure
Pro: Low cost up front. Cons: Potential incidents because the current network supports safety-critical systems; increased maintenance on the existing network with no replacement components commercially available; estimated three-week production impacts due to network failure.
Replace with latest version of current mesh network hardware with no change
A typical wireless infrastructure provider offers fixed wireless and Wi-Fi to broadband service providers and enterprises to provide Internet access. An example of this is a Canopy network. Pros: Replacement systems support safety-critical systems and are often downward compatible; components are readily available; the overall system is supported by the vendor of choice; and the solution provides the easiest cutover without much additional training. Cons: Inflated cost, and the system may not provide as much bandwidth as a hybrid mesh/LTE solution.
Replace with a hybrid mesh/LTE network
Pro: The replacement system supports safety-critical systems and avoids production impacts from a network failure; addition of LTE provides additional bandwidth; components are readily available; and the system is supported by the vendor. Cons: Highest cost option; added complexity; unfamiliarity of LTE would require training and SLA setting with the vendor.
Replacement with a mesh OR hybrid mesh/LTE “as a service”
Like many platforms, hardware as a service is also available. Pros: Lower up-front cost and in greenfield sites, often a plus; good option when capital is scarce; there is a replacement system to support safety-critical systems; and the approach avoids production impacts from failure. Cons: Requires a long(er) term support contract and expense; network as a service relies on a service agreement between the customer and vendor for network maintenance and managing a business-critical system. (For this it is best if the vendor is intimate with the challenges in OT and IT for the specific industry.)
Upgrade to site-specific 5G network
Pro: Site-specific 5G networks are up to 20 times faster than traditional LTE networks; the added speed allows the benefit of additional connections. Con: Additional connections means additional cybersecurity implications that must be addressed.
Additional actions/considerations for choosing among the five options:
- Give network components due consideration (for likely types of scenarios) and make sure the design receives a third-party review if safety and production rely on it.
- Identify all details to be included in the design.
- Conduct a constructability review for an initial state and a future state, as mines evolve over time.
- Calculate the current bandwidth requirements of all mine equipment and systems, and estimate bandwidth requirements for anticipated future technologies to produce a target bandwidth with a suitable safety margin.
- Perform a proof-of-concept test for each option or case under consideration to ensure the system functions as advertised in your environment. Test physical and electromagnetic functions, performance under additional security, performance beyond vendor default, and performance when adding potential overhead of various additional protocols (safety, functionality, or integration).
Consider the following major priorities when comparing the solutions:
- maximizing your bandwidth return relative to cost
- having a proven, established enterprise solution ready for mine deployment
- fulfilling cybersecurity requirements, default and specific to risk profile (such as for autonomous mining)
- having straightforward scope/implementation requirements to minimize schedule delays of the rollout
- having a low operating cost relative to the capital cost, but more importantly to the total cost of ownership
- minimizing reliance on the vendor for support for servicing as well as achieving a service level in response to the specific needs for the site. The Information Technology Infrastructure Library (ITIL) foundation provides a good framework to consider the details of service functions in IT and OT.
IIoT security considerations
IIoT devices leverage wireless technologies such as LTE, 5G, and Wi-Fi. They also leverage cloud technologies for analytics and storage, and low-power-consumption technologies for operational longevity. These technologies allow IIoT devices to be widely adopted in mining sites supporting autonomous mining or other processes. However, IIoT devices often have significant cybersecurity vulnerabilities to security threats.
Cyber threat actors frequently exploit security vulnerabilities in IIoT devices. A mining company faces different threat actors depending on its profile. Many mining companies have assets worth multiple billions of dollars, and many of these assets operate critical infrastructure, such as water and power supplies. Mining companies have exploration knowledge about future mining assets that, for example, influences decisions about adjacent infrastructure investments. Hence, various motivations attract intense interest from different cyber threat groups, including nation states, cyber terrorists, or even disgruntled employees.
Either external or internal threat actors can exploit a wide range of vulnerabilities in IIoT solutions, and the impact can seriously damage physical assets and risk the health and safety of people. For example, bad actors can hack the sensors used to monitor tailings dam water levels and maliciously change readings to be lower than the actual ones. This can delay or prevent an emergency response to a spill of the tailings water, resulting in damage to the environment and potential loss of human life.
Another example of an IIoT cyber threat target is the sensors used for stockpile slope monitoring. Sensors are commonly used to monitor the angle or stability of large stockpiles of different materials. If the stockpile slopes cannot be monitored correctly due to hackers intentionally changing the sensor data in the monitoring system, the stockpiles can collapse. This can cause production delays, financial loss, equipment damage, and loss of human life.
Common IIoT device vulnerabilities include:
- Hardware devices that are unmanaged: No device registration, tracking, compliance monitoring, or access control.
- Hardware and software versions that are out of date combined with versions of operating systems and applications that are no longer supported, leaving significant exposure.
- No endpoint protection, which makes the devices vulnerable to malware infection.
- Communication channels that are unencrypted or have no or weak authentication or are using unsecured protocols.
- Network IIoT devices connected to untrusted networks or the IIoT exposed to the Internet without proper security protections.
- Unprotected data in transit and storage, exposing sensitive or critical data either at rest or in transit.
- Unsecured IIoT services running either on premise or in the cloud.
- Increased exposure of critical IIoT through connected and converged IT/OT infrastructure.
- Software as a service (SaaS) with no segregation of customer data and unsecured cloud services. Vendor implementations have varying levels of security and are often open (not secure) by default.
- The supply chains are not well secured due to history and missing government practices on how third-party-supplied software/firmware/hardware should be secured.
- The lack of physical access control for installed IIoT devices.
Protecting the IIoT environment is only possible by minimizing IIoT vulnerabilities and reducing potential risks. Cybersecurity is not just a technology challenge. It is also a business issue that must be addressed comprehensively through people, processes, and technology. Every organization should consider following the National Institute of Standards and Technology (NIST) Security Framework. This framework provides guidance on balancing the effort to mitigate risks and provides processes where previously none existed.
Automation, IIoT, and wireless technologies are fundamental to current mining and metals companies. These technologies are evolving quickly, producing an exciting time of growth in data collection and data sharing, expanding capability, increasing efficiency, and supporting sustainability. At the same time, it is important to ensure strong cybersecurity controls and governance to keep functionality in place, safely. Companies can increase production and reduce costs through the deployment of connected technologies, but they can also lose significant value due to cyberattacks.
At first view, smaller companies seem less vulnerable to cyberrisks. They have lower profiles. However, they also have smaller budgets for protection and less to work with when it comes to the increasingly complex capability areas that cannot be fully performed through contractors. This is where standards can help ensure best-practice implementation of technology and cybersecurity protections at reduced cost.
Some internal function needs to exist for setting and auditing the best practices supporting mining and metals companies of the future. Our companies are continuously evolving their autonomous processes across the supply chain, supported by IIoT and sound cybersecurity practices. Simple steps like network segregation and training can provide additional protection.
We in ISA MMID believe it is worth sharing some of our experiences to motivate members using the standards ISA offers in this space (figure 2). From our personal experience, we believe we need to find the balance between production gains, risk exposure, and implementation cost. This can be tricky, but with a regular inventory of the risks and some good cybersecurity practices and related frameworks, most companies can solve these challenges.
ISA’s Mining & Metals DivisionThe Mining & Metals Industries Division (MMID) is one of ISA’s technical divisions. It focuses on leveraging automation functionality and technology solutions to enhance mining processes and metal production.
Who is best served by this division? Professionals concerned with economically and environmentally sound practices related to the extraction of metal ores, coal, cement, sand, gravel, and other minerals—and the handling, separation, processing, fabrication, related processes, and research and development for the production of finished mineral or metal products. The division also covers the iron and steelmaking industries, aluminum processing and other light metals, and the production and manufacturing of metals products. Find out more by visiting the division’s page on ISA Connect.
This article is based on our joint experiences and reflects our personal opinions. It is not a representation of the companies where we work.
We want to hear from you! Please send us your comments and questions about this topic to InTechmagazine@isa.org.