Jose Mendez

Jose Mendez, Director, Global Cyber Security, Yamana Gold Inc.

There Must Be Standard Operating Procedures For The OT Network

  • One way to document everything is to start with a vendor who can make a complete assessment and report on all your PLCs and controllers, and then move forward from there.
  • OT network controls need to include proper onboarding of new systems, proper patching, proper updates, proper backups, antivirus, and standard operating procedures.

“We found cases where OT brought in a vendor to install something that would send out telemetry over the Internet. This was happening without the control or knowledge of IT.”

Cybersecurity is less regulated in the mining industry than in other sectors. “Power and banking each have had government regulations mandating levels of security,” says Jose Mendez, who has worked in both IT and OT security. “They’re seen as being ahead of the game when it comes to cybersecurity due to these government mandates. The mining industry does not have any of that.” Yet the mining sector is just as vulnerable to cyber risk, not only to its operations, which must continue uninterrupted, but also to the miners themselves. Many miners working in hazardous environments depend on control systems to keep them safe. “Safety is incredibly important to the mining industry, and cybersecurity is part of that,” he says.

This is an excerpt from Reducing Industrial Risk. The eBook was generously sponsored by PAS.