Enjoy Upto 50% off on all Your Assignments ORDER NOW

Cyber Risk Management and Compliance 

Executive Summary of BHP Group Cyber Risks Analysis

BHP, formerly BHP Billiton, is a BHP Billiton Limited and BHP Billiton plc, a British multinational corporation located in Melbourne, Victoria, Australia that traded in two publicly held companies based in Melbourne. BHP Billiton was established in 2001 by the Australian Broken Hill Property Companies (BHP) and the English – Dutch Anglo – Germany, who were founded in 1885 in the independent mining town of Broken Hill in New Hill, in 2017 it operated as the world's leading market-driven mining business and the third largest revenue enterprise in the world.


Executive summary:


Mining cybersecurity: a vulnerable marketplace?.

The pitfalls of automation:

Chinese cyberattacks on BHP Billiton:

Future threats:

Key risk indicators:

Current risks:

BHP Billiton to create big Aussie infosec unit:

VR, drones:


Cyber Security

The problem of cybersecurity is still industrial; mining operators must know that they are tangible targets and plan accordingly. Barry Mansfield analyses the company's views on the gains that the company has made to date and wonders if the rising cyber-threat can be halted. Cybersecurity never was far from the titles last year. Critical infrastructure faced daily assaults, including threats from government-supported organizations. As for mining cyber protection, businesses risk being financially helpful to cybercriminals, but can also be attacked by "hacktivist" organizations who are rogue in the realm of the supply chain, which aim to make a political or environmental claim. These actors generally rely heavily on complex and automated structures to weaken vulnerabilities. (Geetha, 2020)

A technical services survey by EY found that 55% of miners were victims of a significant cybersecurity incident in 2017, with 48% acknowledging that such a complex assault is unlikely to be detectable. EY thinks that the industry is late to close the cybersecurity gap and that miners fall behind the oil sector in the defense of operational technologies. Even if commodity prices increase overall, producers do not embrace risks. It is much more complex and costly to obtain money, placing new investment pressure. Initially for industrial espionage, advanced persistent threat (APT) campaigns were diverted to affect corporations by assaulting and destroying industrial properties. Because of a recent APT initiative, BlackEnergy (BE), and Sandworm were reported as the perpetrators of two power generation facilities in Ukraine in December 2015. BE and KillDisk have both been the alleged drivers in related cyber attacks against an operator and a major rail network in Ukraine.

With these accidents, BE has become a challenge for organizations in all sectors, including mines, from an energy sector crisis. Global players, industry rivals, and criminal unions betray separate but often conflicting desires. By 2018, these efforts were aimed at a wide range of businesses culminating in data and information theft (Red October), the destruction of hard drive data from electricity plants (Shamoon), nuclear power plant (Stuxnet) destruction, and, most recently, well-published attacks on power generation plants. (Umbach, 2020)

Mining Cybersecurity: A Vulnerable Marketplace?

Significant players such as Rio Tinto have strengthened cybersecurity because of the development effect on mine sites of IT-OT convergence. Over the past 18 months, the operator has set up a procurement campaign with the priority of risk analyzers, penetration assessors, intrusion scanning, and intervention specialists in the USA, Australia, South Africa, and Canada. Several new positions are aimed at obtaining industrial regulation and planning/processes for organizational services, software, and systems for goods. Similar steps have been taken by BHP Billiton and two cyber incident management practitioners, three forensics, analysis experts, and an evaluation and monitoring manager. Many technical solutions are unique to the processes of the mining industry. This does not mean however that business can continue to neglect general threats in the changing environment of corporate IT. The introduction of your computer (BYOD) and the growing usage of intelligent devices that are used to access the cloud in operating areas call for the same cautious cybersecurity approach as a business. Much as another new concept in corporate IT, the Shadow IT structure that sees business units outside of the IT sector delivering and maintaining cloud computing services with little to no intervention by heads of information (Geetha, 2020).

The Pitfalls of Automation

Businesses need effective manufacturing processes to minimize cost and improve performance and productivity to compete in the competitive world market. One solution is automation, which contributes to improving job security, limiting operating costs and variations, improving the accuracy of process modeling, and improving manufacturing consistency and capacity, together with the control level for all stages of production. There are thus continuously gaining traction in the development of production processes. ICS is designed in isolation, to focus on performance, reliability, protection, and durability. It involves various common IT implementations, network access, and various organizational objectives, which contribute to several vulnerabilities that can be exploited. 2015 saw 295 cyber incidents – up 20% from the previous year. ICS-CERT has responded. Essential production field attacks almost doubled to a record number of 97 accidents; electricity was the second most affected with 46 accidents and water and wastewater is the second most affected in 25 events. (Deebak, 2020)

Chinese Cyberattacks on BHP Billiton

THREE big Australian mining firms were the targets of the Chinese cyberattack, and one of them was arrested on bribery and espionage charges at the time Stern Hu was detained. ABC Television's Four Corners show also revealed that BHP Billiton, Rio Tinto, and Fortescue Metals Group mining giants were all subject to China-led cyber-attacks. One of them was aimed at the Rio computer network at the time Hu was arrested in July. Last month, Hu was accused of accepting bribes and robbing business secrets by the Shanghai court for 10 years in prison. A representative from Rio said the concerns involved were "important" but he declined to disclose them, although the attack was reported by former workers and government reports.

The business is said to have felt that it took their office in Singapore offline approximately three days after Hu was detained so that network security could be updated. It also influenced the Perth bureau in Rio, as crisis managers were faced with Chinese espionage and bribery charges. Significant Nicholas Chantler, a former CIO and now a cybersecurity trainer, learned about the attack. The attack was a result. "I would admit it rocked several cages and we were mindful of all kinds of conditions, but at a much lower degree," he said to the ABC. (Deebak, 2020)

In its effort to take over Rio, BHP Billiton was targeted, with a former senior manager claiming that during this time many alleged attacks had been made on its computer infrastructure. Senior mining managers at the Fortescue Metals Group have said that the networks of the company are prone to cyber-attacks in Pilbara and Perth. The Fortescue CEO Andrew Forrest said that when it comes to doing business with China, the firm has taken no measures. Alan Dupont, Director of Sydney University International Safety Research, reported that the government was worried about the potential extent of China's cyber-attacks. "It's going fast to make it tougher to infiltrate both national processes and market processes and ad hoc advising Australian business entities on some of the threats," he said. "It's secretly because they don't want it to be in public due to China's sensitivities." (Geetha, 2020)

Future Threats

David Ferbrache, a Strategic Analyst for the area of cyber protection at KPMG, warned against the unlikely settlement of endemical security in IoT in 2018. He welcomed "the complexity of the international community's reaction, which includes telcos, content distribution networks, and DDoS mitigation companies," but predicts that this would not be sufficiently aligned with global disruption in the future. He also saw a significant role in cyber insurance in protecting returns and providing a forum to assist experts in disaster scenarios. Analyst Barek Perelman, the co-founder, and chief executive officer of Indegy, warns that for the rest of 2018 there will continue to be an obstacle due to the shortage of trained ICS cybersecurity specialists. The good news is that ICS technology providers plan to create a new product package which "supports encryption and other embedded safety controls." Organizations are more interested in systems of industrial defense as they aim to keep up with emergent challenges (Zhao, 2020).

Key Risk Indicators

Key risk measures (KRIs), which are set out in the risk appetite declaration, help to assess if BHP is working either in the sense of our risk appetite or not. They also facilitate decision-making through group-level management knowledge about the vulnerability to financial and non-financial risks. For Community Risk, KRIs are specified to provide data on BHP's risk output for proactive monitoring. Where the upper and lower limits of KRI have been breached, management discusses the possible factors for knowing whether BHP may be overly dangerous or not and whether further action is required. Our existing KRIs track data such as the concentration of the industry based on a single-country sales percentage, the number of essential cybersecurity events, the number of emissions compared to the average for FY 2017, and patterns in the number of collective grievances generated. (Geetha, 2020)

Current Risks

Current risks can arise within BHP or result from the activities of BHP. These may be strategic or financial, containing material risks and non-material risks. When the present probability has materialized, the materiality is determined by measuring the maximum possible failure (MFL). The MFL is not an estimation of the possible effect of the danger on BHP. Rather the MFL is the approximate impact of all risk measures – including insurance and hedging arrangements – on BHP in a worst-cases situation without considering the possibility.

BHP Billiton to Create Big Aussie Infosec Unit

As part of its strategy to double the size of its IT workforce internationally, BHP Billiton will develop a new cyber-security capability in Melbourne. The mining giant – announcing last month's big IT expansion – will hire at least 9 security infrastructure and cyber technology experts, mainly from Victoria. It also provides its operations in Singapore and Houston with certain support for the same capabilities. In the wider community Information Policy, Risk and Enforcement (SGRC), at least six of Australia's positions are in the "Technology and Network Security Category." "That position will be responsible for the protection against technical incidents, as well the identification, analysis, coordination and containing these accidents as soon as they happen," t. BHP Billiton will employ two "cyber event responses" specialists "to proactively identify and respond to incidents, perform after-mortals and push improvements through IT and OT landscapes." (Deebak, 2020)

An insurance and test manager, responsible for the patch examination of the organization, the codes evaluation, and simulation of risks, and the "establishment and sustaining operating collaboratively with law enforcement and federal intelligence agencies (e.g. ASIO, Interpol, NSA, etc.)" will also be employed. BHP Billiton is now improving its corporate security infrastructure capabilities beyond the relevant cybersecurity area while staying in the SGRC. Perth and Melbourne will be the industry champion for the business safety team. They are the "Common Leadership for all BHP technology architecture and design practices."

VR, Drones

More than defense, BHP Billiton's aim to double its IT workforce. The organization also incorporates additional workers for robotics programs, IT-OT, and IT (IIoT) programs. The miner also seems to be plugging into its digital technology unit, set up in the restructuring year earlier, internal radiofrequency, and networking roles. As a tool for "the standards and enhancing efficiency, protection, and the atmosphere," the miner uses the production association. "We will first use emerging technology such as VR, drones, and automation to handle our business globally," said the firm. The business didn't say that it would otherwise implement technology already in operation by competitors like Rio Tinto at BHP Billiton. Investments in computer analysis, computational engineering, and humanoid robots lead Woodside Resources, apart from the mining industry, in the oil & gas sector. (Deebak, 2020)

References for BHP Group Cyber Risks Analysis

Deebak, B. D., & Al-Turjman, F. (2020). Aerial and underwater drone communication: potentials and vulnerabilities. In Drones in Smart-Cities (pp. 1-26). Elsevier.

Geetha, R., & Thilagam, T. (2020). A Review on the Effectiveness of Machine Learning and Deep Learning Algorithms for Cyber Security. Archives of Computational Methods in Engineering, 1-19.

Umbach, F. (2020). The new" rare metal age": new challenges and implications of critical raw materials supply security in the 21st century.

Zhao, H., Cao, L., Zhang, X., & Ning, X. (2020). Uncertainty Analysis and Optimization in Cyber-Physical Systems of Reservoir Production. In Big Data Analytics for Cyber-Physical Systems (pp. 215-229). Springer, Cham.

Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help

Upto 50% Off*
Get A Free Quote in 5 Mins*
Applicable Time Zone is AEST [Sydney, NSW] (GMT+11)
Upload your assignment

Why Us

Complete Confidentiality
All Time Assistance

Get 24x7 instant assistance whenever you need.

Student Friendly Prices
Student Friendly Prices

Get affordable prices for your every assignment.

Before Time Delivery
Before Time Delivery

Assure you to deliver the assignment before the deadline

No Plag No AI
No Plag No AI

Get Plagiarism and AI content free Assignment

Expert Consultation
Expert Consultation

Get direct communication with experts immediately.

500 Words Free
on your assignment today

It's Time To Find The Right Expert to Prepare Your Assignment!

Do not let assignment submission deadlines stress you out. Explore our professional assignment writing services with competitive rates today!

Secure Your Assignment!
Order Now

Online Assignment Expert - Whatsapp Tap to ChatGet instant assignment help