Mining Network and the Security Question
Christoph Müller, Andreas Noack
35th APCOM Symposium - Application of Computers and Operations Research in the Mineral Industry, Australia, September 2011 (to be published)
Abstract
Companies all over the world are very sensitive concerning their IT and network security. In most network connected technical installations and machines however, network security is not taken into account to a significant extend: Insecure protocols are run, unencrypted information is exchanged freely and even broadcasted wirelessly, networked machines are accessible via insecure FTP etc. What happens in case of malfunctions of such technical installations? Who is responsible? Who can be held liable in case of accidents? The first computer worm for automation systems ("STUXNET") was discovered during 2010. The paper is intended to create sensitivity among decision makers for potential security and resulting safety leaks and points out the current status quo in technical network security. It outlines best practices for secure networking and procedures for remote access and remote software updates on stationary equipment and mobile mining machinery. It describes how to assure authentic and genuine configurations and software targets and how to assure secure communication for autonomous and remote controlled equipment. Especially for such equipment the word should apply: "There is no safety without network security".