Mi­ning Net­work and the Se­cu­ri­ty Ques­ti­on

Chris­toph Mül­ler, An­dre­as Noack

35th APCOM Sym­po­si­um - Ap­p­li­ca­ti­on of Com­pu­ters and Ope­ra­ti­ons Re­se­arch in the Mi­ne­ral In­dus­try, Aus­tra­lia, Sep­tem­ber 2011 (to be pu­blis­hed)

Ab­stract

Com­pa­nies all over the world are very sen­si­ti­ve con­cerning their IT and net­work se­cu­ri­ty. In most net­work con­nec­ted tech­ni­cal in­stal­la­ti­ons and ma­chi­nes howe­ver, net­work se­cu­ri­ty is not taken into ac­count to a si­gni­fi­cant ex­tend: In­se­cu­re pro­to­cols are run, un­en­cryp­ted in­for­ma­ti­on is ex­chan­ged fre­e­ly and even broad­cas­ted wire­less­ly, net­wor­ked ma­chi­nes are ac­ces­si­ble via in­se­cu­re FTP etc. What hap­pens in case of mal­func­tions of such tech­ni­cal in­stal­la­ti­ons? Who is re­s­pon­si­ble? Who can be held lia­ble in case of ac­ci­dents? The first com­pu­ter worm for au­to­ma­ti­on sys­tems ("STUX­NET") was dis­co­ver­ed du­ring 2010. The paper is in­ten­ded to crea­te sen­si­ti­vi­ty among de­ci­si­on ma­kers for po­ten­ti­al se­cu­ri­ty and re­sul­ting sa­fe­ty leaks and points out the cur­rent sta­tus quo in tech­ni­cal net­work se­cu­ri­ty. It out­li­nes best prac­tices for se­cu­re net­wor­king and pro­ce­du­res for re­mo­te ac­cess and re­mo­te soft­ware up­dates on sta­tio­na­ry equip­ment and mo­bi­le mi­ning ma­chine­ry. It de­scri­bes how to as­su­re au­then­tic and ge­nui­ne con­fi­gu­ra­ti­ons and soft­ware tar­gets and how to as­su­re se­cu­re com­mu­ni­ca­ti­on for au­to­no­mous and re­mo­te con­trol­led equip­ment. Es­pe­ci­al­ly for such equip­ment the word should apply: "There is no sa­fe­ty wi­thout net­work se­cu­ri­ty".

Tags: mi­ning, Sa­fe­ty, se­cu­ri­ty