Canadian Copper Mountain Mining (CMMC) shut down their mill after a December 27th ransomware attack “as a preventative measure to determine the status of its control system, while other processes switched to manual operations.” The article in the November 2022 issue of IEEE Computer magazine – “Using Machine Learning to Work Around the Operational and Cybersecurity Limitations of Legacy Process Sensors” describes the testing performed at a large mining/metals facility. The testing demonstrated that the physics of the sensors could provide information not available to the Windows HMI - https://www.controlglobal.com/blogs/unfettered/blog/21437429/ieee-paper-on-process-sensor-monitoring-what-you-need-to-know-about-process-sensor-cyber-security. Because the sensor monitoring system was off-line from the facility’s IP network, neither IT malware nor ransomware could reach the sensor monitoring or the process. This means that the mill may NOT have needed to be shut down if the process sensors indicated the process was not affected. As any IP network can be hacked, monitoring the physics of the sensors off-line is arguably the only approach to justify continued operation during a ransomware or other IT cyberattack. Additionally, as can be seen by the IEEE article, monitoring the process sensors provides a real ROI as the process sensor monitoring also provides improved process safety, reliability and product quality. As some in the insurance industry are stating they will not insure ransomware, one wonders how the insurance industry will view manual shutdowns that could have been prevented by the monitoring of the process sensor physics.
Joe Weiss
