Case study: Mine games
A website attack prompted an Australia-based mining company to shore up its security implementation.
Gone are the old days when a letter to the editor was sufficient to express a disagreement. Why stop there when as a form of public resistance and masked behind anonymity a disgruntled group can express its outrage by shutting down a website.
Such was the case when the website of the Lynas Corporation was hacked by a group opposed to the rare earths mining company setting up a processing plant in Malaysia.
As part of a move to secure its website (which was hosted externally), the company's IT team – nine staff located across Australia and Malaysia – also decided to tighten up internal security.
“We always had firewalls in place, but following a thorough security analysis we felt we would benefit from making further improvements,” says Gillian Kidson, the IT general manager at Lynas.
With headquarters in Sydney and plants and offices in Mount Weld and Perth in Western Australia, and Kuala Lumpur and Kuantan in Malaysia, the company currently employs around 700 staff, including contractors.
“We are aware that as a new player in the rare earths market – one traditionally dominated by China (as both a supplier and a consumer) – we are very exposed to competition and opponents,” says Kidson. “Our vision of building a highly automated, environmentally sustainable plant for the processing of rare earths to specific customer quality specifications required that the design data be highly secure.”
The decision was discussed at a high level in order to obtain support and sign-off for the project. From that point it was the responsibility of Kidson and her IT team to pull in expertise from specialist partners and to ensure that they took into account all the technologies required while providing a level of monitoring that prepared the business for any unauthorized attempts made to access its data.
“We spoke with three security companies – each of which offered very different solutions,” says Kidson (left). “Our selection had to take into account upfront capital expenditure and on-going operating costs,” she says. “As a young company, we didn't want to be burdened with a large capital investment so early, especially considering the rapid pace of change in the security environment.” The solution also had to be consistent with today's platforms, but which would also provide Lynas with the flexibility to move to an updated platform as technology evolved.
The final decision came down to the quality and level of monitoring recommended, as well as the structure of the funding required. Kidson's team selected a solution from NTT Com Security, WideAngle MSS, to provide a single solution for cloud, on-premise or hybrid models. This move, she explains, is now assured with no capital investment by Lynas, and will be based purely on monthly operating costs.
The NTT solution also meant her team didn't need to have fully qualified technical staff on board, because 24/7 monitoring was included. “The benefit we have experienced from a human resource perspective is huge, allowing us to employ IT staff in positions integral to our business, as opposed to supporting roles,” she says.
NTT Com Security MSS delivers meaningful information for active threat management, says Garry Sidaway, global director of security strategy at NTT Com Security. It combines consulting, managed security and technology services in a single portfolio developed to serve global customers across every industry. “With customer security and business continuity its highest priorities, NTT Com Security never fails to keep an eye on the bigger picture – identifying risks, optimizing the use of available resources, meeting compliance, and aligning risk management with clients' commercial goals and strategic ambitions, says Sidaway.
The company provides an advanced set of security capabilities designed to address the diverse needs of different markets and territories, he says, adding that the company's MSS offering is a scalable and modular solution that allows any organization to continually monitor and control its internet data center (IDC) and on-premise (CPE) assets.