Incident Response, Network Security, TDR

Case study: Mine games

A website attack prompted an Australia-based mining company to shore up its security implementation, reports Greg Masters.

Gone are the old days when a letter to the editor was sufficient to express a disagreement. Why stop there when as a form of public resistance and masked behind anonymity a disgruntled group can express its outrage by shutting down a website.

Such was the case when the website of the Lynas Corporation was hacked by a group opposed to the rare earths mining company setting up a processing plant in Malaysia. 

As part of a move to secure its website (which was hosted externally), the company's IT team – nine staff located across Australia and Malaysia – also decided to tighten up internal security. 

“We always had firewalls in place, but following a thorough security analysis we felt we would benefit from making further improvements,” says Gillian Kidson, the IT general manager at Lynas.

With headquarters in Sydney and plants and offices in Mount Weld and Perth in Western Australia, and Kuala Lumpur and Kuantan in Malaysia, the company currently employs around 700 staff, including contractors.

“We are aware that as a new player in the rare earths market – one traditionally dominated by China (as both a supplier and a consumer) – we are very exposed to competition and opponents,” says Kidson. “Our vision of building a highly automated, environmentally sustainable plant for the processing of rare earths to specific customer quality specifications required that the design data be highly secure.”

The decision was discussed at a high level in order to obtain support and sign-off for the project. From that point it was the responsibility of Kidson and her IT team to pull in expertise from specialist partners and to ensure that they took into account all the technologies required while providing a level of monitoring that prepared the business for any unauthorized attempts made to access its data.

“We spoke with three security companies – each of which offered very different solutions,” says Kidson (left). “Our selection had to take into account upfront capital expenditure and on-going operating costs,” she says. “As a young company, we didn't want to be burdened with a large capital investment so early, especially considering the rapid pace of change in the security environment.” The solution also had to be consistent with today's platforms, but which would also provide Lynas with the flexibility to move to an updated platform as technology evolved.

 The final decision came down to the quality and level of monitoring recommended, as well as the structure of the funding required. Kidson's team selected a solution from NTT Com Security, WideAngle MSS, to provide a single solution for cloud, on-premise or hybrid models. This move, she explains, is now assured with no capital investment by Lynas, and will be based purely on monthly operating costs. 

The NTT solution also meant her team didn't need to have fully qualified technical staff on board, because 24/7 monitoring was included. “The benefit we have experienced from a human resource perspective is huge, allowing us to employ IT staff in positions integral to our business, as opposed to supporting roles,” she says.

NTT Com Security MSS delivers meaningful information for active threat management, says Garry Sidaway, global director of security strategy at NTT Com Security. It combines consulting, managed security and technology services in a single portfolio developed to serve global customers across every industry. “With customer security and business continuity its highest priorities, NTT Com Security never fails to keep an eye on the bigger picture – identifying risks, optimizing the use of available resources, meeting compliance, and aligning risk management with clients' commercial goals and strategic ambitions, says Sidaway. 

The company provides an advanced set of security capabilities designed to address the diverse needs of different markets and territories, he says, adding that the company's  MSS offering is a scalable and modular solution that allows any organization to continually monitor and control its internet data center (IDC) and on-premise (CPE) assets.

Design and deployment at Lynas went smoothly, says Kidson. “We had five different teams working on the project. These included internal staff, NTT Com Security and a number of external providers that provided a range of applications and infrastructure support.” 

NTT Com Security managed the project plan as well as coordinating the required skills of each team to ensure a smooth roll-out in Australia, she says. And, once they were satisfied that the Australian deployment had gone well, and any weak areas had been identified and tightened up, they then moved onto the core of its operations in Malaysia.

The monitoring is done externally and Lynas's IT team receives regular reports, so the only time any action is required from them is if there is any unexplained activity on the network that raises an alarm. “We have made a few minor changes to the configuration since go-live, and they have each been processed very smoothly,” says Kidson.

Traditionally, managed security has focused on specific areas of threats using a combination of perimeter defenses, including firewalling, intrusion prevention and malware detection, Sidaway points out. Such a narrow approach, he says, makes it impossible to spot vulnerabilities and keep up with the changing threat landscape because the security data gathered is interpreted in isolation rather than through holistic analysis. “Comprehensive integrated solutions report contextual insight from the various assets employed to protect the organization, either within cloud environments, on-premise or across a blend of both.” 

"Security isn't something that should ever be implemented just to ensure compliance."

– Gillian Kidson, IT general manager, Lynas

Additionally, NTT Com Security leverages the reach and expertise of its NTT Communications Group to provide global coverage, enriched information with the latest threat information, and intelligence at both network and application layers, Sidaway says. This joined-up, deeper insight provides a practical context for events, allowing organizations to quickly identify and interpret likely vulnerabilities and make informed risk management decisions for the benefit of the business.

This implementation has been done solely to secure data and ensure that Lynas's IP is not accessible to others, Kidson says. “Security isn't something that should ever be implemented just to ensure compliance – it is something that all companies need to be aware of given the pace at which technology evolves and data becomes more accessible to people outside of their businesses.”

The deployment touches the entire company. The implementation of two DMZs and separate outgoing internet connections, as well as VPN technology, means that every Lynas employee is using either part or all of the implementation.

Further, Kidson says that in order to strengthen its security position, the company intends to build on this implementation by introducing RSA encryption technology for staff who access the network remotely.

“We have become more aware of the threats that are out there, and understand that while we may not be able to stop them all we can at least slow them down and ensure that we make every effort to secure our company data,” she says.  

For reprints of this case study, contact Elton Wong at [email protected] or 646-638-6101.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.