NSW Mining Australia

Saleem Syed

NSW Mining Australia

Abstract
The following research paper analyzes the state of security employed by the New South Wales
Minerals Council which is a leading association currently representing the states minerals
industry. Mining is a key economic driver for the state and has been speculated to remain one of
the top industries. NSW Mining council works closely with the government. Although
considered by many as the largest industry of the state and one of the largest industries of the
country itself, NSW mining council has been the target of many hackers in the past who have
aimed to take hold of its sensitive information and this paper will discuss what measures can also
be taken to further improve information security.

NSW Mining Australia

Table of Contents
Introduction................................................................................................................ 4
Background of the organization..............................................................................4
Current state of the security................................................................................... 5
CNSS Security model.................................................................................................. 6
C.I.A Triangle.............................................................................................................. 6
Suggestions for improvement.................................................................................... 7
Conclusion.................................................................................................................. 9
References................................................................................................................ 10

NSW Mining Australia

Introduction
Background of the organization
The NSW minerals council is one of the oldest and largest industries of the state of New South
Wales Australia (NSW Minerals Council, 2013). According to the website of the company, none
of the states have played such a major and significant role in the history of mining in Australia
than NSW. The advent of mining from the state can be dated back to as early as 1790s, when a
coal mine began extraction in Nobbys head in Newcastle. Although it 1799 when the first
shipment of coal was dispatched from Newcastle, this showed only the beginning of one of the
most profitable industries of the state. Even today, coal is considered the primary mineral that is
extracted from the state, but it not the only mineral that is found in the state. Other minerals that
are also extracted in the state also amount to significant revenue the major ones being Gold and
Copper.
There are two types of coal that is mined, black coal and brown coal. Black coal is noted to be of
a much higher quality than brown coal due to its high moisture and low carbon content
comparatively (Christie et al., 2011). Black coal is the type of coal that is primarily mined in
New South Wales which makes it much more profitable than mining in any other state of the
country. Statistically, the coal which is used to produce electricity contributes to the total of 84%
of total energy that is produced for the whole state. The council has also been known to be
extremely vigilant about its operations as the industry itself is a dangerous one for workers. The
NSW mining takes every possible precaution to make sure that all the security measures are met
for operations in order to ensure the safety of its employees.
The use of Coal for production of electricity through thermal plants has been regularly criticized
by environmentalists due to the emissions from these processes resulting in the greenhouse effect
of the environment (Kaushik et al., 2011). However with little availability and development of
other sources of energy along with the abundant presence of minerals in the area, the state is
heavily reliant on the industry for energy. Due to the constant pressure from these groups the
organization has put up many efforts in order to reduce the carbon emissions to the environment
in order to demonstrate corporate social responsibility. The organization has kept its best efforts
in the past to ensure that its workers are properly motivated and have the appropriate equipment
to mine. This has been one of the reasons why it has been able to give responses to
environmentalist by showing them the number of employment in the industry and amount of
revenue that helps the economy of the country.
In todays era of technology, the biggest threat to any organization can be put to the availability
of its secrets and sensitive information, which can result in the organization being prone to losing
its strengths when competitors become able to exploit its weakness in order to drive out the

NSW Mining Australia

organization out of the market (Bandyopadhyay and Sen, 2011). Every large organization knows
that its secrets and information is the most important part of the business in order to stay in the
market and prosper in the future.

Current state of the security

Although the organization has rigorously attempted to shield itself from attacks on the industry
from environmentalist and the conflict has been going on since the emergence of awareness
among individuals about the harmful effects of using non-renewable resources specifically to
produce electricity, the damage of these attacks have been nothing compared to the cost of
tackling attacks on the organizations communications and information flow (Laurence, 2011).
The industry is responsible for providing jobs to hundreds of worker who are unskilled and are
able to work in order to earn for their homes. Moreover, the organization has also been
threatened by the possibility of non-renewal of mining on their Mount Thorley Warkworth mine
(Watson, 2014). The implication of non-renewal would not only mean that the operations of the
organization will be significantly reduced resulting in reduced revenue and profits, but it would
also mean that many workers who have been working permanently in the mine would lose their
jobs and be unable to compensate for their expenses. Another problem that would pose is the cost
of closing down the mine as not closing properly can have disastrous results for the local
community.
Due to the hacking attacks on the organization, it has increased confidentiality on the software
and communications methods that are being used within the organization. The industry is one
which needs to be in constant communications, and this is true not only because of the needs for
close co-ordination between management and employees, but also because the industry heavily
relies on its supply chain practices to ensure ores and minerals are dispatched on time. Due to the
secrecy and confidentiality of measures full information about the companies security policies
are unavailable, however, the organization does employ three distinctive groups or communities
of interest in order to ensure maximum security to its information from falling in to the wrong
hands. These groups were employed after the organization was attacked in 2011 and has been
regularly updated to keep the servers and information secure. The three communities of interest
are as follows:
Information Security community; This group is solely responsible for protecting the
information that is held by the organization and ensure that the information asset is not exploited
by anyone outside the organization to be used for personal benefits.
Information Technology community; the employment of this group is also quite significant to
the operations of organization in order to ensure safety of communication between the
management of the organization. Yet the group is more important for communications between
middle or top management and is not used as often by the lower management of the organization.

NSW Mining Australia

General Business community; the group is responsible for communicating organizational

policies to all the employees. The workers that are under the employment of NSW Mining are
mostly unskilled and are not necessarily highly educated, this means that effective
communications is a more rigorous work for this group that in other industries.

CNSS Security model

The organization does work with the CNSS security model roughly, but not quite accurately,
which is otherwise also known as the McCumber Cube. The model is extremely helpful in
demonstrating a clearer understanding of the information security of an organization (Sabbari
and Alipour, 2011). Also, the model helps in identifying the information and the type of
information that is made available on different levels of the organization. It is represented by a
3x3 cube graphically in order to properly demonstrate the importance of a part of information, its
availability and its characteristics and its location. The three dimensions of Information
characteristics, Information Location and Security control categories are divided into 27 cells
where each one is separately responsible and information is classified into each cell for a specific
purpose (Sabbari and Alipour, 2011). The classification of information into cells also helps in
identifying the department that the information relates to and is so made available to be used for
the appropriate employees. The application of the model also helps in maintaining the integrity
of the information in order to let the top management know almost everything about the
organization without having to be physically present to monitor each activity. The model is also
helpful to the supply chain of an organization which means that proper application may prove
extremely beneficial to the NSW mining as the industry heavily relies on an efficient supply
chain process.

C.I.A Triangle
The C.I.A triangle is a concept of information channeling that basically worked on only three
factors as a core policy for securing information electronically (Von Solms and Van Niekerk,
2013). It has been defined as an industry standard for information security. Originally the
concept only included Confidentiality, availability and characteristics which also formed a
significant part in the building of McCumber model; however the concept has been update and
currently includes factors such as privacy, authentication, accountability and authorization.
The reason why McCumber model has only been partially implemented in the organization is
because the organization has efficiently implemented this concept on a broader perspective. The
lower level employees have been kept properly motivated by the organization through its
vigilance of the information channels that are being used by the organization. The operations
workers thus not need usually to concern themselves with what goes on in the top level

NSW Mining Australia

management, unless the decision may drastically affect them such as in the case of Mount
Thorley Warkworth mine where workers could lose their jobs due to shutting down of the mine.
On the other hand NSW Mining has been the target of two major hacking attacks in the past 6
years which means that the company needs to have an upgraded and constantly monitored
security as negligence in this matter may not only result in workers being put at risk but also the
sensitive information of the organization can leak out to the wrong people who may exploit
them. The organization may have been resistant to these attacks, but it has been statistically
calculated that every one in three companies of Australia have been attacked and 85% companies
have been breached in the past which is much higher that the world average of 60% (Nicholson
and Elms, 2011).

Suggestions for improvement

NSW Mining council is one of the oldest organizations that have been operating extractive
industries in Australia (NSW Minerals Council, 2013). In fact, the organization is well older than
the first computer, whereas in todays era computers and the internet dominate most of the
workings of any industry. Since the advent of computers and automated equipments, information
has become one of the most important assets in the world. Most businesses operate purely on
information which is crucial for an organizations strategy as well as identifying trend and future
prospects of the market. A breach of an organization can mean that its competitors can get hold
of its strategies and then act accordingly to reap more profits. Thus, organizations work
rigorously to protect their data in order to have an upper hand in the market. One of the methods
of protecting an organizations secrets is by employing Information Security Governance which
integrates the responsibilities of Governance, Risk Management and Compliance under the
objective of forming a holistic approach in order to effectively fulfill all these objectives
efficiently.
One of the many steps that the top management NSW mining may take is to implement
Information Security governance to the organization. There are many desired outcomes why an
organization may implement information security governance. The first and most significant of
desired outcomes is that of aligning the business strategy with information security in order to
work in synchronization to achieve organizational objectives (Ullah and Lai, 2011). Another
reason for implementing Information Security Governance is to effectively improve risk
management in order to more efficiently analyze and predict potential threats to an organizations
information. The information and communications systems of NSW mining have already been
attacked twice in the current decade which means the organization can be prone to more attacks
and the predictability of these attacks will better help NSW mining to take steps for contingency
in order to better prepare. Also the predictability of these would also mean that NSW mining may
be able to prevent any damage done at all to any assets of the organization.

NSW Mining Australia

The implementation of Information Security Governance also means that the organization gains
the ability to more efficiently manage its resources (Flores et al., 2014). The employment of
Information Security Governance would also mean that the organization would have to spend
fewer resources on securing its information as it would be stored directly into the organization
and would have already become more difficult to be breached by an outsider. This means that
NSW mining would have more resources available which can be better utilized on achieving
other important objectives such as increasing the corporate social responsibility in order to gain
the approval of the general public. This move will not only help the organization gain a more
positive image in the minds of the general public, but may also prove helpful in the renewal of
the mines which are under the threat of being shut down permanently.
The implementation of Information Security Governance, if successful, may not only result in
reduced costs but may also help the organization in achieving higher profits (Flores et al., 2014).
If it implements Information Security Governance successfully, it would also help in effectively
monitoring the performance benchmarks in the future as all the information will get recorded by
the organization which will not only help in estimating more accurate benchmarks but will also
help the organization to align itself better with the market needs. The successful implementation
of Information Security Governance may thus also result in the increased share value for the
organization. NSW mining is already one of the biggest companies on the stock exchange of
Australia, but has been experiencing fluctuations in its share prices in the market due to mixed
opinions about the organizations workings. Once corporate social responsibility is properly
worked on by the management, there is bound to be increased positive perceptions regarding the
organization, where investors will have increased confidence on the working of the organization
as well as have trust that the organization is safer from information breaches.
Having a proper model will also help the organization in keeping a more stable perspective of the
market and have increased predictability which will help in reacting to the market. This
predictability will not only help the organization in realizing potential threats and weaknesses,
but will also help NSW mining to analyze potential opportunities faster and act upon them. The
breach of information kept by the organization can also result in the information about other
stakeholders being leaked exposing them to all sorts of threats. Identity theft is a common crime
which has resulted in billions of thefts around the country, and this crime becomes much easier
for a hacker with access to the confidential information of the victim. The recent cyber attack on
the organizations information commercial strength also showed the flaw in their previous
techniques and so the organization had to converge its information technology with it operations
technology in order to better protect its assets.
Another step that NSW mining needs to take in order to better protect its assets is to plan
contingencies which may come into work for the purpose of keeping in hold of its information.
There are four components of a successful contingency plan which are created separately but

NSW Mining Australia

work as a single unified plan in order to counter a negative unforeseen consequence. The four
components of a contingency plan are as follows:
Contingency Plan Management Team; The team would be created and set responsible for
collecting the information of each and every attack that occurs on the organizations information
asset. The employment of this team would mean that the organization would be able to better
predict the pattern of attacks on its information asset and then prepare or upgrade its security
accordingly in order to better counter these attacks in the future.
Incident Response Team; The incident response team is made responsible for responding to the
attack on the company. The team would be made to develop its responses in advance so that time
is saved before the implementation of counter on Information Security breaches.
Disaster Recovery Team; The team would be responsible to work its way to minimize the
damages that may have occurred due to the attack. The team is also made responsible for
recovering information that may have been lost by the organization during the attack.
Business Continuity Team; The team is tasked with making sure that the organization works
efficiently at the same pace as before.
Although the components of a contingency plan are designed separately and work towards
seemingly different objectives, their workings need to be perfectly aligned in order for the
organization to execute a contingency plan with success. These components mostly work in a
cyclical format, which means that any inefficiency from a single component may result in drastic
problems for the organization itself. The teams work in a way that they work towards a unified
aim where one cannot achieve its objectives without help from the other.

Conclusion
NSW Mining council is the largest organization of the country and is responsible for not only a
significant amount of revenue for the state and fulfillment of its needs, but also helps the
economy by providing numerous jobs to both local and foreign workers. The organization has
grown rather accustomed to pressure from environmentalists who condemn its action of using
coal to provide energy and believe that it should find alternative methods to produce energy.
However, now the organizations are also facing trouble from hackers who are attempting to get
hold of the information kept. The biggest problem is that only large organizations are able to
afford and implement proper methods of security for information, whereas small organizations
are practically exposed to cyber attacks. And even after this much security if attempts are still
made on the larger organizations of Australia as well, then this means that they need to further
upgrade their security systems in order stay ahead of the curve and prosper in the future. For any
organization to successfully there are multiple methods which can help it in increasing the level
of security for its information asset. However it can still not be concretely said when an
organization is impossible to be breached by any intruder.

NSW Mining Australia

10

References
Bandyopadhyay, D., & Sen, J. (2011). Internet of things: Applications and challenges in
technology and standardization. Wireless Personal Communications, 58(1), 49-69.
Christie, V., Mitchell, B., Orsmond, D., & Van Zyl, M. (2011). The iron ore, coal and gas
sectors. RBA Bulletin, March, 1-7.
Flores, W. R., Antonsen, E., & Ekstedt, M. (2014). Information security knowledge sharing in
organizations: Investigating the effect of behavioral information security governance and
national culture. Computers & Security,43, 90-110.
Kaushik, S. C., Reddy, V. S., & Tyagi, S. K. (2011). Energy and exergy analyses of thermal
power plants: A review. Renewable and Sustainable Energy Reviews, 15(4), 1857-1872.
Laurence, D. (2011). Establishing a sustainable mining operation: an overview. Journal of
Cleaner Production, 19(2), 278-284.
Nicholson, G., & Elms, N. (2011). Corruption, corporate culture and the board's
responsibilities. Keeping good companies, 63(10), 594-599.
NSW

Minerals
Council
(2013),
about
us,
retrieve
from:
http://www.nswmining.com.au/menu/about-nsw-minerals-council [accessed 18/8/2016]

Sabbari, M., & Alipour, H. S. (2011). A security model and its strategies for web
services. International Journal of Computer Applications, 36(10), 24-31.
Ullah, A., & Lai, R. (2011). Modeling business goal for business/IT alignment using
requirements engineering. Journal of Computer Information Systems,51(3), 21-28.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber
security. computers & security, 38, 97-102.
Watson, D. (2014). NSW Court of Appeal dismisses appeal to reinstate Warkworth mine
extension approval. Australian Resources and Energy Law Journal, 33(2), 104.