AI, risk management, and frameworks

SMART Mining Security Solutions 2023 Editor's Choice, Security Services & Risk Management, Mining (Industry)

Famous bank robber in the 1930s and 40s, Willie Sutton, is believed to have said that he robbed banks because ‘that’s where the money is’. When it comes to mines, that’s also where the money is in the form of cash and the actual goods mined, but also in terms of equipment, supplies (like explosives) and various components used in the mines’ business processes (like copper) that can be turned into money.

Kelly McLintock.

It is no surprise that criminals are attracted to mines, especially in South Africa where crime pays. Mining security staff are involved in a literal war on crime 24 hours of every day. While every form of crime is to be found on mines, from petty theft to opportunistic attempts by the homeless to make a buck, the real fight is against organised syndicates that, in many cases, are better organised and equipped than the security contingent on the mines.

Kelly McLintock, Chairman of Blacklight Group, recalls a time when he was talking to a mine about the endless security risks they face. He looked up a hill using a handheld thermal viewer and saw a Zama Zama looking back at him through his own thermal viewer. (For those who do not know, Zama Zama’s are illegal miners). Some even have their own reconnaissance drones in operation.

A spin at the wheel

Looking at the security operations on mines, it is clear that these have evolved dramatically over the years in the endless pursuit of the ingenuity and ruthlessness of the organised crime gangs. McLintock says that security operations today cannot be the same as they were in the past. Mines need to take a risk management approach to address the full spectrum of risks they face. With the risk framework in place, better use can be made of the resources the mine has at its disposal, specifically using them where they add value and do not just cost money.

Most importantly, it should not be a case of using this year’s budget for the technology, or human security enhancements you planned for a year ago. Just as risk is adapting in real time, security operations must be designed in a way that adapts with the threats; what worked last year is not a good plan for the year ahead. Additionally, security leaders should not be doing an Oliver Twist and going to the mean executives with their empty budget bowl and asking “please sir, may I have some more.”

Using an example of a roulette wheel, security is too often a case of having only one ball in the wheel, which means you are ready for specific risks, but you will be caught with your pants down if any of the others happen. Mines need many balls in the wheel to be able to deal with multiple threats, and they need to be flexible enough to adapt when a different number comes up.

Of course, McLintock admits that this is easy to say, but for those in the trenches it is a very different story. The old adage of ‘security having to get it right all the time, every time, while criminals just have to get it right once’, applies.

Having more balls in the wheel means making the most of what you have while always looking ahead to what you don’t have and (perhaps more importantly) what you don’t expect. This applies to manpower and technology, specifically to the effective integration of different technologies and their subsequent integration with people.

A false alarm

There is no one solution against crime, but McLintock gave Smart Mining insight into one way (of many) to make the best of what is out there. The first was the growing efficacy of artificial intelligence (AI).

AI and its various disciplines, such as machine learning (ML), data science, neural networks and more, are very overhyped at the moment, but this detracts from the fact that it is already making a significant difference to security operations. He uses false alarms as an example.

False alarms that cause tactical teams to be sent out to see what is happening are an expensive waste of resources. Using the correct technology to detect and reject false alarms saves money in that your resources are used where they are actually needed. Many video management vendors are adding AI to their systems, but buyers should be aware of the difference between those who are doing it because it is expected to be part of the package, and those companies that offer a service specialising in false alarm detection that can integrate into existing management platforms.

He also advises security decision-makers to differentiate between video analytics and AI. This may seem counterintuitive, as almost all video analytics providers have suddenly got an AI sticker on their boxes. The difference is that AI learns and adapts without constant pampering, and the computing resources required for AI systems are declining instead of increasing. (The initial training of AI is resource intensive, but once trained to a certain level, the processing power required decreases slightly).

With effective AI systems in place, the need for expensive cameras is reduced and cheaper, ‘decent’ cameras can do the job just as well because of the AI in the back-end – as long as there is a good image to work from. This does not mean buying the cheapest available, but it does mean you do not need the most expensive. Of course, there are places where specialised cameras are required (such as thermals or very long-range cameras etc.).

Compounding risk

The risks mines face today are growing and compounding, almost like Moore’s Law, which held for decades. (Moore’s law says the number of transistors in an integrated circuit (IC) doubles about every two years.) All industries are at risk and need to prepare, and the risks we face go further than crime.

Key to this is integration. Integration has been a buzzword in security for many years, but it is more important than ever today, and not just in terms of technology. Effective risk-response scenarios require everything risk-related be integrated and managed as a whole, which will allow for the flexible and adaptable responses mentioned above (integration of technology, people and each other).

This includes service providers used on mines. McLintock says it is no use having the best service provider for each portion of your security operation (fencing, cameras, power, access control etc.) without the systems and people being integrated into a synergistic whole.

McLintock (also the chair of ASIS SA), recommends the ASIS ESRM (Enterprise Security Risk Management) approach to risk. ASIS defines ESRM as a “strategic security management tool of its kind, elevating the security function by establishing a partnership between security professionals and business leaders to manage security risks.”

“The objective of ESRM is to identify, evaluate, and mitigate the likelihood and/or impact of security risks to the organisation with priority given to protective activities that help enable the organisation to advance its overall mission. ESRM positions the security professional as a trusted advisor to help guide asset owners through the process of making security risk management decisions.” (A short article with further links is available from ASIS via the short link*asis1.)

Security today involves manpower and technology, but data and the information derived from it (or intelligence, including situational awareness intelligence) plays a much broader role than ever before. Using the ESRM principles, McLintock says that mines can build a risk framework that is fluid enough to adapt to changing circumstances and continually adapt mitigation strategies to match both old and new threats.

A last word from AI

Since Mclintock noted that AI is critical in future security operations, we end the article with ChatGPT’s answer to our request for a layman’s explanation of ESRM, specifically focused on physical security. The answer is printed below without alteration.

“ESRM stands for “Enterprise Security Risk Management” and is a comprehensive approach to identifying and mitigating risks across an organisation’s entire enterprise, including physical security.

In the physical security industry, ESRM involves a strategic approach to identifying and managing risks to an organisation’s assets, such as buildings, equipment, and people. Rather than solely relying on traditional security measures such as guards and access control systems, ESRM takes a more holistic approach by considering the entire enterprise and the potential risks that could impact it.

ESRM involves a five-step process:

1. Identify the assets that need to be protected and the risks they face.

2. Assess the likelihood and impact of those risks.

3. Develop a risk management plan.

4. Implement the plan, including the use of appropriate security measures.

5. Monitor and review the plan on an ongoing basis to ensure it remains effective.

By taking a comprehensive approach to risk management, ESRM can help organizations better protect their assets, reduce the likelihood of security breaches, and minimize the impact

of any incidents that do occur.”



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Stadium security with Panomera
Editor's Choice CCTV, Surveillance & Remote Monitoring Integrated Solutions Entertainment and Hospitality (Industry)
To be able to better identify and track perpetrators and thus reduce financial and non-material damage in a soccer stadium, the operator opted for a video security solution from Dallmeier.

Is AI the game-changer for streamlining anti-money laundering compliance?
Financial (Industry) Security Services & Risk Management
In the aftermath of South Africa's recent grey listing, companies are now confronted with the imperative to address eight identified strategic deficiencies, while simultaneously reducing their financial crime risk through anti-money laundering compliance processes.

What South Africans need to know about smart devices
Technews Publishing Editor's Choice
We live in a world surrounded by smart devices, from our pockets to our driveways and living rooms.

Client satisfaction boosted by 85% at Thungela Mine
Thorburn Security Solutions News Security Services & Risk Management Mining (Industry)
Thorburn Security, a division of Tsebo Solutions Group, has announced its recent collaboration with Kwa-Zulu Natal security company, Ithuba Protection Services, as part of its Enterprise Supplier Development (ESD) initiatives across Africa.

Migrating to the cloud? Beware the many hurdles
IT infrastructure Security Services & Risk Management
While there are undoubtedly many benefits, there are also numerous hurdles to cloud adoption. Some of the biggest challenges revolve around managing cloud spend, understanding the cost components of cloud infrastructure, and how those costs can scale.

Key strategies for businesses in the face of cyber threats
Cyber Security Security Services & Risk Management
Businesses face severe financial and reputational consequences due to data breaches and daily website hacks, and not all organisations are adequately prepared to combat these escalating threats.

From overwhelm to oversight
Editor's Choice Cyber Security Products
Security automation is vital in today’s world, and Microsoft Sentinel is a widely adopted, but complex answer. ContraForce is an easy-to-use add-on that automatically processes, verifies and warns of threats round-the-clock.

Synology enhances functions for advanced surveillance integration
Technews Publishing CCTV, Surveillance & Remote Monitoring IT infrastructure Products
With the capability to function as both an API client and server, Surveillance Station offers a versatile platform for integration, whether it's embedding video streams into other platforms or overlaying external data onto recorded video.

Planning for the worst is key to success
Technews Publishing Security Services & Risk Management
Planning for the worst is key to success when disaster strikes. Amidst frequent load shedding and often unpredictable stages of power outages, many businesses are concerned about the possibility of a total blackout.

Protecting South African systems through XDR cybersecurity
Cyber Security Security Services & Risk Management
Carlo Bolzonello, Country Lead for Trellix South Africa, discusses how the country can protect its valuable digital assets through the artificial intelligence-enabled Extended Detection and Response (XDR) cybersecurity approach.