printer friendly version

AI, risk management, and frameworks

Famous bank robber in the 1930s and 40s, Willie Sutton, is believed to have said that he robbed banks because ‘that’s where the money is’. When it comes to mines, that’s also where the money is in the form of cash and the actual goods mined, but also in terms of equipment, supplies (like explosives) and various components used in the mines’ business processes (like copper) that can be turned into money.

Kelly McLintock.

It is no surprise that criminals are attracted to mines, especially in South Africa where crime pays. Mining security staff are involved in a literal war on crime 24 hours of every day. While every form of crime is to be found on mines, from petty theft to opportunistic attempts by the homeless to make a buck, the real fight is against organised syndicates that, in many cases, are better organised and equipped than the security contingent on the mines.

Kelly McLintock, Chairman of Blacklight Group, recalls a time when he was talking to a mine about the endless security risks they face. He looked up a hill using a handheld thermal viewer and saw a Zama Zama looking back at him through his own thermal viewer. (For those who do not know, Zama Zama’s are illegal miners). Some even have their own reconnaissance drones in operation.

A spin at the wheel

Looking at the security operations on mines, it is clear that these have evolved dramatically over the years in the endless pursuit of the ingenuity and ruthlessness of the organised crime gangs. McLintock says that security operations today cannot be the same as they were in the past. Mines need to take a risk management approach to address the full spectrum of risks they face. With the risk framework in place, better use can be made of the resources the mine has at its disposal, specifically using them where they add value and do not just cost money.

Most importantly, it should not be a case of using this year’s budget for the technology, or human security enhancements you planned for a year ago. Just as risk is adapting in real time, security operations must be designed in a way that adapts with the threats; what worked last year is not a good plan for the year ahead. Additionally, security leaders should not be doing an Oliver Twist and going to the mean executives with their empty budget bowl and asking “please sir, may I have some more.”

Using an example of a roulette wheel, security is too often a case of having only one ball in the wheel, which means you are ready for specific risks, but you will be caught with your pants down if any of the others happen. Mines need many balls in the wheel to be able to deal with multiple threats, and they need to be flexible enough to adapt when a different number comes up.

Of course, McLintock admits that this is easy to say, but for those in the trenches it is a very different story. The old adage of ‘security having to get it right all the time, every time, while criminals just have to get it right once’, applies.

Having more balls in the wheel means making the most of what you have while always looking ahead to what you don’t have and (perhaps more importantly) what you don’t expect. This applies to manpower and technology, specifically to the effective integration of different technologies and their subsequent integration with people.

A false alarm

There is no one solution against crime, but McLintock gave Smart Mining insight into one way (of many) to make the best of what is out there. The first was the growing efficacy of artificial intelligence (AI).

AI and its various disciplines, such as machine learning (ML), data science, neural networks and more, are very overhyped at the moment, but this detracts from the fact that it is already making a significant difference to security operations. He uses false alarms as an example.

False alarms that cause tactical teams to be sent out to see what is happening are an expensive waste of resources. Using the correct technology to detect and reject false alarms saves money in that your resources are used where they are actually needed. Many video management vendors are adding AI to their systems, but buyers should be aware of the difference between those who are doing it because it is expected to be part of the package, and those companies that offer a service specialising in false alarm detection that can integrate into existing management platforms.

He also advises security decision-makers to differentiate between video analytics and AI. This may seem counterintuitive, as almost all video analytics providers have suddenly got an AI sticker on their boxes. The difference is that AI learns and adapts without constant pampering, and the computing resources required for AI systems are declining instead of increasing. (The initial training of AI is resource intensive, but once trained to a certain level, the processing power required decreases slightly).

With effective AI systems in place, the need for expensive cameras is reduced and cheaper, ‘decent’ cameras can do the job just as well because of the AI in the back-end – as long as there is a good image to work from. This does not mean buying the cheapest available, but it does mean you do not need the most expensive. Of course, there are places where specialised cameras are required (such as thermals or very long-range cameras etc.).

Compounding risk

The risks mines face today are growing and compounding, almost like Moore’s Law, which held for decades. (Moore’s law says the number of transistors in an integrated circuit (IC) doubles about every two years.) All industries are at risk and need to prepare, and the risks we face go further than crime.

Key to this is integration. Integration has been a buzzword in security for many years, but it is more important than ever today, and not just in terms of technology. Effective risk-response scenarios require everything risk-related be integrated and managed as a whole, which will allow for the flexible and adaptable responses mentioned above (integration of technology, people and each other).

This includes service providers used on mines. McLintock says it is no use having the best service provider for each portion of your security operation (fencing, cameras, power, access control etc.) without the systems and people being integrated into a synergistic whole.

McLintock (also the chair of ASIS SA), recommends the ASIS ESRM (Enterprise Security Risk Management) approach to risk. ASIS defines ESRM as a “strategic security management tool of its kind, elevating the security function by establishing a partnership between security professionals and business leaders to manage security risks.”

“The objective of ESRM is to identify, evaluate, and mitigate the likelihood and/or impact of security risks to the organisation with priority given to protective activities that help enable the organisation to advance its overall mission. ESRM positions the security professional as a trusted advisor to help guide asset owners through the process of making security risk management decisions.” (A short article with further links is available from ASIS via the short link www.securitysa.com/*asis1.)

Security today involves manpower and technology, but data and the information derived from it (or intelligence, including situational awareness intelligence) plays a much broader role than ever before. Using the ESRM principles, McLintock says that mines can build a risk framework that is fluid enough to adapt to changing circumstances and continually adapt mitigation strategies to match both old and new threats.

A last word from AI

Since Mclintock noted that AI is critical in future security operations, we end the article with ChatGPT’s answer to our request for a layman’s explanation of ESRM, specifically focused on physical security. The answer is printed below without alteration.

“ESRM stands for “Enterprise Security Risk Management” and is a comprehensive approach to identifying and mitigating risks across an organisation’s entire enterprise, including physical security.

In the physical security industry, ESRM involves a strategic approach to identifying and managing risks to an organisation’s assets, such as buildings, equipment, and people. Rather than solely relying on traditional security measures such as guards and access control systems, ESRM takes a more holistic approach by considering the entire enterprise and the potential risks that could impact it.

ESRM involves a five-step process:

1. Identify the assets that need to be protected and the risks they face.

2. Assess the likelihood and impact of those risks.

3. Develop a risk management plan.

4. Implement the plan, including the use of appropriate security measures.

5. Monitor and review the plan on an ongoing basis to ensure it remains effective.

By taking a comprehensive approach to risk management, ESRM can help organizations better protect their assets, reduce the likelihood of security breaches, and minimize the impact

of any incidents that do occur.”

(Source: https://chat.openai.com/)

Share this article:

Further reading: