BHP Billiton to create big Aussie infosec unit

BHP Billiton is set to house a major cyber security capability in Melbourne as part of its plan to double the size of its permanent IT workforce globally.

The mining giant – which revealed the major IT expansion last month – will recruit at least nine security architecture and cyber security professionals, mostly to be based in Victoria.

It is also placing some resources for the same capability at its operations in Singapore and Houston.

At least six of the Australian roles sit in a ‘technology and cyber security unit’ within the company’s broader security governance, risk and compliance (SGRC) group.

BHP Billiton will employ two “cyber incident response” specialists to “proactively detect and respond to incidents, conduct post-mortems, and drive change across the IT and OT [operational technology] landscape".

“This role will be responsible for defending against technology security incidents, as well as identifying, analysing, communicating, and containing these incidents when they do occur,” the company said.

“Additionally, this role will be responsible for developing standards and processes to uncover, resist, and recover from security incidents.”

A further three “forensics and investigation specialists” will be brought on to “mitigate vulnerability and conduct information and cyber security investigations” and to “protect BHP Billiton's assets across all locations (including remote offices)”.

A manager of assurance and testing will also be recruited, accountable for patch analysis, code review, threat modelling and “establishing and maintaining collaborative working relationships with law enforcement and federal intelligence agencies (e.g. ASIO, Interpol, NSA, etc)".

The company also plans to employ a critical incident response team (CIRT) global lead in Melbourne, and CIRT resources in other parts of the world.

The CIRT will “investigate all alerts, errors, intrusions, malware and the like to identify who was responsible, revise existing security systems and put forward recommendations and implement improvements to prevent the incident from occurring in the future.”

Outside of the specific cyber security domain – but remaining in SGRC – BHP Billiton is also bolstering its enterprise security architecture resources.

The global lead for the enterprise security architecture team can be based out of Perth or Melbourne. They will provide “the overall direction and leadership for all technology security architecture and design activities within BHP".

In addition, the miner said it expects to hire principal security architects in “multiple locations … for the design, documentation, implementation, and support of security architecture and infrastructure products".

VR, drones, and automation

BHP Billiton’s plan to double its permanent IT workforce covers more than just security.

The company is also bringing new staff on board for projects spanning automation, IT-OT, and the industrial internet of things (IIoT).

It also appears the miner will fold existing radiofrequency and networking functions into its new Technology organisation, set up as part of a restructure a year ago.

The miner is using the Technology organisation as a vehicle to “raise standards, and improve productivity, safety and environmental impact".

“We will be first to embrace new technologies such as VR [virtual reality], drones, automation and everything in between to lead our industry globally,” the company said.

The company hasn’t specified where else it plans to introduce automation, which is already in use at BHP Billiton and by rivals like Rio Tinto.

Outside of mining, Woodside Energy is leading the technology charge in the oil & gas sector with investments in data science, cognitive computing, and humanoid robotics.