Cybersecurity is a significant issue that will be discussed with the mining sector’s growing reliance on technology.
Mining companies around the world have survived the COVID-19 pandemic relatively unscathed, far outperforming many other industries.
This year, two PwC reports – namely Mine 2020 and Aussie Mine 2020 – offer industry and financial analysis of the mining sector worldwide and in Australia. They emphasize mining’s strong position and resilience and the critical role it played in assisting communities and the wider economy during the novel coronavirus downturn.
Despite the fact that global growth is potentially expected to slow down, mining remains viewed as the bedrock of economic recovery.
Nevertheless, a potential flaw in mining’s facade — both locally and globally — could expose the industry to future shock: cybersecurity.
Mining and COVID-19
Despite the fact that operations were interrupted during COVID-19, including in Brazil, iron ore prices have risen. This has potentially limited the total impact on the sector. Mining businesses have strong finances and are mostly still in operation, albeit with increased precautions.
The mid-tier mining sector in Australia (the largest ASX mining firm with a market capitalisation of less than AU$5 billion as of 30 June 2020), or MT50, has maintained coherent levels of revenue and profit throughout the year.
In response to the pandemic, mining companies have adapted and evolved. Some improvements have occurred, such as remote workforce planning and increased use of automation. Many of these changes could become permanent. In an unstable environment, miners have concentrated their efforts on controlling what they can and it has served them well.
In order to build the mines of the future, they are progressively looking for smart mining innovations to optimize security, production, and decision-making. Even so, with such digitalisation comes a threat: when a device is connected to the internet, it can be attacked. Concerningly, at a time when mining businesses are becoming more susceptible to cyber attacks, the industry might not be showing as much concern as needed.
- Rockwell Automation releases DCS for plant operations
- Smart Technology Drives Promising Market Growth for Global Mining Automation
- Metso Outotec wins major order for travelling grate pelletizing technology in India
- Talon is part of a larger consortium of miners and firms called the Battery Materials and Technology Coalition (BMC)
- Operational and senior management depend on digital technology and software
- Motion Metrics Technology Used On More Than 80 Mine Sites
The Harsh Truth of the Situation
Mining companies may believe they are an unlikely victim of cyber attacks due to their physical nature. However, as reliance on autonomous and digital technology expands, so does the cybersecurity risk — and the implications can be fatal.
Only 12% of mining and metals CEOs were ‘greatly worried’ about cyber threats in this year’s PwC Global CEO Survey, compared to 33% of global leaders and 26-32 per cent in energy, utilities, and assets (excluding mining and metals). And it isn’t a one-time occurrence, with concern declining over the last three years despite a quadrupling of reported cyber breaches among mining companies.
The number of potential cybersecurity threats and attack vectors grows as technologies become more interrelated. These threats can have serious consequences, including production or revenue losses, environmental damage, regulatory penalties, reputational damage, constrained economic expansion, the catastrophic shutdown of vital infrastructure, and even death.
This has been exacerbated by the growing complexities and convergence of operational technology (OT) and information technology (IT). COVID-19 has transformed how the sector scales its operations, emphasizing the importance of creating an environment that promotes remote working and automation.
The industry is creating new entry points for cybercrime due to its increasing reliance on third parties and less secure corporate networks (roughly equivalent to isolated OT systems), as well as its severely restricted workforce and differing levels of COVID-19 constraints.
Such obstacles could have serious consequences. Hackers, for example, may gain access to a company’s network through a supplier with poor cybersecurity and end up directly limiting crucial mine safety systems, processing facilities, or heavy machinery.
Attacks on underground ventilation units, tailings ponds, dam monitoring systems, pipeline controls, or gas monitors, for example, could have serious consequences for worker and community safety.
Globally, the mining industry is one of the most common targets for malicious emails, which are used to gain a foothold before launching a cyber attack.
Furthermore, state-sponsored threats increased in 2020. In the fiscal year 2020, approximately 35% of total incidents impacted Australian critical infrastructure providers, with an estimated 70 cybersecurity incidents targeting the Australian mining and resources industry.
Because of the legacy nature of many OT systems, the cost of a cyber attack in mining can be even higher than in other industries. Remediating OT systems is difficult, not only because of limited maintenance windows but also because these systems are frequently no longer supported by vendors. Attempting to change legacy systems can often be far more dangerous.
There are immediate precautions that mining companies can take to protect themselves. They can enable MFA, audit privileged access management (PAM), patch holes, and collaborate with the Australian CyberSecurity Centre.
The Motherlode of CyberSecurity
Cybersecurity is as much about behaviour as technology, and the “safety vein” must begin at the top and work its way down to all other levels. In order to defend against increasingly sophisticated phishing and ransomware attacks, all organizations should have plans in place to prevent, respond to, and recoup from a possible threat.