How Vulnerable Are Mining Companies To Cyber Threats?

Even though Victoria Gold has no operations in Russia or Ukraine, the company warned in its yearly report last month that the military attack on Ukraine could result in “heightened cybersecurity interruptions and threats” in 2022.

Around the same period, Endeavour Mining identified cyber security as one of its primary risks and stated that companies are becoming “more susceptible to cyber threats” as they increasingly rely on digital technology.

“Although Endeavour invests strongly in monitoring, maintenance, and regular system upgrades, there remains a threat that we will be unable to avoid, detect, and react to cyber threats in a timely manner,” the company stated in its yearly report.

Half of the mining companies are not concerned about cyber threats

According to Ernst & Young’s Global Information Security Survey, approximately 55% of mining executives are concerned about their ability to manage a cyber threat with nearly 70% reporting an increase in the number of interruptive attacks in the previous year. Almost half of those polled said that industrial control systems were the most frequently targeted.

According to analysts, the consequences of these threats can vary widely – from company shares being shorted to workers’ lives being jeopardized when critical operating systems are breached. A threat can also be something as simple as an assay result being delayed.

For example, PJX Resources in British Columbia and Getchell Gold in Nevada both reported delays in obtaining assays in the last five months as the Bureau Veritas Laboratory in Nevada recovered from a cyber threat in November last year.

Nadine Miller, an engineer who has worked in mining for over twenty years and is now vice-president of project development at JDS Energy & Mining, observed that the industry had a history of being slow to adopt new technologies and was now lagging behind in cybersecurity.

“We’re always racing to be the first to be last in new technologies,” Miller told The Northern Miner, adding that mining companies don’t want to be the first to adopt any technology. “A few will do it,” she says, adding that they are usually larger corporations.

While the mining sector has done an excellent job of safeguarding its information technology systems – such as network infrastructures, file shares, or worker laptops and computers – Miller claims that operational technology – such as systems accountable for process plants, refineries, heating, or ventilation in underground mines – was not secure.

According to Bryan Tan, an Associate Partner in EY’s cybersecurity practice, ransomware – a form of malicious software that seeks to block access to a computer system until a sum of money is compensated – is one of the industry’s “key threats” right now.

“Many organizations put OT systems on the same network as IT systems,” he told The Northern Miner. “That spreads on the IT side, but since it can touch the OT systems, it can potentially influence those as well.” “From a business standpoint, your OT comes to a halt, which may lead to life-threatening issues,” he explained.

Related news

• A Look Into Mining Automation
• Cybersecurity: A global threat for mining companies after the Pandemic
• Smart Technology Drives Promising Market Growth for Global Mining Automation
• World’s First Hydrogen-Powered mining Haul Truck Could Contribute To A Cleaner Mining Industry
• Epiroc Agrees to Acquire Mining Automation Company RCT

Artificial intelligence (AI) technology

JDS and Miller are promoting an innovative technology based on artificial intelligence machine learning that they claim can detect abnormalities in industrial control systems to address OT-related issues.

According to Miller’s JDS colleague Joe Weiss, a global expert on industrial control systems, mining companies rely on sensors to run their operations. When connected to the internet – a network, Bluetooth access via mobile devices, or merely a handheld calibration unit – these can be hacked and provide faulty signals which can overheat or cool systems and harm them.

“The JDS technology can tell you if the sensors are not performing as expected or if they are inoperable,” Weiss explains. “The sensors are the input to every action you take… technology ensures that the input to the brain is coming from the sensors and that we understand how effective the sensors are.”

Miller and Weiss used the Taum Sauk Hydroelectric Power Station in the United States to illustrate the role that sensors play. The Taum Sauk Hydroelectric Power Station overtopped in 2005 when water proceeded to be pumped from the lower reservoir even after the upper reservoir was full. While no deaths were disclosed during the non cyber threat event, the flood destroyed many structures in a park.

You might be interested in

The attachments carrying the sensors at the Taum Sauk dam failed, according to Weiss. Despite the fact that they were separated from the wall and ended up in a different location, they continued to work. “They inadvertently told the system the level was low,” Weiss explained. As a result, the pumps were directed to replenish the reservoir. The JDS technology would have detected the change in level and instructed the operator to investigate the issue, which is what distinguishes the tool, he added.

Miller stated that the technology was installed in a refinery project this year (the name of the company was not disclosed). She claims that, in addition to providing protection against hacking, it also assisted in detecting operational anomalies once the AI/ML went live.

“While the AI was learning their system, one of their engineers discovered that one of the circuit’s controllers was not working.” We weren’t keeping an eye on the controllers. But he realized there was a problem with the controllers because the AI/ML was learning and flagging anomalies in the data,” Miller explained.