Miners are years behind when it comes to cybersecurity protection, says consultant
Link copied to
Mining companies are stragglers when it comes to cybersecurity, which is tipped to cost business globally around $US6 trillion ($7.8 trillion) by 2021 – double what it was in 2015.
“We’re seeing the mining sector being maybe three or four years behind the energy sector in how it responds and protects that operational technology,” said Mike Rundus, EY global mining & metals cybersecurity leader.
Mining is witnessing a rapid increase in the number of cyber threats, with more than half the energy and resources companies surveyed by EY admitting to experiencing a “significant cybersecurity” incident in the past year.
“We’ve seen mining companies significantly invest in autonomous mining – be it autonomous rail, autonomous haulage, autonomous drilling,” Mr Rundus said.
“We’ve also seen a significant amount of data coming out of sensors and mining plants and that data being used for predictive maintenance and predictive analytics.”
While things like autonomous haulage have led to productivity increases of as much as 20 per cent, it has also made miners a target for cybercriminals.
“As we’re seeing productivity and digital enhanced, we’re seeing a greater footprint. That equals a greater threat profile for our operational systems,” Mr Rundus explained.
Ninety-seven per cent of the companies surveyed by EY say their cybersecurity function does not fully meet their organization’s needs.
Forty-eight per cent believe it is unlikely their organisation would be able to detect a sophisticated cyber attack.
This could be costly for mining companies.
“There is potential for cyber risk to be the downfall of a mining and metals organization’s productivity gains and digital advancement aspirations,” Mr Rundas said.
Evil software crippling networks
The problem is that miners rely on operational technology (OT) networks, which have a much lower level of cybersecurity or “cyber maturity” than a corporate network.
Modern OT networks are highly connected and increasingly leverage infrastructure, protocols and operating systems that are also common within enterprise IT, according to EY.
Malware is also evolving to target OT networks.
Malware, which is short for malicious software, is hostile or intrusive software including harmful computer viruses, worms, Trojan horses, ransomware, spyware, adware and scareware.
In December 2015, Ukraine’s power grid was crippled by a cyber attack that used malware and targeted OT and industrial control systems.
While 53 per cent of companies surveyed said they had increased their spend on cybersecurity in the last 12 months, it isn’t enough to effectively manage risk, according to EY.
EY says a step-change in the culture and awareness of the cyber risk within the mining and metals sector is needed to resolve the gaping hole that the “human factor” exposes to cyber resilience and preparedness.
The first step, according to EY, is for companies to understand the cyber threat landscape and implement a clear plan that forms part of their digital road map and risk management plan.