4 minute read
Comment & Analysis
News Anaylsis
A global threat to mining giants: cyber security
Advertisement
Experts in the mining industry believe that lives might be at risk if the industry fails to address cyber security as a business priority and protect itself against increasingly sophisticated attacks.
The mining industry’s growing reliance on technology across its entire value chain makes cyber security an essential issue, one which was discussed at length at the recently held International Mining and Resources Conference (IMARC) at the Sydney International Convention Centre.
In the past, the sector has shown a surprising lack of concern. In PwC’s 2020 ‘Global CEO Survey’, only 12% of mining and metal CEOs indicated they were extremely concerned about cyber security threats, compared with 33% of global executives.
Rob Labbé, chairman of the Mining and Metals Information Sharing Analysis Centre at IMARC, believes that the industry has not yet identified cyber security as a significant business risk.
“It’s where safety was 20 years ago where it was largely seen as a technical problem, and you put up another guard rail and the issue was solved. Versus now when you will be hard pressed to find an operator where safety is not continuously discussed at the executive and board level,” he says.
According to Paul Kallenbach, head of MinterEllison’s Cyber Law and Data Protection practice, who was also attending IMARC, while the industry is evolving rapidly, there is still room for improvement, since – although most risks are now related to production, finances, and information – safety could emerge as the most significant concern in the future.
“The industry must be alive to cybersecurity threats. Increased ‘technologisation’ creates new entry points, which cyber criminals are increasingly exploiting to compromise production and supply chains, potentially jeopardising human safety. Indeed, according to a recent Gartner report, it is predicted that by 2025, cyber criminals will have effectively ‘weaponised’ IoT environments to harm humans,” he says.
Many worst-case scenarios involve automated heavy machinery, says Labbé.
“If we think about the types of systems that manage things like automated haulage trucks, you have got hollow trucks running around and you’ve seen the size of those. Maybe it does not stop before it gets to the
Toyota Hilux, which would be markedly uncomfortable for the people in the Hilux.
“Computers are going to do what they are told to do whether it is right or wrong and so the opportunity for that to be affected now is so much greater than it was in the past,” says Labbé.
“Unless we get ahead of this as an industry. It is only a matter of time before a cyber incident is the root cause of a significant safety or sustainability problem for somebody.”
One of the companies collaborating at IMARC on trends in mining, investments and innovation was Dataminr, which provides real-time perspective on cyber threats through artificial intelligence.
According to Nate Green, a cyber risk expert at the organisation with a background in the United States Intelligence Community, nefarious actors are being presented with an increasing number of opportunities for disruption of companies to gain financial or political benefit as the entire value chain becomes increasingly reliant on technology.
“Companies are increasingly outsourcing smaller parts of their business to a third party or vendor, and that provides a bigger attack surface, so if I am going after a mining company, I know that I can cause operational disruption by attacking the law firm that they use or a manufacturer that they source parts from,” he says.
“The heaviest sector that we see hit by ransomware far and away is manufacturing and that is not these massive Fortune 1000 manufacturing companies. It is, for example, the small manufacturing company in Perth that you’ve never heard of but might provide a critical component to a mining company. So, when you look at that downstream risk, it is often the thirdparty businesses in the supply chain that is your biggest attack surface and the biggest threat to operational continuity.” Labbé says these attacks are only getting more sophisticated.
“In 2019 at the last in-person IMARC, I would have told you only around 5% of attacks are from sophisticated actors. Now around 25% of the attacks are very targeted, very sophisticated actors versus the spam that we all get in our personal mailboxes, so that’s a material shift and it is largely because mining is drawing the interest of the state sponsored adversaries,” he says.
In Labbé’s opinion, events like IMARC offer the industry a unique opportunity to collaborate on solutions to constantly emerging problems.
“As an industry we need to start working together on this, both as a supplier community as well as an operating community, really encompassing the breadth of the industry. This is too big for any of us to do by ourselves. It does not matter if you are BHP or a small earlystage exploration company – we need to work together to do to solve these issues,” he says.
