FEATURE: How Susceptible is the Mining Industry to IT Security Risks?
The last few years has seen an influx in technological advances for the mining industry. Companies like Rio Tinto and BHP Billiton are leveraging innovative equipment such as autonomous vehicles and simulation technology to their advantage.
However, the one emerging problem no one is paying attention to is breach of information.
In 2013 Ernst & Young Global Limited conducted a Global Information Security Survey and found almost 41 percent of the mining and metals respondents experienced an increase in external threats over the past 12 months. Not to mention, 28 percent experienced an increase in internal vulnerabilities over the same period.
Cyber hacking and breach of information has become one of the biggest concerns to the mining and metals sector. The threat, believe it or not, is real.
"On a scale of one to 10, we saw examples at nine, and examples at one. SCADA [the protocol used by large-scale industrial control systems] is an example where a lot of organizations don't even understand that it's IT," said Mike Rothery, first assistant secretary in the National Security Resilience Policy Division of the Attorney-General's Department, and secretary to the government's Cyber Security Operations Board.
The industry, which boasts one of the largest cash flows on investments, has the least developed understandings of managing IT security risks – and it shows.
According to a recent report by ZDNet, discussion between the Australian government and the mining industry has exposed the sector as a spotty security landscape.
"I've certainly had some discussions with CIOs of utilities who show me their map of their IT environment, and all the controls they have ... and the background checking they do on people that work in the accounts area and the call centre and so forth, and then you say to them, 'There's nothing on here with your SCADA system. Where's your engineering side of it?' 'Oh that's not IT. That's the engineers. That's not a problem, because they're not interconnected’,” Rothery told the Gartner Security and Risk Management Summit in Sydney,
"When you go to see the chief engineer, he’ll say, well they used to not be interconnected, but when they took out all the analogue systems and they needed to put it on an IP-based system, we weren't going to put in a separate IP-based network. We just dumped it onto the corporate network. The CIO doesn't even know it's there'," Rothery said.
The use of automated equipment has placed companies at the mercy of unscrupulous cyber hackers looking for their next big cache of private information. Criminals understand the increasing dependence mining companies have on technology, and are actively looking for ways to threaten the denial of access to data, processes and equipment.
Although cyber criminals have yet to figure out a way to make money from hacking mining databases, the potential is there.
"The number of attacks on SCADA systems that everyone agrees have happened is probably in the 15 to 20 mark, compared to other forms of cybercrime and cyber espionage, it's minuscule, but it's just got this huge potential for the vulnerabilities."
Where there’s a will there’s a way, and cyber hackers are notorious for finding a way.
Look at Target for example. One of the biggest retail hacks in U.S. history wasn’t particularly inventive, nor did it appear destined for success, but it happened. The hack stole 40 million credit card numbers, 70 million addresses, phone numbers, and other pieces of personal information in the blink of an eye.
If there’s a message to be learned here it’s that mining companies need to start paying special attention to their data and how it’s protected. Just like their massive mining operations and infrastructures, companies need to build their IT systems in a similar fashion.
Are mining companies susceptible to security IT risk? In the words of Walter White, “You’re god---- right.”
Axora launches global challenge for digital technology
Axora is launching the world’s first international competition to discover new cost-saving digital technology for industrial companies, which can produce rapid benefits within a year.
The Metals & Mining and Oil & Gas sectors have recently experienced budget cuts of 20% on average, driven by a variety of factors including the global pandemic, slump in demand and price wars. The Axora Cost-Saving Technology Challenge aims to transform these industries by discovering innovative, digital solutions that reduce cost fast and pay for themselves, whilst achieving the same or improved productivity, health and safety and sustainability standards.
“While digital solutions can help to get work done quicker and more cost-effectively, they typically require a three-year ROI, and if there’s no flexibility in the budget, a full budget planning cycle is needed to get things moving”, said Dr. Nick Mayhew, Chief Commercial Officer, Axora.
“Yet, extra financial cost is often incurred in delaying digital projects, so customers have asked us to highlight solutions that can have an ‘in year payback’ whereby the cost spent on the solution and deployment will be more than recovered within the budget year - this accelerates the timeline and drives positive business impact, quickly.”
The Axora Cost-Saving Technology Challenge
Axora is keen to learn of any digital cost-saving innovation which: meets the 12-month payback timeframe; can be deployed in any part of the value chain including upstream, downstream or midstream oil and gas, metals processing or mining; and is ready for market. The Axora Cost-Saving Technology Challenge is open to entrepreneurs, start-ups, academics and sector leaders across the world. The competition will be judged by a panel of leading industry experts.
“We’re passionate about supporting our industries and customers through all forms of digital transformation and the cost-saving solutions we are searching for could also provide a lifeline to many mining and metals and oil and gas companies in the current economic climate,” added Dr. Mayhew.
Improving productivity, safety and sustainability
Up to ten finalists will be chosen to pitch their solutions at a digital pitch day later this year, after which Axora will validate the ROI models and vet the solutions. The winner will receive the ‘Axora Market Accelerator’ sales and marketing package worth £10,000. This includes a two-hour workshop, promotion through Axora’s thought leadership content and inclusion into its digital demand engines, providing the opportunity for the winning solution to benefit thousands of industrial companies. Entries are open until May 31. Full details of the competition including terms and conditions can be found here.
To learn more about the Axora B2B digital solutions marketplace read our feature in the latest issue of Mining Global magazine.