Mining companies vulnerable to cyberattacks
PERTH (miningweekly.com) – Amid a rising number of high profile corporate data breaches this year, cybersecurity software company ESET has warned that resource companies could face a similar threat unless they are well insulated.
ESET’s chief security evangelist Tony Anscombe told Mining Weekly Online this week that more technological advances and the drive towards automation within the mining sector, left companies open to greater security threats.
“We tend to think of a data breach being customer data. But if some cyber criminals get into a company and steal employee data, firstly, it’s laden with sensitive information on your employees, but also you’ve got intellectual property, certainly within the mining industry.”
Anscombe noted that operational technology (OT) could also be used as a gateway for malware or cyberattacks as the OT made use of cloud services.
“If you think about all the equipment in a mining environment, this is technology that’s connected, that’s being used to do production and extraction. Threats to those types of industrial control systems are just as real.
“If you work in an office environment, it’s easy to identify what’s connected. When you walk into a production environment, such as mining, I think that becomes far more challenging. If you have an impressive piece of machinery that may be provided by a third party or is maintained by a third party, are you aware whether the third party has remote access to do maintenance on that device? How is the maintenance done and how do they connect and what’s the policy and process around that?”
A survey earlier this year by Ernst & Young (EY) found that 71% of mining respondents had seen an increase in the number of disruptive attacks over the past 12 months and 55% of mining and metals executives were worried about their ability to manage a threat.
Quoting data by Cybersecurity Ventures, EY expected that global cybercrime costs would grow by 15% a year over the next five years, reaching $10.5-trillion annually by 2025, up from $3-trillion in 2015.
EY noted that threat actors have been targeting mining and metals companies more frequently, with a number of incidents reported over the last 18 months, including from Norsk Hydro and BlueScope Steel.
“The large number of connected devices across operating environments is also contributing to the growing threat. With increasing investment in digital, reliance on automation systems, remote monitoring of infrastructure for long-term cost efficiency and near real-time decision-making across the value chain, it is the norm for mining and metals companies to have thousands of OT devices connected across geographical environments,” EY said in a report.
“However, the increased connectivity of these devices, and by extension the increased attack surface, means that the physical security of remote mining and metals operations is no longer sufficient.
“Additionally, equipment and infrastructure that have traditionally been disconnected (e.g., autonomous drills, trucks and trains) are now integrated to provide greater control of operations. This combination of events, coupled with system complexity and third-party risks, has led to a further expansion of the “attack paths” that may be used in cyber incidents.”
EY stated that hackers would use a number of common weaknesses found within network architecture, legacy industrial technologies, basic access controls and security configurations, maintenance processes, remote staff and third-party access, and security awareness.
“As a result, the entire supply chain is now at risk, which is not limited to the potential of causing disruptions to operations, but worse, significant health and safety consequences (resulting from shutdown or overriding of fail-safe systems, physical failure of infrastructure, equipment operating outside of expected parameters, etcetera). If these risks are not being effectively identified, tracked and monitored, it is likely that the organization and its employees will be left significantly exposed,” EY said.
In its own ‘Tracking the Trends’ report this year, advisory firm Deloitte noted that while resource companies have begun to place more emphasis on the operations side of the business, there was still opportunities for improvement in the OT environment.
“Until there is equal focus on the front and back office, we’ll continue to see breaches,” said Delolitte global risk advisory and cyber leader for energy, resources and industrials Rene Waslo.
Anscombe said that the onset of Covid and the changing working environment it created, had resulted in a lot of companies taking a closer look at their cybersecurity, while large ransomware payments meant that the issue had also now become political.
“I think there were a number of positive things that came out of the pandemic, and cybersecurity is now a more important topic for business. I think cybersecurity is actually going through a transformation in the last two to three years, and it is very significant,” he added.