Technology & equipment
Before a deadly 2010 explosion at a West Virginia mine, staff had repeatedly complained about problems with the ventilation – vital for diluting explosive methane gas out of the facility.
Beyond patching
What are operators doing to combat these varied threats? Perhaps unsurprisingly in an industry that’s relatively new to the cybersecurity game, many are still relying on external partners. As Dow recalls one insider saying: “We are in the business of breaking rocks, not securing networks.” In practice, explains Berman, these collaborations start with a careful understanding of how a client uses digitalisation – and where gaps in their armour might be. “First,” he says, “we measure cyber risk through a dual lens of exposure and exploitability. Then, we enable organisations to drastically reduce their attack surface by providing remediation options that go beyond patching.”
Berman lays out a number of ways to achieve these aims. One technique is developing sophisticated security processes across IT/OT networks, ensuring staff know how to deal with a cyber intruder, whether they’re in a back office or at the coalface. Another is to simulate malware attacks, helping IT teams understand precisely how a would-be hacker might behave. And if the worst ever did happen, any cyber company worth its salt will also have strong mitigation policies in place. The point, at any rate, is to develop what Dow calls a “multipronged” approach – and just as well. For if companies like Skybox are constantly tinkering with processes or testing out attack vectors, their criminal rivals are too. The numbers speak for themselves: across cyberspace, a hacker strikes every 39 seconds, while 560,000 new pieces of malware are detected each day. As Dow puts it, these vast forces constitute a never-ending “active campaign” against global mining.
Not that experts simply have to guess what’s round the corner. On the contrary, mining’s cyber defenders have a number of ways to predict how their enemies might act. The Cybersecurity and Infrastructure Security Agency (CISA), for instance, is a wing of the US government that provides cybersecurity professionals with information about what gangs may be planning. Private sector operators offer similar services, sometimes even providing reports of specific servers or IP addresses to look out for. That dovetails, Berman adds, with robust training. “Training and skills development is critical because, ultimately, cybersecurity is a people problem – and humans are the key target for cyberattacks.” There’s some evidence that mining concerns are taking that last point to heart. Anglo American is now providing bespoke cybersecurity apprenticeships, while BHP has integrated cybersecurity rules into its code of conduct.
World Mining Frontiers /
www.nsenergybusiness.com The rise of ransomware attacks
Ransomware attacks, in which hackers freeze a target’s computer systems, steal data and threaten to destroy or publicise it if they aren’t paid, have accelerated in recent years, paralysing hospitals, schools, businesses and more. First gaining public attention with the WannaCry outbreak in 2017, the Covid-19 pandemic contributed greatly to the ongoing surge in ransomware attacks. As organisations rapidly pivoted to remote work, gaps were created in their cyber defences, which bad actors have been swift to exploit. For the mining industry, the most notable example in recent years came from
the Weir Group’s announcement on October 7 2021, regarding the attempted ransomware attack on their systems earlier that September. The attack forced the company to shut down some of its operations, impacting its third-quarter profit to the tune of millions of pounds. In the Weir’s official statement, the company said that there was no evidence that any personal or other sensitive data had been compromised or encrypted. “We responded quickly and comprehensively to what was a sophisticated external attack on our business,” said Jon Stanton, chief executive officer of Weir Group. “The robust action to protect our infrastructure and data has led to significant temporary disruption but our teams have responded magnificently to this challenge and have managed to minimise the impact on our customers.” Weir said it had taken a number of measures following the attack, such as isolating and shutting down IT systems, including engineering applications. While the company worked to restore those applications as quickly as possible, the resulting disruptions resulted in “revenue deferrals and overhead under- recoveries”, according to its press statement. The consequences of operational disruption and associated inefficiencies were expected to continue into the fourth quarter of 2021, further impacting the company’s finances.
Bad days ahead?
From gas to the grain trade, Russia’s invasion of Ukraine has upended countless global industries. And though it’s receiving less scrutiny in the media, mining is in a similar boat. That’s true in terms of fluctuating commodity prices, of course, but also in terms of the threats the sector is facing. With the West and Moscow increasingly engaged in a form of economic warfare, experts like Dow are increasingly concerned that mines could be the victims of foreign hacks. “With the sanctions against Russia,” Dow says, “there’s a heightened concern that, because many mining companies are fairly critical to the economy, they may be targeted to cause disruptions.” Despite these fears, however, Dow is fundamentally optimistic for the future of mining cybersecurity. Though he concedes that some “bad days” are unavoidable, he says that the proliferation of new technology across mining means operators are under ever more pressure to take their digital obligations seriously. That’s doubly true, he continues, given investors now see cyber as an absolute priority. This, he suggests, will “raise the tides of apathetic companies”. Berman makes a similar point, arguing that as the industry gathers more and more information through data analytics, “preventative maintenance” of vulnerabilities will gradually improve too. Given what the industry’s doing, he has a point, with Rio Tinto just one of the giants developing comprehensive cybersecurity requirements for in-house staff and external suppliers alike. Bad days or not, the industry is clearly aware that change is in the air – for the sake of servers and miners alike. ●
2.4TB
The amount of data generated by Rio Tinto’s iron ore business every minute.
Rio Tinto $9.3bn
The predicted value of digitalisation in the mining industry by 2030.
ABI Research 21
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45
