The safety of workers in mining could be at risk if the industry does not prioritise cyber security as a business priority and safeguard against increasingly sophisticated attacks, experts in the field say.
Speaking ahead of the International Mining and Resources Conference (IMARC) in Sydney next week at which Mining.com.au is a media partner, IMARC speaker and Chairman of the Mining and Metals Information Sharing Analysis Centre Rob Labbé, says despite a raft of breaches in recent times, the industry is yet to identify cyber security as a key business risk.
“It’s where safety was 20 years ago where it was largely seen as a technical problem, and you put up another guard rail and the issue was solved. Versus now when you’ll be hard pressed to find an operator where safety is not continuously discussed at the executive and board level,” he said.
Labbé notes that in 2019 at the last in-person IMARC, it was said that only about 5% of attacks have been from sophisticated actors.
“Now around 25% of the attacks are very targeted, very sophisticated actors versus the spam that we all get in our personal mailboxes, so that’s a material shift and it’s largely because mining is drawing the interest of the state sponsored adversaries.”
Complacency over concern
While the sector is starting to recognise this and address the issues of cyber safety, there has been widespread complacency and a surprising widespread lack of concern in the past.
According to PwC’s 2020 ‘Global CEO Survey’, only 12% of surveyed mining and metal CEOs said they were ‘extremely concerned’ about cyber security threats, as compared with 33% of leaders globally.
During IMARC next week the sector’s growing reliance on technology across the entire value chain and cyber security will be a key issue discussed.
Addressing the issue, cyber risk expert Nate Green, who has a background in the United States Intelligence Community, says as the entire value chain’s reliance on technology grows, nefarious actors are being presented with an increasing number of opportunities to disrupt companies for financial gain.
Green notes: “Companies are increasingly outsourcing smaller parts of their business to a third party or vendor, and that provides a bigger attack surface, so if I am going after a mining company, I know that I can cause operational disruption by attacking the law firm that they use or a manufacturer that they source parts from.
“So when you look at that downstream risk, it’s often the third party businesses in the supply chain that is your biggest attack surface and the biggest threat to operational continuity”
The heaviest sector that we see hit by ransomware far and away is manufacturing and that is not these massive Fortune 1000 manufacturing companies. It is, for example, the small manufacturing company in Perth that you’ve never heard of but might provide a critical component to a mining company. So when you look at that downstream risk, it’s often the third party businesses in the supply chain that is your biggest attack surface and the biggest threat to operational continuity.”
Head of MinterEllison’s Cyber Law and Data Protection practice Paul Kallenbach, who is also participating in IMARC, says this is changing rapidly but more needs to be done, as while the risks are currently largely surrounding production, finances, and information – safety could soon be the biggest concern.
Jeopardising human safety
Kallenbach adds: “The industry must be alive to cybersecurity threats. Increased ‘technologisation’ creates new entry points, which cyber criminals are increasingly exploiting to compromise production and supply chains, potentially jeopardising human safety. Indeed, according to a recent Gartner report, it is predicted that by 2025, cyber criminals will have effectively ‘weaponised’ IoT environments to harm humans.”
Labbé agrees, adding many-worst case scenarios involve automated heavy machinery such as automated haulage trucks.
Among the companies collaborating on trends in mining, investment, and innovation towards a sustainable future at IMARC is Dataminr, which works to provide comprehensive real time perspectives on cyber threats, through AI based alerting systems.
IMARC is Australia’s largest mining event, bringing together more than 7,500 decision-makers, mining leaders, policy makers, investors, commodity buyers, technical experts, innovators, and educators from more than 100 countries for 3 days of learning, deal-making and unparalleled networking. It is developed in collaboration with its founding partners the Victorian State Government of Australia, Austmine, the Australasian Institute of Mining and Metallurgy (AusIMM) and Mines and Money.
Mining.com.au is an official media partner of IMARC.
Write to Adam Orlando at Mining.com.au
Images: iStock & IMARC