Cybersecurity is a dangerous blind spot for the mining industry \u2013 but it shouldn\u2019t take a catastrophic event for businesses to start taking this threat seriously.<\/p>\n\n\n\n
Report after report has found that the mining industry is failing to grasp the seriousness of cybersecurity attacks. PricewaterhouseCoopers\u2019 Mine 2020: Rocky but Resilient<\/em> <\/a>report, for instance, found that the percentage of mining and metals CEOs who are extremely concerned about cyber threats has actually gone down in recent years, from 21 per cent in 2018 to 12 per cent in 2020 \u2013 despite a four-fold increase in the number of reported cyber breaches among mining companies over a similar period.<\/p>\n\n\n\n In 2019, State of Play\u2019s Cybersecurity report<\/em><\/a> analysed Australia\u2019s largest mining companies, including BHP, Rio Tinto, South32 and Anglo American, and found that 98 per cent of top-level executives believed it would take a catastrophic event to drive an industry-wide response to cybersecurity.<\/p>\n\n\n\n Cryptoloc founder and chairman Jamie Wilson says the stakes are high when it comes to cybersecurity and the mining industry. In today\u2019s increasingly automated and interconnected world, a successful attack could put mining operations, equipment and data at risk \u2013 and it could threaten people\u2019s lives.<\/p>\n\n\n\n \u201cIf someone hacks into a mining system, then they can take control of that system and its operations remotely,\u201d he warns. \u201cSo if you\u2019ve got autonomous vehicles running around, they could take control of those vehicles. You don\u2019t want trucks on a mine site crashing into each other, into equipment, or into human beings.<\/p>\n\n\n\n \u201cAnd that\u2019s just the tip of the iceberg \u2013 what if you\u2019ve got people underground, and a bad actor shuts off their air supply?\u201d<\/p>\n\n\n\n Wilson notes that cyber espionage is another major concern for mining organisations that are \u201crich in data and information\u201d, all of which could be leveraged by cyber attackers. In 2011, for instance, BHP was targeted by attackers<\/a> seeking to gain access to market pricing for key commodities.<\/p>\n\n\n\n Phishing attacks, usually in the form of malware attached or linked to in an email, are increasingly common in the mining industry. A Symantec internet security threat report<\/a> found that more than 38 per cent of the users in the mining industry had been hit by a malicious email, a higher percentage than any other industry.<\/p>\n\n\n\n This is no idle threat, either \u2013 Canadian mining company Goldcorp lost over 14 gigabytes of corporate data<\/a> in a 2016 attack; a cyber attack on a German steel mill caused \u201cmassive damage\u201d to a blast furnace<\/a> in 2014; and Norsk Hydro, one of the world\u2019s largest aluminium companies, was dealt up to $70 million in damage<\/a> after opening an email infected with ransomware in 2018.<\/p>\n\n\n\nWhat can go wrong?<\/h3>\n\n\n\n
Why is the mining industry vulnerable?<\/h3>\n\n\n\n