While cybersecurity is today considered a major threat to all industrial companies, a recent report out of Australia has concluded it will take a catastrophic event for it to be taken seriously in the mining industry.
Through interviews, survey and analysis of Australia’s largest mining and service companies, including BHP, Rio Tinto, South32, and Anglo American, the ‘State of Play: Cyber Security Report’, from researchers at State of Play, has uncovered that 98% of top-level executives think a catastrophic event is required to drive an industry response to cybersecurity in mining.
This is despite State of Play Chairman and Co-founder, Graeme Stanway, saying the risk of cybersecurity failures in mining could be severe.
“In an increasingly automated and interconnected world, the risk of rogue systems and equipment is growing rapidly,” he says.
“If someone hacks into a mining system, they can potentially take remote control of operational equipment. That’s the level of risk that we are facing.”
Global Head of Cybersecurity at BHP, Thomas Leen, agreed and said the mining industry is up against archaic processes when it comes to evolving on the cybersecurity front.
“Mining as an industry has a low level of cybersecurity maturity, mainly due to legacy environments that lack basic capabilities,” he says.
The report went on to find that the second most likely driver to instigate change, after a catastrophic event, will be government led initiatives and responses.
Michelle Price, CEO of independent, not-for-profit organisation, AustCyber, believes public-private partnership is the key to driving change in the way the mining industry approaches cybersecurity.
“AustCyber has collaborated with METS Ignited and State of Play to conduct this survey as we see the potential to improve cybersecurity across the mining environment,” she says.
“There are several challenges specific to the mining sector as documented in the Australian Cyber Security Industry Roadmap, developed in conjunction with CSIRO – such as operational technology, connected equipment and sensors, availability of data, anomaly detection and the volatility of markets.
“There are plenty of growth opportunities – especially when the sector collaborates with organisations like AustCyber to have a coordinated voice on the kind of support it needs to push forward cyber resilience.”
South32 Head of Cybersecurity, Clayton Brazil, sees this collaboration as a strength of cybersecurity in the mining industry. “Cybersecurity is incredibly collaborative in mining, we know it’s a critical industry for our nation and we all want to be safer,” he says.
Brazil sees a strong cybersecurity capability as a strategic opportunity for South32. “Done properly, cybersecurity can be a competitive advantage for us,” he said.
Interestingly, when asked what is the most likely motivation for cyber attacks, 50% of responses identified extortion and theft as the most likely cause, followed by competition with 21% and politics with 19%.
METS Ignited CEO, Adrian Beer, says industry growth and sustainability will come from collaboration and the implementation of standards. “Mining operations are still made up of legacy closed systems that have customised integrations between them,” he says.
“However, the modern technology vendor community is trying to overcome these systems with new models; building collaboration and trust between mining and the technology sector will create a secure sustainable future.”
Beer also believes standards have a two-prong role to play. “There is clearly a need for both a strong set of standards to define what good looks like in terms of cybersecurity more broadly, and a set of industry standards to ensure that the specific needs are met to deliver those secure outcomes.”