As the mining industry briskly moves towards the Internet of Things and digital automation in order to boost productivity and efficiency, it has inadvertently opened itself up to a new kind of threat – cyber attacks.
Not only can such malicious attacks result in the loss of millions of rands and considerable downtime but it can also compromise safety. GERARD PETER spoke to cyber security specialist, MIKE BERGEN of GECI International about the effect of cybercrime on the mining industry.
Bergen is Regional Director: Middle East and Africa for GECI International, a specialist in technology consulting and digital transition, supporting its clients in all stages of their digital transformation projects, including cybersecurity.
Working with experts from the Israeli Defense Forces, the company has a range of software to neutralise and combat cyber threats.
According to Bergen, the mining industry has been relatively slow to cotton on to the digital age, however, nowadays many companies are using automated vehicles, drilling and blasting, making them susceptible to cyber attacks.
“As pointed out in an article in miningreview.com, entitled How quickly could a cyber attack take down critical infrastructure?, some operational technology (OT) systems are decades old, designed in a pre-cyber risk era, and are vulnerable to malware and other cyber threats.
"The very connectedness that enables ‘smarter’ operations also expands the organisation’s risk profile, making systems that worked historically suddenly interconnected and highly vulnerable devices that can be compromised remotely," he explains.
He lists four principle reasons for criminals wanting to attack mining operations: Ransom, Identity theft, IP theft and sabotage.
Furthermore, the fact that IT and operational technology (OT) seem to operate in silos also makes mining companies vulnerable.
Already, there have been recorded crippling attacks on global mining outfits.
“According to a 2018 Ernest & Young Global Information Security Survey identified 54% of mining companies had experienced a “significant” cyber incident in the past 12 months.
“Earlier this year, one of the world’s largest platinum producers, Norsk Hydro, was hit by a cyber attack that cost around $40 million in damages, which it is still counting,” Bergen recites.
“This attack was launched through an employee clicking on an email triggering LockerGoga, a relatively new strain of so-called ransomware, which encrypts computer files and demands payment to unlock them.
"The attack then spread throughout all their international operations centres and the company virtually had to shut down all of its computer operations on a global scale and resort to manual operations in about 50 countries,” Bergen relates.
Another recent attack, Bergen points out is that of a ransomware attack on Swiss-Belgium mining company, Nyrstar. According to reports, malware attacked the company’s email database and some of the servers meant for administrative work.
Highly sophisticated attacks
The intelligence of a cyber criminal should never be underestimated, says Bergen. He explains that attacks are planned and prepared over weeks or months in advance while these criminals research their entries into and targets within the target network vulnerabilities and deposit their malware undetected.
Most companies are completely unaware that they have cyber vulnerabilities or even that they are already infected by malware in readiness for the attack at the chosen date and time.
“In fact, many cyber attacks find their origins in a simple email,” he adds.
“Criminals use phishing to plant a virus or malware in a company’s IT system. These are then ready be triggered when an employee opens an email, wreaking havoc.”
That said, despite companies knowing about cyber attacks in the public space, Bergen believes that the mining sector needs to do more to protect itself.
“Cyber crime is a sophisticated and lucrative business, but mines have tended to lag in terms of cyber security.”
In order to elaborate his point, Bergen points to the fact that the South African banking sector loses R2.2 billion a year to cyber crime.
Also, although most companies have anti-virus or anti-malware software installed, Bergen argues these precautions only detect known and registered malware based on “threat signatures”.
However, many attacks today are caused by unknown and/or more recently developed or modified and unregistered malware that is undetectable by common anti-virus/malware solutions.
So, which aspects of mining operations are particularly susceptible to cyber attacks?
Bergen adds: “Any sensitive equipment connected to the internet is at risk. Take for example, self-driving trucks. If a cyber criminal takes control of one or more of such vehicles, they could cause severe damage as well as endanger lives.
“Also, today mines are using IT to monitor tailings dams. Can you imagine if a criminal gets hold of this system? Meanwhile, underground operations are using automated drilling and blasting – if such equipment is compromised, the damage would be considerable.”
And while it is often difficult to keep cyber criminals in check, Bergen positively believes that there are measures that can be taken to thwart such malicious acts.
“For example, at GECI we have a solution called Cyber-X – a key OT product that protects industrial equipment and plants from attacks. Another product is BitDam which protects enterprise communications such as emails and chats from advanced content-borne threats, preventing known and unknown cyber attacks,” he concludes.