printer friendly version

Cybersecurity in mining

One does not usually associate mining with cybersecurity, but as big technology users (including some legacy technology that was not designed for cyber risks), mines are at risk from cyber threats in several areas. One area of high risk is the industrial machinery used every day that is now being connected to networks and even the Internet, sometimes inadvertently, and offers tempting targets for sabotage or ransomware from cybercriminals.

Another, arguably more modern area is the IoT (Internet of Things). Devices that provide data from every corner of a mine, from water and smoke sensors to video cameras that can produce large volumes of data, and the ability to collect and analyse this data centrally produces valuable intelligence for security, operations, and business planning. Naturally, being connected, they are also at risk from cybercriminals. After all, who thinks of cybersecurity when it comes to a water sensor?

Kyle Pillay, Security Operations Centre (SOC) Manager at Datacentrix, notes, “In today’s digital world, the evolution of the internet and the interconnectedness of everything through technologies like the internet of things (IoT) have brought about a levelling of the cybersecurity field. No particular industry is immune to cyberattacks like phishing, CEO fraud, and financial scams, and this includes the mining sector. Should a hacktivism group take umbrage against one of your initiatives or investments, for example, you will be targeted.” “Within the mining environment, the consequences of data theft and exposure would be mostly legislative, based on the regulations of the specific territory like South Africa’s Protection of Personal Information Act (PoPIA) or the General Data Protection Regulation (GDPR) in the European Union. If, as an organisation, you do not have the proper controls and measures in place, you could face fines and even imprisonment.”

The risks are particularly high within the mining environment. For example, cyberattackers could access machinery on assembly lines through IoT vulnerabilities, allowing them to change programmable logic controllers (PLCs), which control different electro-mechanical processes. Workers could be harmed should an attacker change sequences or bring lines completely to a halt. This could even be life-threatening in a scenario where, for example, an attack causes the shutdown of a heating, ventilation and air conditioning (HVAC) system.

Operational tech not designed for a short lifespan

Pillay continues that operational technology (OT) is generally manufactured to have a long lifespan. Systems were built to last 20 to 30 years and were operated in segregation and are now being increasingly targeted by cybercriminals. Historically, these environments have used the Purdue Model, a structural framework for industrial control system (ICS) security that concerns the segmentation of physical processes, sensors, supervisory controls, operations, and logistics. However, this model, developed in the 1990s, does not address some of the more modern challenges and requirements of ICS environments, such as the emergence of new, sophisticated cyber threats targeting OT systems and exploiting their vulnerabilities.

Because mining businesses now want to be able to access valuable data within their environments for reporting, there is – by default – an interconnection between IT and OT solutions. This can widen the attack surface, should the necessary controls not be in place. For instance, you may be using a computer running Windows 7 that works perfectly well for what is required, but this access point is vulnerable. The solution could be overlaying a secure network between the IT and OT environments, meaning that the equipment being run does not need to be changed, and you can still access the intelligence needed for reporting. It could even be as simple as rolling out a web application firewall (WAF) to reduce risk or using local machines to patch vulnerabilities.

“Security solutions could include management software for the OT stack, which would offer protection to some extent and also bring out key performance indicators to consider, such as potential areas of improvement,” adds Pillay. This would need to be done on a separate management layer, with virtual patching. It could be as straightforward as implementing a web application firewall (WAF), which will protect against exploits on the application layer, while still maintaining segmentation with IP and port control on the network layer, thereby mitigating IT risks to within acceptable levels.

Digital transformation security

As mines adopt digital transformation, data becomes more important and analysing data from equipment out in the field, geological surveys, etc., can provide invaluable information. What data protection solutions and processes should they be implementing? These systems also need protection, which should be designed into the solutions from the start.

“There are a number of data protection solutions and processes that could be rolled out by mining organisations to assist with the safe gathering and analysing of data from equipment out in the field,” states Pillay. “For instance, identity access and management (IAM) is key. An IAM solution would ensure that only the right people have access to devices and are able to bring data back into the environment for analysis. Multifactor authentication (MFA) is also critical here to ensure that users are not being spoofed – where an unknown source poses as a known, trusted source - or impersonated by a cybercriminal.”

Not only external threats

It is not only threat actors outside the company that pose a threat to mines. Insider threats are naturally a constant cause for concern in any industry, and the payroll departments within mining businesses are no strangers to malicious activity, from ghost workers to blatant fraud. A cybersecurity strategy must also include policies, processes and applications designed to curb insider mischief without preventing people from doing their jobs.

Pillay says data loss prevention (DLP) is critical to circumventing insider threats. DLP assists with data classification, identifying and helping to prevent unsafe or inappropriate sharing, transfer, or use of sensitive data. DLP also helps to determine data classification – identifying sensitive data– as well as the movement of said data. For example, DLP can determine whether a user is allowed only to upload to a database or if they may also email it.

Datacentrix’s cybersecurity offerings

Highlighting the security services Datacentrix offers, Pillay says, “Datacentrix offers comprehensive, end-to-end security services and solutions. This includes a cybersecurity operation centre-as-a-service, which entails threat monitoring and management, endpoint protection services, a firewall-as-a-service option, privileged access management (PAM), email security, identity access and management (IAM), vulnerability management, brand protection (dark web monitoring), and cyber advisory services.

“In addition, Datacentrix is able to assist with incident response recovery, where in the case of a ransomware attack, the organisation would carry out isolation, investigation, remediation and eradication services, as well as help businesses to restore their data. Essentially, the company’s managed services approach means that it can deliver the people, processes, and technologies needed to meet clients’ cybersecurity needs.”

Share this article:

Further reading: