Is a catastrophic event required to drive an industry response to cybersecurity in mining?
Cybersecurity is considered one of the biggest threats to the world economy, but according to Australian researchers at State of Play, it will take a catastrophic event for it to be taken seriously in the mining industry.
Through interviews, survey and deep analysis of Australia’s largest mining and service companies, including BHP, Rio Tinto, South32, and Anglo American, the report has uncovered that 98% of top-level executives expect a catastrophic event is required to drive an industry response to cybersecurity in mining.
State of Play Chairman and Co-founder Graeme Stanway says the risk of cybersecurity failures in mining could be severe.
“In an increasingly automated and interconnected world, the risk of rogue systems and equipment is growing rapidly,” he says.
“If someone hacks into a mining system, they can potentially take remote control of operational equipment. That’s the level of risk that we are facing.”
Global Head of Cybersecurity at BHP, Thomas Leen, agrees and says the mining industry is up against archaic processes when it comes to evolving on the cybersecurity front.
“Mining as an industry has a low level of cybersecurity maturity, mainly due to legacy environments that lack basic capabilities,” he says.
The report goes on to find that the second most likely driver to instigate change, after a catastrophic event, will be government led initiatives and responses.
AustCyber CEO Michelle Price believes public-private partnership is the key to driving change in the way the mining industry approaches cybersecurity.
“There are several challenges specific to the mining sector as documented in the Australian Cyber Security Industry Roadmap developed in conjunction with CSIRO – such as operational technology, connected equipment and sensors, availability of data, anomaly detection and the volatility of markets,” she says.
“There are plenty of growth opportunities – especially when the sector collaborates with organisations like AustCyber to have a coordinated voice on the kind of support it needs to push forward cyber resilience.”
South32 head of cybersecurity Clayton Brazil sees this collaboration as a strength of cybersecurity in the mining industry. “Cybersecurity is incredibly collaborative in mining, we know it’s a critical industry for our nation and we all want to be safer,” he says.
Brazil sees a strong cybersecurity capability as a strategic opportunity for South32. “Done properly, cybersecurity can be a competitive advantage for us,” he says.
METS Ignited CEO Adrian Beer says industry growth and sustainability will come from collaboration and the implementation of standards. “Mining operations are still made up of legacy closed systems that have customised integrations between them,” he says.
“However, the modern technology vendor community is trying to overcome these systems with new models, building collaboration and trust between mining and the technology sector will create a secure sustainable future.”
Beer also believes standards have a two-prong role to play. “There is clearly a need for both a strong set of standards to define what good looks like in terms of cybersecurity more broadly, and a set of industry standards to ensure that the specific needs are met to deliver those secure outcomes,” he says.