Looming cyber threat in mining paves platform for change

State of play

Cyber security is considered one of the biggest threats to the world economy, but according to Australian researchers at State of Play, it will take a catastrophic event for it to be taken seriously in the mining industry.

Through interviews, survey and deep analysis of Australia’s largest mining and service companies, including BHP, Rio Tinto, South32, and Anglo American, the report has uncovered that 98% of top-level executives expect a catastrophic event is required to drive an industry response to cyber security in mining.

State of Play Chairman and Co-founder Graeme Stanway says the risk of cyber security failures in mining could be severe.

“In an increasingly automated and interconnected world, the risk of rogue systems and equipment is growing rapidly,” he says.

“If someone hacks into a mining system, they can potentially take remote control of operational equipment. That’s the level of risk that we are facing.”

Global Head of Cyber security at BHP, Thomas Leen, agrees and says the mining industry is up against archaic processes when it comes to evolving on the cyber security front.

“Mining as an industry has a low level of cyber security maturity, mainly due to legacy environments that lack basic capabilities,” he says.

The report goes on to find that the second most likely driver to instigate change, after a catastrophic event, will be government led initiatives and responses.

AustCyber CEO Michelle Price believes public-private partnership is the key to driving change in the way the mining industry approaches cyber security.

“AustCyber has collaborated with METS Ignited and State of Play to conduct this survey as we see the potential to improve cyber security across the mining environment,” she says.

“There are several challenges specific to the mining sector as documented in the Australian Cyber Security Industry Roadmap developed in conjunction with CSIRO – such as operational technology, connected equipment and sensors, availability of data, anomaly detection and the volatility of markets.

“There are plenty of growth opportunities - especially when the sector collaborates with organisations like AustCyber to have a coordinated voice on the kind of support it needs to push forward cyber resilience.”

South32 head of cyber security Clayton Brazil sees this collaboration as a strength of cyber security in the mining industry. “Cyber security is incredibly collaborative in mining, we know it’s a critical industry for our nation and we all want to be safer,” he says.

Brazil sees a strong cyber security capability as a strategic opportunity for South32. “Done properly, cyber security can be a competitive advantage for us,” he says.

METS Ignited CEO Adrian Beer says industry growth and sustainability will come from collaboration and the implementation of standards. “Mining operations are still made up of legacy closed systems that have customised integrations between them,” he says.

“However, the modern technology vendor community is trying to overcome these systems with new models, building collaboration and trust between mining and the technology sector will create a secure sustainable future.”

Beer also believes standards have a two-prong role to play. “There is clearly a need for both a strong set of standards to define what good looks like in terms of cyber security more broadly, and a set of industry standards to ensure that the specific needs are met to deliver those secure outcomes,” he says.

Sector-wide response to cyber security

To read and download the report, visit https://www.stateofplay.org/results/.