Towards cybersecurity: Claroty on the future of mining
Lani Refiti, regional director ANZ of Claroty, asks what cybersecurity challenges and opportunities remain in the mining industry.
“Is a catastrophic event required to drive an industry response to cybersecurity in mining?” That was the rather provocative headline of a November 2019 post on the NSW Government’s Energy & Resources Knowledge Hub. Its genesis was a report from Australian research firm State of Play, which concluded it would take a catastrophic event for cybersecurity to be taken seriously in the mining industry.
State of Play said this was the view of 98% of top-level mining executives it had surveyed. State of Play chairman and co-founder Graeme Stanway was quoted saying the risk of cybersecurity failures in mining could be severe: “In an increasingly automated and interconnected world, the risk of rogue systems and equipment is growing rapidly. If someone hacks into a mining system, they can potentially take remote control of operational equipment.”
In response to the pandemic, every industry accelerated its digital transformation to enable staff to work remotely. Every industry became more automated and more interconnected. For example, staff were given greater ability to control and monitor plants and facilities from off-site.
Credit: Claroty
Fast-moving change
This rapid digital transformation and increased connectivity brought many benefits: greater collaboration, increased efficiency, reduced downtime and easier regulatory compliance, but it also enormously increased the challenge of securing these environments against cyberattacks. The convergence of operational technology (OT) with information technology (IT) exposed legacy equipment to all the dangers of the internet from which these siloed systems had formerly been shielded.
For the first time in its 12-year history, Verizon’s 2021 Data Breach Investigations Report examined security incidents impacting OT, and included a section on the mining, quarrying, and oil and gas extraction industries.
Deloitte’s annual global mining report for 2021 identified 'integrated operations' as one of the key trends affecting the sector; this refers to the many digitisation and automation projects mining companies are undertaking, which inherently increase convergence of OT and IT networks and thereby the company's attack surface.
While these integrated operations allow miners to make better and faster decisions, and create safer, more sustainable and more profitable operations, they also introduce a new level of cyber risk which must be managed carefully.
Such connected environments might be physically safe and worker safe, but without adequate safeguards this greatly increased attack surface with many connected legacy devices will be decidedly cyber-unsafe. Large mining companies need to secure their systems, operations and facilities all the way from their operations centre to individual devices and processes. But there are some common challenges they face.
Cybersecurity challenges remain
Legacy technology is perhaps the biggest security challenge. Much of the technology used by mining companies is proprietary or specialised software, interfaces, and communications protocols that are often decades old and were not designed to be connected to the internet. Once connected, they become exposed to a raft of new cyber threats lurking the internet, which they are not equipped to face.
Vendors do not produce frequent enough patches on legacy technology to mitigate vulnerabilities either, which leaves mining companies open to attack. The remote location of much of this technology only compounds the problem.
Scale and complexity are other key challenges. Mining environments are complex and widespread. They include equipment from many vendors spread over large areas and almost invariably include remote locations, making it difficult to secure every single asset on the network
Even a small amount of downtime can incur significant lost revenue that is complex and costly to recover from.
In addition, availability remains an issue. Mining is a 24x7 operation and needs to run continuously to meet demand. Even a small amount of downtime can incur significant lost revenue that is complex and costly to recover from, so any new security measures need to be introduced without interrupting operations.
This can be a difficult task, as many security tools require operational downtime during the implementation phase – but there are some tools that don't require this, which have been developed specifically for industrial environments.
In addition to the vulnerability of legacy technology, the sheer scale of today’s interconnected mining environments that span IT, OT, Internet of Things (IoT) and industrial IoT greatly increases the attack surface and the variety of potential avenues of attack. Each new addition brings new vulnerabilities, providing threat actors with more routes of attack.
In a large mining operation spanning multiple and remote locations, there will be connected and highly specialised equipment from many different vendors, posing a potential risk of third-party vulnerability. It would be impossible for any mining company to maintain and configure all of this equipment without remote access and specialist third parties. Access needs to be tightly controlled and very granular, which is often not the case. Managing third party risk effectively is a large and complex task.
Improving security in three steps
There are three steps mining companies need to take to secure their operations: audit; monitor; control access.
A comprehensive understanding of all connected assets on their network and their communications links is required. This seems like a monumental task, but OT security tools are available that autonomously explore networks to discover this information.
Monitoring all activity on their networks can help immediately identify, investigate and if necessary, block abnormal activity that could be associated with an attack.
Remote access is essential, but tools must be in place to restrict this to the minimum required, to secure those accesses and to track and audit all usage.
COMMENT