‘Operational disruption’ the main cybersecurity threat in mining

M​​​​​​​ining companies may not be an obvious target for cyberattacks, but the results of a successful hack can be disastrous. 

From operational shutdowns to health and safety risks, a rising number of mining firms are placing higher priority on cybersecurity systems as the sector becomes increasingly digitised. 

We spoke to John Price, CEO of infrastructural cybersecurity firm SubRosa, whose background lies in both the military and corporate sectors. From Price's roles as a counterintelligence agent and signals intelligence analyst in the British Army to managing cyber risks for PNC Financial Services Group, he has overseen robust security protocols and navigated varied threats for decades.

John Price:​​​​​​​ Among the most pressing concerns around cybersecurity in the mining industry is operational disruption. Many mining operations depend on interconnected systems and automation. A cyberattack can disrupt these systems, leading to costly downtimes and safety hazards.  

There's also the theft of sensitive data – mining companies possess sensitive data including exploration data, financial records, and personal information of employees. Cyber threats aim to steal such valuable data. 

Ransomware attacks are increasingly common in the mining industry, with attackers locking access to critical data or systems and demanding a ransom to release them – as are supply chain vulnerabilities, due to the mining industry's reliance on a global supply chain which makes it susceptible to cybersecurity threats that target less secure parts of the supply chain. 

Finally, compliance risks. Regulatory compliance related to data protection and privacy, such as GDPR, requires mining companies to safeguard certain types of data, adding complexity to cybersecurity efforts.

John Price:​​​​​​​ Cybergangs cause operational disruptions in mining processes primarily through ransomware and malware attacks, infecting industrial control systems with malicious software that can shut down operational technologies.  

There are also DDoS attacks, which overload the network with traffic, causing systems managing operational processes to slow down or crash. Then there's system infiltration: gaining unauthorised access to control systems to maliciously alter processes, leading to unsafe mining conditions or complete operational shutdown.

John Price: A notable example occurred in 2020 when Goldcorp, a major gold mining company, suffered a data breach where hackers stole around 14.8GB of private employee data and other sensitive company information. This incident exposed personal details of thousands of employees, underscoring the cybersecurity vulnerabilities in the mining industry.

John Price:​​​​​​​ Cyberattacks in the mining industry typically take one of four forms. Firstly, phishing – sending fraudulent communications that appear to come from a reputable source to steal sensitive data like login credentials. There's also spear phishing, when targeted phishing attacks aimed at specific individuals with access to critical systems or sensitive information. 

A third vector is network penetration: exploiting vulnerabilities in the software used by mining companies to gain unauthorised access. Finally, insider threats: employees or contractors misusing their access to systems for malicious purposes or unintentionally causing a security breach.

John Price: Leading mining companies in cybersecurity often include those who invest heavily in securing their IT and operational technology (OT) environments. Companies like BHP and Rio Tinto have been recognized for their proactive steps in cybersecurity. They implement comprehensive cybersecurity strategies that include risk management, regular security assessments, advanced threat detection systems, and robust incident response plans.