Cybersecurity challenges and solutions in the mining sector

ABB recognises the unintended cyber risks that have resulted from increased automation and the interconnectedness of mining operations. Malware has many entry points in the mining process, and industrial control systems (ICSs) using OT networks are especially vulnerable. ABB provides in-depth defence from cyberattacks via its distributed control system, ABB Ability System 800xA.  

The integrated system offers mining companies foundational protection by assessing their current cybersecurity health, protecting against fundamental threats, and training staff about cyberattacks caused by human error. It also provides cybersecurity services, including maintenance of automated systems by a cybersecurity engineer and consulting services to implement cybersecurity policies. Operational support includes 24/ 7 monitoring of ICSs and support from global ABB experts.  

This approach mitigates the risks around ICSs, especially those using legacy OT networks, and is especially useful to mining companies already using ICSs designed by ABB.  

 To further address the threat of unauthorised access to ICS, ABB offers its Ability Cybersecurity Fingerprint. The biometric identity verifier is used by Boliden at its plants and provides extra validation along with existing security policies. Fingerprint validation reduces risks from malware and prevents unauthorised access to production activity, personal data, and equipment. It is a non-invasive and cost-effective test to validate access to ICSs. It also enables auditing and tracking of personnel activity, so those carelessly or intentionally spreading malware can be identified and given further training.

Nozomi Networks, like ABB, recognise the greater exposure to cyberattacks mining companies face with increased digitalisation and aims to secure OT and IoT systems without sacrificing improvements in operational efficiency. Speaking to GlobalData, Nozomi Network’s regional director for the UK and Ireland said, “Hackers are beginning to see OT environments as a soft underbelly to hack into,” with their visible IP addresses and limited or no cybersecurity features in place.  

Nozomi Networks aims to assist organisations in updating their OT and IoT security practices with cybersecurity software. For example, it offers cybersecurity software as a service (SaaS) for easy, intuitive use and scalability. It can offer a few security features or be an all-in-one cybersecurity framework for companies of any size.  

The company provides automated threat detection, monitoring of OT and IoT environments for any anomalous activity, and visibility of all threats and features in a central dashboard. Mining companies will especially benefit from the remote collector’s add-on feature, a low-cost method of collecting data from remote or isolated locations, common in many mine sites.

Waterfall recognises the unique threat mining companies face to their ICS, leading to equipment failure, harm to worker safety, loss of revenue, and even threat to the environment. Waterfall provides hardware protection for critical industrial sites through its unidirectional security gateway (USG).  

The one-way security gateway was successfully used by an Australian surface and underground metals mine to securely transfer data from operational sites to enterprise networks and monitor the activity of on-site workstation screens in real-time. Waterfall uses a hardware solution to bolster existing cybersecurity software solutions as the company sees all software as vulnerable to comprises.

Darktrace sees cyberattacks, particularly ransomware, as inevitable and prioritises methods to get ahead of cyberthreats. The company uses self-learning AI technology to prevent or mitigate the risks of cyberattacks. The AI identifies any change in computer network patterns by focusing on regular business activity rather than breaches. Any unusual activity in the network produces immediate alerts. This assists in identifying cyberthreats at the early survey stage to limit or completely prevent breaches.  

Along with autonomous threat detection, Darktrace offers attack path modelling and attack simulation and finds and patches holes, especially those at points of convergence between IT and OT networks. The company even uses AI to address the cybersecurity skills gap. All security events are presented in an intuitive dashboard, and natural language reports are automatically produced for company executives to get up to speed with the cybersecurity risks they face.

The Canadian mining company, Agnico Eagle Mines, deployed Malwarebytes endpoint security software to prevent advanced threats that sidestepped the company’s existing antivirus solution. Malwarebytes endpoint security solution targets the most dangerous malware (zero-day malware, trojans, worms, rootkits, adware, and spyware) in real-time.  

The software does not disrupt to the device users as it runs in the background and can update and scan devices over a server or the internet - ideal for remote mining sites with only satellite connectivity. Malwarebytes helped Agnico Eagle Mines set up the endpoint security system with one-to-one support from a technical account manager.

Along with deploying the latest cybersecurity hardware, software, and services, the mining industry can benefit from sharing the latest cybersecurity information. The Saudi Arabian Energy Industry Cybersecurity Intelligence Sharing Consortium and the Canadian Mining and Metals Information Sharing and Analysis Center are two examples of this practice.  

Both intelligence-sharing centres involve a range of mining companies that can share critical cybersecurity information, resources, and risk management strategies. Both initiatives aim to further research and cooperation and protect against the latest cyberattacks. Creating such cybersecurity centres or joining existing ones could be a key step for mining companies to develop their cybersecurity resilience in the face of growing threats.