OT Cyber Security Issues for the Mining Industry

The mining industry was among the hardest hit by the COVID-19 pandemic, but, according to recent analysis by McKinsey & Company, it is in recovery — fueled in part by lower energy prices. As it does come back, many will be revisiting initiatives to reduce costs and improve profitability through digitalization strategies such as increased integration of robotics, automation, data analysis and the Industrial Internet of Things (IoT). But with this comes the need for greater cyber vigilance.

In March of 2019, for example, aluminum producer Norsk Hydro, suffered a ransomware attack on its computer networks that it estimated to have had a $300 to $350 million financial impact on its business. Although ransomware attacks are increasing in mining, most reported attacks have been for cyberespionage.

“The mining industry is both a geopolitical and an economic target. The threat actors behind foreign cyber espionage campaigns are increasingly interested in learning about governance policies, decisions, and decision-making processes of corporate executives but also in trying to gain a competitive edge by disrupting the advantage of a competitor,” write the authors of a TrendMicro report on cyber security issues in the mining industry.

Both ransomware and cyber espionage, however, primarily involve information technology (IT). As the mining industry continues to recover and companies begin reaping the benefits of digital initiatives for their operational technology (OT) transformation, attacks on critical controls will likely increase.

“To date, mining companies have been primarily focused on protecting corporate, as opposed to operational, systems and data. That’s because the IoT—where production can be controlled from an iPad or a smart phone, for instance—is relatively new, gaining momentum over the last decade, and because operational systems are inherently different, requiring engineering know-how, in addition to IT expertise, in order to secure them appropriately,” write the authors of the Deloitte report “An Integrated Approach to Combat Cyber Risk in Mining.”

Here are some OT related cyber security vulnerability examples Deloitte posits.

• Lack of authentication in wireless communications, which would allow a cybercriminal to hijack an autonomous hauling system, halting the movement of materials, damaging costly equipment, and putting people’s lives at risk.
• Poor security practices by a third-party contractor, which would allow a virus to migrate into the production environment, shutting down critical Supervisory Control and Data Acquisition (SCADA) systems and creating unsafe working conditions.
• Weaknesses within the supply chain, which would allow ICS equipment to be intercepted and malware installed prior to delivery at a mining site. This would result in improper testing of the components prior to deployment, allowing the virus to proliferate undetected, resulting in a system crash, leading to disruption or shutdown of operations.
• A commodity IT solution with open design protocols, which would allow members of an adversarial community to gain remote access to PLCs, thus giving them the ability to disrupt the production process at will.

Acknowledging that it is not possible to secure everything equally, the Deloitte authors propose a more phased in approach.

“Critical assets and infrastructure and their associated ICS would obviously be at the top of the list, but it’s important to remember that they’re not isolated components. They’re part of larger supply chains, so it’s essential to shore up weaknesses throughout end-to-end processes. This can involve many layers and types of controls, ranging from installing firewalls to “hardening” sensors such as on drilling machines, excavators, earth movers, crushing and grinding equipment and processing,” they write.

For more information about the complexities and challenges of securing industrial supply chains see: Can a tool reduce cyber risk across the OT supply chain?