Cyber Security

Cyber Security

The threat of companies experiencing a cyber security breach is increasing rapidly; demonstrated by the Australian Government’s cyber security arm responding to 34 per cent more incidents last year than the year earlier.

Despite the figures, and the fact the mining sector is one of the highest-risk industries, some experts claim it’s lagging behind.

In the Australian Cyber Security Centre’s latest threat report the mining sector ranked among the highest when it came to the prevalence of cyber-attacks.

While the energy, banking and financial services, communications and transport sectors took out the top four positions, the mining and resources sector came in fifth accounting for 8.6 per cent of “compromised systems”.

In one example, last year Canadian gold-mining firm Goldcorp suffered a major data breach in which the hackers leaked 14.8 GBs of data online, including financial information.

Cyber-attacks in mining are not a recent phenomenon; in 2010 Rio Tinto, BHP Billiton and Fortescue Metals Group were all attacked by hackers in Asia which experts believe were focused on commercial espionage[i]. Three years after this attack Ernst and Young’s Global Information Security Survey found that 41 per cent of the mining and metals survey respondents experienced an increase in external threats over the past 12 months.

But according to some experts, Deloitte included, even now mining companies are not doing enough to ensure cyber resilience.

In its Tracking the Trends 2017 report Deloitte said “as mining companies reinvent their future through digital, the threat of cyber-attack will be further amplified, particularly as companies leverage the power of [the internet of things].

“That’s a challenge for the mining sector, which largely remained behind the curve when it comes to cyber security,” the report reads.

Not everyone agrees. Alex Tilley, one of Australia’s highest-regarded cyber security experts and a former Senior Technical Analyst with the Australian Federal Police, says the mining sector is “on the curve”.

“I wouldn’t say that they’re behind the curve I would say that they’re on the curve and are starting to ramp up,” he said.

Mr Tilley is now part of Dell Secureworks’ Counter Threat Unit. He said there were definite parallels between what the mining sector is encountering and the financial sector’s experience 10 years ago.

“I think you can draw a real comparison here between mining and banking. I think that as the threat increases and a number of attacks increases, so does security budget and focus.

“I don’t think mining is any worse than any other, they have very unique problems, but it’s definitely not any worse off than retail or manufacturing or anything like that, in fact I think they are maybe just behind the banks.”

There are a number of reasons why cyber-attacks may occur in the mining sector; nation states seeking protectionism, competitors seeking information or attempting to hamper financial performance or activists wanting to disrupt activity for a social cause (also called hacktivists).

Gordon Morris, General Manager of Managed Services at Perth-founded CloudCorp, believes stock market manipulation is also risk for mining companies, however there are easier targets than those in the mining sector.

“Imagine if it was possible to deliberately cause disruption at mine site that resulted in lower than expected quarterly production, thus affecting share price, on which a short position has been taken,” Mr Morris said.

“There are a lot of moving parts for this plan to come off as well as requiring the hiding of financial activities…[attackers could] go straight to the finance sector for a bigger reward for effort.”

Unfortunately, the nature of mining with remote operations and increasing use of automation makes security more of a challenge.

But defending an attack isn’t as complicated as it may sound.

“We’re not doing the basics right, people are really worried about the really high-level ‘superhackers’ when, really, we’re just not doing the logging properly,” Alex Tilley said.

“Detection is the key; we’ll build the fences and we’ll make it harder for the bad guy to get in but then let’s have the uncomfortable conversation and assume that bad guy can get in, and then what do we do? How do we stop him?”

This intrusion detection is one of Trend Micro’s Top 5 defensive strategy recommendations. It also recommends having robust access control process; a plan as simplistic as determining who needs access rights and what they need access to.

It also recommends segmenting data networks into distinct security zones and developing a comprehensive cyber incident response plan which should include both proactive and reactive measures.

[1] http://apac.trendmicro.com/cloud-content/apac/pdfs/security-intelligence/white-papers/wp-cyber-threats-to-the-mining-industry.pdf