As the metals industry expands its dependence on Internet-connected systems to reduce costs, mining companies are falling under the watchful eyed of attackers trying to steal information or disrupt operations, a new survey said.
Of the 39 mining companies that responded to the Ernst & Young Global Information Security Survey, 41 percent said they faced a rising number of external threats, including cyber incidents.
Mining companies focus on the tools of the trade, such as trucks and graters, even though IT tools have come into play to control that equipment over the past 10 years, said Mike Elliott, global mining and metals leader for Ernst and Young.
“They don’t see themselves like consumer organizations that hold large amounts of credit card details,” Elliott said. “They’re not like a financial institution sitting on large amounts of cash and security. Hence they think they’re not really a target.”
Safety systems and sensors increasingly link to the Internet, which saves miners money, but it also creates new avenues for attack, the survey found. Mining companies often don’t realize how reliant they are on IT, Elliott said.
The mining sector may has not accepted there are certain “non-negotiable infrastructure costs” associated with increased dependence on IT, he said.
The merging of operations technology with information technology has provided hackers a path to the operation systems from the Internet, the report said. Operations has become “inherently less secure, as many old systems were not developed with security in mind.”
Computer security experts warned for years industrial control systems used by utilities, manufacturers and the energy industry are vulnerable to attacks due to buggy software and infrequent patches.
Some hackers hunt for information about business deals, while others seek to disrupt the metals markets for profit. Copper is a particularly price-sensitive metal due to tight supply, and the closure of one or two mines can cause its price to spike, Elliott said.