For most of history, the world’s miners have had to face an avalanche of physical threats. Just think of the imagery we traditionally associate with the profession: collapsing passages, thick plastic helmets and canaries to warn of toxic gas. And if modern operators have dispensed with the birdies, mining can still be immensely dangerous. More people are killed or injured in mining than in any other industry, and though conditions have lately improved across Western nations, countries like India and China regularly see annual fatalities soar into the hundreds.

Yet, while miners still need to be conscious of explosions and falling rocks, an even more pernicious threat is now stalking the profession. Just ask Weir: In October 2021, this major industrial supplier suffered one of the worst cyberattacks yet seen in global mining. After hackers infiltrated the company, Weir’s core IT systems, engineering systems and resource planning processes all suffered disruption. That was swiftly followed by deep financial damage. Soon after the assault, the company revised its Q4 revenue down by as much as $27m.

Haul trucks and an excavator at work in a quarry mine. Nor is the Scottish group alone. According to research by Skybox Security, a leading cybersecurity company, 83% of critical infrastructure organisations suffered breaches in 2021 alone. And to a certain extent, further attacks are inevitable. With digitalisation an obsession for industry insiders everywhere, hackers are increasingly seeing mining as a target – whether for sport, a payout, or even reasons of national security. At their worst, meanwhile, breaches can cause far more than mere financial pain, potentially putting the very lives of miners at risk. Not that the situation is hopeless. Mining companies the world over are belatedly rising to the threat, working with external experts to keep their servers secure. Yet with criminals just as energetic in their turn, the fight to keep systems safe will be long and frustrating.

Data mining

Over the past decade, digitalisation has transformed mining – a fact dramatically reflected in the statistics. In the first half of 2021 alone, the number of company filings mentioning the term rose by 128%. Nor does this trend seem likely to slow down. According to findings by ABI Research, mining digitalisation will enjoy a CAGR of 5.2% over the next decade, reaching $9.3bn by 2030. That’s echoed by work at specific companies. At Tata Steel, for instance, executives are investing millions in blockchain and machine learning, among other areas. Rio Tinto, for its part, has built a network server across 98% of its sites.

As these case studies imply, there are good reasons for going digital. “Mining companies benefit significantly by shifting to cloud services,” emphasises Justin Berman, technical director at Skybox. “There is a massive benefit to the data analytics within operational technology (OT) environments, as well as utilising shared resource pools within decentralised environments.” A fair point: Given Rio Tinto’s iron ore business generates a mind-boggling 2.4TB of data every minute, getting an automated secretary to understand it all is immensely helpful. Nor are the advantages of digitalisation limited to intangible fields like data analytics. On the contrary, computers are transforming mining across a bewildering array of real-world sectors. From self-driving haul trucks and augmented reality training schemes to automated ventilation systems that only kick in when someone’s nearby, technology has the potential to make mining both safer and more efficient.

Yet if the digital revolution is leaving no corner of the industry untouched, the rush ahead has left operators exposed. Fundamentally, Alex Dow says this is down to their relative inexperience. “The mining sector is unique in that, unlike most digital businesses who deal in data, mining for much of it still deals in the physical realm,” explains Dow, CTO at Mirai Security, a Canadian cybersecurity company. Berman, for his part, argues that’s reflected in how operators have traditionally thought about digital safety. Rather than preparing for breaches in advance, he claims mining operators have instead been “reactive” – only leaping into action once an attack has happened. It hardly helps, Berman adds, that integrating IT and OT can be devilishly hard, especially in old facilities, or when attempting to get different wings of rambling security teams to work together.

Whatever the reason for mining’s cyber immaturity, it’s indisputable that attacks can have disastrous consequences. As Weir’s experience suggests, that’s especially true financially. Though lost business is obviously the main concern here, cyber breaches may also draw the attention of fine-hungry regulators. Nor are wounded balance sheets the only thing operators have to contend with. If, for instance, hackers successfully breached a mine’s GPS deployment system, different ore grades could be mixed inappropriately. If the resulting material was worthless and needed to be dumped, the environment could suffer too. Even more seriously, hacks can pose a risk to human life. Both Dow and Berman warn about the vulnerability of mine ventilation systems to cyber interlopers, a danger ominously highlighted already.

Before a deadly 2010 explosion at a West Virginia mine, staff had repeatedly complained about problems with the ventilation – vital for diluting explosive methane gas out of the facility.

Beyond patching

What are operators doing to combat these varied threats? Perhaps unsurprisingly in an industry that’s relatively new to the cybersecurity game, many are still relying on external partners. As Dow recalls one insider saying: “We are in the business of breaking rocks, not securing networks.” In practice, explains Berman, these collaborations start with a careful understanding of how a client uses digitalisation – and where gaps in their armour might be. “First,” he says, “we measure cyber risk through a dual lens of exposure and exploitability. Then, we enable organisations to drastically reduce their attack surface by providing remediation options that go beyond patching.”

Berman lays out a number of ways to achieve these aims. One technique is developing sophisticated security processes across IT/OT networks, ensuring staff know how to deal with a cyber intruder, whether they’re in a back office or at the coalface. Another is to simulate malware attacks, helping IT teams understand precisely how a would-be hacker might behave. And if the worst ever did happen, any cyber company worth its salt will also have strong mitigation policies in place. The point, at any rate, is to develop what Dow calls a “multipronged” approach – and just as well. For if companies like Skybox are constantly tinkering with processes or testing out attack vectors, their criminal rivals are too. The numbers speak for themselves: Across cyberspace, a hacker strikes every 39 seconds, while 560,000 new pieces of malware are detected each day. As Dow puts it, these vast forces constitute a never-ending “active campaign” against global mining.

Not that experts simply have to guess what’s around the corner. On the contrary, mining’s cyber defenders have a number of ways to predict how their enemies might act. The Cybersecurity and Infrastructure Security Agency (CISA), for instance, is a wing of the US government that provides cybersecurity professionals with information about what gangs may be planning. Private sector operators offer similar services, sometimes even providing reports of specific servers or IP addresses to look out for. That dovetails, Berman adds, with robust training. “Training and skills development is critical because, ultimately, cybersecurity is a people problem – and humans are the key target for cyberattacks.” There’s some evidence that mining concerns are taking that last point to heart. Anglo-American is now providing bespoke cybersecurity apprenticeships, while BHP has integrated cybersecurity rules into its code of conduct.

Bad days ahead?

From gas to the grain trade, Russia’s invasion of Ukraine has upended countless global industries. And though it’s receiving less scrutiny in the media, mining is in a similar boat. That’s true in terms of fluctuating commodity prices, of course, but also in terms of the threats the sector is facing. With the West and Moscow increasingly engaged in a form of economic warfare, experts like Dow are increasingly concerned that mines could be the victims of foreign hacks. “With the sanctions against Russia,” Dow says, “there’s a heightened concern that, because many mining companies are fairly critical to the economy, they may be targeted to cause disruptions.”

Despite these fears, however, Dow is fundamentally optimistic about the future of mining cybersecurity. Though he concedes that some “bad days” are unavoidable, he says that the proliferation of new technology across mining means operators are under ever more pressure to take their digital obligations seriously. That’s doubly true, he continues, given investors now see cyber as an absolute priority. This, he suggests, will “raise the tides of apathetic companies”. Berman makes a similar point, arguing that as the industry gathers more and more information through data analytics, “preventative maintenance” of vulnerabilities will gradually improve too. Given what the industry’s doing, he has a point, with Rio Tinto just one of the giants developing comprehensive cybersecurity requirements for in-house staff and external suppliers alike. Bad days or not, the industry is clearly aware that change is in the air – for the sake of servers and miners alike.

The rise of ransomware attacks

Ransomware attacks, in which hackers freeze a target’s computer systems, steal data and threaten to destroy or publicise it if they aren’t paid, have accelerated in recent years, paralysing hospitals, schools, businesses and more. First gaining public attention with the WannaCry outbreak in 2017, the Covid-19 pandemic contributed greatly to the ongoing surge in ransomware attacks. As organisations rapidly pivoted to remote work, gaps were created in their cyber defences, which bad actors have been swift to exploit.

For the mining industry, the most notable example in recent years came from the Weir Group’s announcement on October 7 2021, regarding the attempted ransomware attack on their systems earlier that September. The attack forced the company to shut down some of its operations, impacting its third-quarter profit to the tune of millions of pounds.

In Weir’s official statement, the company said that there was no evidence that any personal or other sensitive data had been compromised or encrypted. “We responded quickly and comprehensively to what was a sophisticated external attack on our business,” said Jon Stanton, chief executive officer of Weir Group. “The robust action to protect our infrastructure and data has led to significant temporary disruption but our teams have responded magnificently to this challenge and have managed to minimise the impact on our customers.”

Weir said it had taken a number of measures following the attack, such as isolating and shutting down IT systems, including engineering applications. While the company worked to restore those applications as quickly as possible, the resulting disruptions resulted in “revenue deferrals and overhead underrecoveries”, according to its press statement. The consequences of operational disruption and associated inefficiencies were expected to continue into the fourth quarter of 2021, further impacting the company’s finances.

This article first appeared in World Mining Frontiers magazine.