Nozomi Networks: achieving cybersecurity in digital mining
Digitalisation, automation and IoT devices are fuelling operational efficiencies in the mining industry. However, increased connectivity within operational technology environments has exponentially expanded the threat surface. Cyber threats against mining operations are real and those tasked with protecting against these attacks are faced with an arduous task.
Traditionally, legacy industrial control systems (ICS) were air gapped from broader IT systems, which protected these systems from IT security threats. However, growing pressure to improve profitability and operational efficiencies has resulted in an explosion of Industrial Internet of Things (IIoT) technologies. This has led to the convergence of IT and OT systems, eliminating the protections provided by air gapping. These once isolated operational systems are now connected to a mine’s entire enterprise network and, as a result, are exposed to numerous new cyber threats. Furthermore, the integration of IT and OT has revealed the visibility challenges associated with operational technology (OT).
Attackers are taking advantage of these newly exposed weaknesses and by exploiting a vulnerability in a mine operator’s IT system, they can often take down both the IT and OT network. A recent EY Global Information Security Survey revealed that 54% of mining and metal companies suffered a significant cybersecurity incident in the last year. A cyber attack can have devastating impacts on revenue, market value and reputation: a successful attack can put mining operations, equipment, data and people at risk.
The cyber attack against Norsk Hydro, one of the largest aluminium producers in the world, crippled its computer networks and forced the company to isolate plants and return to manual operations. It cost the company up to $70mn.
Furthermore, in 2016 a hacker targeted Canadian mining company Goldcorp Inc and remained undetected in its systems for months whilst stealing 15GB of personal and customer data, which was subsequently posted online. These two attacks highlight the devastating impact a cyber attack can have on a business.
It’s fair to say that attackers show no sign of slowing down, and with such high stakes, mine operators need to take the necessary precautions to protect their business.
Cyber threats: understanding what’s at stake
The first step for mining operators looking to protect themselves from these new cyber threats is to develop an understanding of where these threats come from. The top three threats observed in the mining industry include:
Cyber espionage
For nation-state sponsored threat actors, mining organisations are a gold mine of information, such as, details on location and value of natural deposits, the extraction and processing technology used and business strategy. All this information could be leveraged in M&A negotiations or be used to gain competitive advantage. For example, Global mining company BHP Billiton became a victim of a cyber espionage campaign in 2011, with attackers targeting the company to gain access to market pricing for key commodities.
Phishing attacks
Phishing attacks are becoming an increasingly common infection vector in the mining industry. According to the 2019 Internet Security Threat Report, more than 38% of email users in the sector were hit with such an attack in the last year. These types of campaigns are designed to trick users into downloading malware or divulging confidential information.
Third-party access
Third-party vendors often provide support services for mining companies, such as equipment assembly or maintenance. However, unless properly managed and audited, third parties can pose a significant threat to operations. For example, a third party could provide an entry point for malicious software or create system vulnerabilities through weak credentials. Therefore, organisations need to vet their third-party vendors and ensure they follow standard cybersecurity practices before allowing access to internal systems.
Protecting the mining industry
Mine operators need to detect and evade cyber attacks before they disrupt production, result in potential danger to life, damage equipment or cause a loss of Intellectual property (IP). However, the convergence of IT and OT systems has eliminated the security blanket of a fully air-gapped system. As a result, operators need to take a massive step up to implement defences that will detect and manage cyber threats.
OT network segmentation can be used to mitigate risk and prevent intentional or accidental OT cyber incidents from spreading. However, effective segmentation requires full visibility into the network and insight into where vulnerabilities are.
Therefore, to reduce risk and build operational resilience, mines must implement real-time visibility into their IT and OT networks. An accurate inventory of all network assets is a critical aspect of practicing good cyber hygiene, and these assets should be monitored in real time to detect anomalous behaviour.
The threat of cyber espionage means that keeping private corporate information and intellectual property (PI) confidential is critical for mining companies. To achieve this, they should implement behaviour-based anomaly detection and multiple types of signature and rules-based detection to identify unauthorised activity. These solutions can determine behavioural baselines, detect anomalies and alert operators to deviations, which mine operators can utilise to mitigate or eradicate the threat before damage is done.
People are often the weakest link in the cybersecurity chain. Therefore, staff should be taught to spot cyber threats, such as malicious emails, and report them to the appropriate security team. Simply raising employee awareness of the cyber threats an organisation faces can contribute massively to enhancing its security.
As mining operators continue to integrate IT and OT networks to enhance efficiencies, the threat of cyber attacks will only continue to grow. Fortunately, the gravity of the cyber threats facing them is dawning on the industry and operators are beginning to take the necessary steps to build IT-like resiliency and defend their systems.