FEATURE: How Susceptible is the Mining Industry to IT Security Risks?

The last few years has seen an influx in technological advances for the mining industry. Companies like Rio Tinto and BHP Billiton are leveraging innovative equipment such as autonomous vehicles and simulation technology to their advantage.

However, the one emerging problem no one is paying attention to is breach of information.

In 2013 Ernst & Young Global Limited conducted a Global Information Security Survey and found almost 41 percent of the mining and metals respondents experienced an increase in external threats over the past 12 months. Not to mention, 28 percent experienced an increase in internal vulnerabilities over the same period.

Cyber hacking and breach of information has become one of the biggest concerns to the mining and metals sector. The threat, believe it or not, is real.

"On a scale of one to 10, we saw examples at nine, and examples at one. SCADA [the protocol used by large-scale industrial control systems] is an example where a lot of organizations don't even understand that it's IT," said Mike Rothery, first assistant secretary in the National Security Resilience Policy Division of the Attorney-General's Department, and secretary to the government's Cyber Security Operations Board.

The industry, which boasts one of the largest cash flows on investments, has the least developed understandings of managing IT security risks – and it shows.

According to a recent report by ZDNet, discussion between the Australian government and the mining industry has exposed the sector as a spotty security landscape.

"I've certainly had some discussions with CIOs of utilities who show me their map of their IT environment, and all the controls they have ... and the background checking they do on people that work in the accounts area and the call centre and so forth, and then you say to them, 'There's nothing on here with your SCADA system. Where's your engineering side of it?' 'Oh that's not IT. That's the engineers. That's not a problem, because they're not interconnected’,” Rothery told the Gartner Security and Risk Management Summit in Sydney,

"When you go to see the chief engineer, he’ll say, well they used to not be interconnected, but when they took out all the analogue systems and they needed to put it on an IP-based system, we weren't going to put in a separate IP-based network. We just dumped it onto the corporate network. The CIO doesn't even know it's there'," Rothery said.

The use of automated equipment has placed companies at the mercy of unscrupulous cyber hackers looking for their next big cache of private information. Criminals understand the increasing dependence mining companies have on technology, and are actively looking for ways to threaten the denial of access to data, processes and equipment.

Although cyber criminals have yet to figure out a way to make money from hacking mining databases, the potential is there.

"The number of attacks on SCADA systems that everyone agrees have happened is probably in the 15 to 20 mark, compared to other forms of cybercrime and cyber espionage, it's minuscule, but it's just got this huge potential for the vulnerabilities."

Where there’s a will there’s a way, and cyber hackers are notorious for finding a way.

Look at Target for example. One of the biggest retail hacks in U.S. history wasn’t particularly inventive, nor did it appear destined for success, but it happened. The hack stole 40 million credit card numbers, 70 million addresses, phone numbers, and other pieces of personal information in the blink of an eye.

If there’s a message to be learned here it’s that mining companies need to start paying special attention to their data and how it’s protected. Just like their massive mining operations and infrastructures, companies need to build their IT systems in a similar fashion.

Are mining companies susceptible to security IT risk? In the words of Walter White, “You’re god---- right.”