Miners’ adoption of new tech heaps up security threats

Miners have long been early adopters of technology to improve efficiency and safety in an industry historically viewed as dangerous, lucrative and technically challenging.

But while the uptake of new technologies — such as Internet of Things (IoT) systems linking automated vehicles, supply chains and quality monitoring — can improve productivity, poor implementation can leave them open to hackers and other malicious actors.

“There are a number of challenges around connectivity, cyber security, skills, data management and investment that miners must overcome to realise [IoT’s] potential,” says Nicholas Prevost, global mining director at satellite provider Inmarsat.

A recent report by Inmarsat found that 95 per cent of respondents in the mining sector were trialling internet-enabled projects, with two-thirds already deploying at least one IoT-based project. That reflects the wide variety of ways in which IoT can be deployed, says Charles Henderson, global head of IBM’s X-Force Red, a team of veteran hackers that tests cyber defences. “We’re seeing these giant [mining] vehicles becoming increasingly autonomous, all the way from the digging to transportation,” he says.

53% felt their ‘IoT cyber security defences were not a priority for their organisations and could be vastly improved’

Automated haulage is one of the most common goals for mining companies — close to 50 per cent of survey respondents say they have either already tried or are currently trialling the technology. Other applications include monitoring water quality, dust levels and driver fatigue.

“Miners now have the opportunity to monitor and analyse thousands of data points, to make more informed decisions faster than ever before, leading to better management and reduced risk,” says Mr Prevost.

However, wider adoption of such technology presents a number of challenges, including the need for reliable connectivity, says Mr Prevost. “Mining activity — be it exploration or production — is typically located in remote areas, so satellite connectivity is increasingly important in ensuring miners receive their data in near real-time.”

Connectivity in turn comes with its own “large risk pool” for companies, warns Mr Henderson, including its vulnerability to hackers. “The same underlying code is in this critical infrastructure as in other versions of IoT. The underlying technology is shared,” he says.

The sector has been targeted in the past. A 2017 report by FireEye, a cyber security group, found that mining companies in North America were regular victims of attacks designed to capture corporate business data that was then used to extort a ransom.

That threat of industrial espionage is heightened with IoT systems, says Mr Henderson. Devices such as smart sensors could be used as a bridge for attackers to make connections to other products on the same wireless network, including computers containing potentially sensitive information.

More physically destructive exploitation of IoT vulnerabilities is also possible. “People who have a vested interest in the failure of an organisation [could take control of a vehicle],” suggests Mr Henderson.

Such attacks may sound like the stuff of bad science fiction, but there is precedent in the industrial IoT space. Stuxnet — a cyberweapon deployed by the US and Israel against Iran’s nuclear programme in 2010 — provided a case study in the costs and harm posed by hackers in the real world.

Concerns about the potential exploitation of IoT vulnerabilities were highlighted by the findings of the Inmarsat survey, with only half of respondents partnering with cyber experts to strengthen their defences. A third of respondents said they conducted regular patches of their network — a vital step to prevent hackers from exploiting out-of-date systems.

Some 53 per cent of respondents felt their IoT cyber security defences were “not a priority for their organisations and could be vastly improved”, says Mr Prevost. One explanation for this oversight, he says, is a lack of personnel with sufficient IoT cyber security knowledge (64 per cent of respondents said this was the case).

For Mr Henderson, the rapid development of IoT deployment in the mining sector calls for significant upgrades to security. “These systems need to be properly secured so not just anyone can pop in,” he says. While IoT offers many benefits to mining companies, he says protecting the systems must be at the centre of their work, not an afterthought.