Automation raising mine hack risk: EY
Miners have big gaps in their computer networks that would be easily found by motivated hackers, according to an EY report.
Staff reporter
This looks like helpful software
26 MARCH 201826/03/2018commentsshareEY said the move to more technologically advanced mine operating systems had been good for productivity but suggested some networks and even workstations were openly accessible online, with gaps coming because of lax standards away from miners' head offices.
The fear of data intruders is not unreasonable.
Zinc project galvanises White Rock
SPONSOREDWhite rock minerals
Millennial Lithium building Grandes plans
SPONSOREDMillennial lithium
Cobalt 27 charges up for transition
SPONSOREDCobalt 27
Valor Resources identifies significant high grade mineralisation...
SPONSOREDValor resources ltd
According to EY data, 55% of energy and resources companies surveyed had "experienced a significant cybersecurity incident" in the 12 months to the September quarter of 2017.
While this isn't defined, examples include the Goldcorp (CN:G) data dump in 2016 and, more recently, hackers shutting down a Schneider automation system in an unnamed industrial plant (likely in Saudi Arabia, according to Reuters).
Operations are open to disruption because they are vulnerable.
"Critical operational technology systems, networks and workstations are excessively accessible from the corporate network (in the worst case, from the internet) due to network segregation gaps," the report said.
Obviously, EY pitches its own expertise in handling the problem.
"We estimate that mining companies are in fact lagging the rest of the energy sector by several years in how they protect operational technology," mining and metals cyber chief Michael Rundus said.
"If companies continue to take an ad hoc approach to cybersecurity, or act when it is too late to manage vulnerabilities, cyber risk could be the downfall of organisations' productivity gains and digital advancement aspirations."
The firm's survey said 48% of the 1,200 executives surveyed found were doubtful their company would even work out a "sophisticated" hack had happened.