Australia’s mining and industrial sectors have become prone to cybersecurity attacks.
Australia’s mining and industrial sectors are the powerhouse of our economy, and has played a key role in supporting communities and economies during the COVID-19 crisis. However, as mining, industry and exploration continues, these mega-giant organisations face increasing cybersecurity attacks through the convergence of OT and IT.
SOME organisations may think they’re an UNLIKELY target for cyber attack GiVEN THAT THEY HAVE HISTORICALLY OPERATED OFFLINE...
But as reliance on autonomous and digital technology grows, so too does the cybersecurity risk and the consequences go into the trillions of dollars.
PWC’s Global CEO Survey from 2020 showed that only 12% of mining and metal CEO’s were ‘extremely concerned’ about cybersecurity threats compared to 33% of leaders globally. Strangely, CEO concern has dropped significantly even as mining focused cybersecurity attacks have increased.
As more mining and industrial companies incorporate connected operational technology (OT) that is linked with information technology networks the potential of cybersecurity threats and attack vectors grows. The impact of these threats can be severe, resulting in production or revenue losses, harm to the environment, regulatory fines, reputational damage and constrained economic growth.
Additionally, COVID-19 has forced a fast update on industrial remote working and mining technology automation, as well as a reliance on third party providers who may have less secure corporate networks. For example, hackers may find entry to a company’s network via a supplier with weak cloud security perimeter and take access of OT connected critical mine safety systems, processing facilities or ventilation systems.
So how can large and small players in these industries protect themselves?
- Most importantly, enable multi-factor authentication (MFA): Australia’s questionable internet infrastructure means we need to seek cyber security systems that can work in online and offline environments at any given time. Security tokens for OT and IT networks can provide crucial coverage and an additional layer of defence through combining authentication methods to verify a user’s identity and prevent unauthorised access.
- Patch vulnerabilities across OT and IT. Given their remoteness, mining and industrial companies may miss patching their sensors or devices that sit in the OT systems. Processes, consistency and procedures around continual patching and monitoring of these remote devices ensures resiliency.
- Use a comprehensive access management tiering system to manage and control who has access and privilege to critical industrial control systems, and ensure these are continually reviewed against staff turnover. Some operators have thousands of staff, so ensuring access is removed and updated at continually will ensure only the right people can get into the system.
- Partner with a cybersecurity consultancy that has expertise in critical infrastructure, such as Loop Secure. Experts of this domain will know what technologies in the OT network are prone to attack, and will give you a head start on implementing the right cybersecurity technology to build a resilient OT/IT cybersecurity strategy.
Cyberattacks on mining and industrial companies in Australia can cause prolonged system outages that last weeks or even months, given the remoteness and isolation of our geography. These outages have significant safety, operational, reputational, financial, legal and regulatory implications for employees and stakeholders.
Loop Secure works with SecurID, a leading Identity and Access Management technology provider, to provide secure cloud and remote access and authentication methods to some of Australia’s largest mining and industrial companies.
SecurID has a Canberra based data centre of which all authentication data is stored, ensuring that Australian customer data is protected and kept on-shore, as well as online and offline authorisation options to provider 24/7 365 coverage to Australian mining and industrial companies.