Cybersecurity in mining

SMART Mining Security Solutions 2024 Mining (Industry)

One does not usually associate mining with cybersecurity, but as big technology users (including some legacy technology that was not designed for cyber risks), mines are at risk from cyber threats in several areas. One area of high risk is the industrial machinery used every day that is now being connected to networks and even the Internet, sometimes inadvertently, and offers tempting targets for sabotage or ransomware from cybercriminals.

Another, arguably more modern area is the IoT (Internet of Things). Devices that provide data from every corner of a mine, from water and smoke sensors to video cameras that can produce large volumes of data, and the ability to collect and analyse this data centrally produces valuable intelligence for security, operations, and business planning. Naturally, being connected, they are also at risk from cybercriminals. After all, who thinks of cybersecurity when it comes to a water sensor?

Kyle Pillay, Security Operations Centre (SOC) Manager at Datacentrix, notes, “In today’s digital world, the evolution of the internet and the interconnectedness of everything through technologies like the internet of things (IoT) have brought about a levelling of the cybersecurity field. No particular industry is immune to cyberattacks like phishing, CEO fraud, and financial scams, and this includes the mining sector. Should a hacktivism group take umbrage against one of your initiatives or investments, for example, you will be targeted.” “Within the mining environment, the consequences of data theft and exposure would be mostly legislative, based on the regulations of the specific territory like South Africa’s Protection of Personal Information Act (PoPIA) or the General Data Protection Regulation (GDPR) in the European Union. If, as an organisation, you do not have the proper controls and measures in place, you could face fines and even imprisonment.”

The risks are particularly high within the mining environment. For example, cyberattackers could access machinery on assembly lines through IoT vulnerabilities, allowing them to change programmable logic controllers (PLCs), which control different electro-mechanical processes. Workers could be harmed should an attacker change sequences or bring lines completely to a halt. This could even be life-threatening in a scenario where, for example, an attack causes the shutdown of a heating, ventilation and air conditioning (HVAC) system.

Operational tech not designed for a short lifespan

Pillay continues that operational technology (OT) is generally manufactured to have a long lifespan. Systems were built to last 20 to 30 years and were operated in segregation and are now being increasingly targeted by cybercriminals. Historically, these environments have used the Purdue Model, a structural framework for industrial control system (ICS) security that concerns the segmentation of physical processes, sensors, supervisory controls, operations, and logistics. However, this model, developed in the 1990s, does not address some of the more modern challenges and requirements of ICS environments, such as the emergence of new, sophisticated cyber threats targeting OT systems and exploiting their vulnerabilities.

Because mining businesses now want to be able to access valuable data within their environments for reporting, there is – by default – an interconnection between IT and OT solutions. This can widen the attack surface, should the necessary controls not be in place. For instance, you may be using a computer running Windows 7 that works perfectly well for what is required, but this access point is vulnerable. The solution could be overlaying a secure network between the IT and OT environments, meaning that the equipment being run does not need to be changed, and you can still access the intelligence needed for reporting. It could even be as simple as rolling out a web application firewall (WAF) to reduce risk or using local machines to patch vulnerabilities.

“Security solutions could include management software for the OT stack, which would offer protection to some extent and also bring out key performance indicators to consider, such as potential areas of improvement,” adds Pillay. This would need to be done on a separate management layer, with virtual patching. It could be as straightforward as implementing a web application firewall (WAF), which will protect against exploits on the application layer, while still maintaining segmentation with IP and port control on the network layer, thereby mitigating IT risks to within acceptable levels.

Digital transformation security

As mines adopt digital transformation, data becomes more important and analysing data from equipment out in the field, geological surveys, etc., can provide invaluable information. What data protection solutions and processes should they be implementing? These systems also need protection, which should be designed into the solutions from the start.

“There are a number of data protection solutions and processes that could be rolled out by mining organisations to assist with the safe gathering and analysing of data from equipment out in the field,” states Pillay. “For instance, identity access and management (IAM) is key. An IAM solution would ensure that only the right people have access to devices and are able to bring data back into the environment for analysis. Multifactor authentication (MFA) is also critical here to ensure that users are not being spoofed – where an unknown source poses as a known, trusted source - or impersonated by a cybercriminal.”

Not only external threats

It is not only threat actors outside the company that pose a threat to mines. Insider threats are naturally a constant cause for concern in any industry, and the payroll departments within mining businesses are no strangers to malicious activity, from ghost workers to blatant fraud. A cybersecurity strategy must also include policies, processes and applications designed to curb insider mischief without preventing people from doing their jobs.

Pillay says data loss prevention (DLP) is critical to circumventing insider threats. DLP assists with data classification, identifying and helping to prevent unsafe or inappropriate sharing, transfer, or use of sensitive data. DLP also helps to determine data classification – identifying sensitive data– as well as the movement of said data. For example, DLP can determine whether a user is allowed only to upload to a database or if they may also email it.

Datacentrix’s cybersecurity offerings

Highlighting the security services Datacentrix offers, Pillay says, “Datacentrix offers comprehensive, end-to-end security services and solutions. This includes a cybersecurity operation centre-as-a-service, which entails threat monitoring and management, endpoint protection services, a firewall-as-a-service option, privileged access management (PAM), email security, identity access and management (IAM), vulnerability management, brand protection (dark web monitoring), and cyber advisory services.

“In addition, Datacentrix is able to assist with incident response recovery, where in the case of a ransomware attack, the organisation would carry out isolation, investigation, remediation and eradication services, as well as help businesses to restore their data. Essentially, the company’s managed services approach means that it can deliver the people, processes, and technologies needed to meet clients’ cybersecurity needs.”

For more information go to


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

From the editor's desk: AI and events
Technews Publishing News & Events
      Welcome to the 2024 edition of the SMART Surveillance Handbook. Reading through this issue will demonstrate that AI has undoubtedly made its mark on the surveillance industry. Like ‘traditional’ video ...

The TCO of cloud surveillance
DeepAlert Verifier Technews Publishing Surveillance Infrastructure
SMART Security Solutions asked two successful, home-grown cloud surveillance operators for their take on the benefits of cloud surveillance to the local market. Does cloud do everything, or are there areas where onsite solutions are preferable?

Surveillance on the edge
Axis Communications SA Guardian Eye Technews Publishing Surveillance
Edge processing, a practical solution that has been available for some time, has proven its utility in various scenarios, tailored to the unique requirements of each user.

AI developments in surveillance
DeepAlert Secutel Technologies Technews Publishing Surveillance
When AI-powered video analytics first emerged in the surveillance market, it was heralded as a game-changer, promising near-magical object recognition and identification. As always, it was oversold, but times have changed and we are close to seeing the ‘magic’ at work.

Putting cyber into surveillance
Dallmeier Electronic Southern Africa Cathexis Technologies Technews Publishing Editor's Choice
Cybersecurity has become an essential part of the physical security industry. However, unlike other IoT technologies, of which security products are a part, surveillance technologies have more to protect.

Digital transformation in mines
NEC XON Technews Publishing Mining (Industry)
Digital transformation has been hyped to death, but is a reality all companies in all industries need to address, including the mining sector. BCX and NEC XON weigh in on the challenges mines face.

Fire safety in mining
Technews Publishing Mining (Industry)
Clinton Hodgson, Head of the Industrial Fire & Life Safety Division at FS Systems International, provides SMART Security Solutions with his insights into fire safety risks and solutions as they pertain to the mining industry.

Leading products, trustworthy service
Mining (Industry)
First Distribution Digital Security & IoT aims to be the leading value-added distributor of IP video, advanced video analytics, high-density storage solutions, access control, fire detection, public address, IoT, and networking products in Africa.

Key and asset management for mining
Traka Africa Mining (Industry)
Traka specialises in intelligent management solutions for keys and equipment, helping organisations control their important assets, improving productivity and accountability, and reducing risk in critical processes.

Directory of Product and Solution Suppliers
Mining (Industry)
The Directory of Product and Solution Suppliers for the mining industry includes the details of companies that provide products, advice and services to the mining sector, primarily, but not limited to the areas of security and risk.