Cybersecurity in mining

SMART Mining Security Solutions 2024 Mining (Industry)

One does not usually associate mining with cybersecurity, but as big technology users (including some legacy technology that was not designed for cyber risks), mines are at risk from cyber threats in several areas. One area of high risk is the industrial machinery used every day that is now being connected to networks and even the Internet, sometimes inadvertently, and offers tempting targets for sabotage or ransomware from cybercriminals.

Another, arguably more modern area is the IoT (Internet of Things). Devices that provide data from every corner of a mine, from water and smoke sensors to video cameras that can produce large volumes of data, and the ability to collect and analyse this data centrally produces valuable intelligence for security, operations, and business planning. Naturally, being connected, they are also at risk from cybercriminals. After all, who thinks of cybersecurity when it comes to a water sensor?

Kyle Pillay, Security Operations Centre (SOC) Manager at Datacentrix, notes, “In today’s digital world, the evolution of the internet and the interconnectedness of everything through technologies like the internet of things (IoT) have brought about a levelling of the cybersecurity field. No particular industry is immune to cyberattacks like phishing, CEO fraud, and financial scams, and this includes the mining sector. Should a hacktivism group take umbrage against one of your initiatives or investments, for example, you will be targeted.” “Within the mining environment, the consequences of data theft and exposure would be mostly legislative, based on the regulations of the specific territory like South Africa’s Protection of Personal Information Act (PoPIA) or the General Data Protection Regulation (GDPR) in the European Union. If, as an organisation, you do not have the proper controls and measures in place, you could face fines and even imprisonment.”

The risks are particularly high within the mining environment. For example, cyberattackers could access machinery on assembly lines through IoT vulnerabilities, allowing them to change programmable logic controllers (PLCs), which control different electro-mechanical processes. Workers could be harmed should an attacker change sequences or bring lines completely to a halt. This could even be life-threatening in a scenario where, for example, an attack causes the shutdown of a heating, ventilation and air conditioning (HVAC) system.

Operational tech not designed for a short lifespan

Pillay continues that operational technology (OT) is generally manufactured to have a long lifespan. Systems were built to last 20 to 30 years and were operated in segregation and are now being increasingly targeted by cybercriminals. Historically, these environments have used the Purdue Model, a structural framework for industrial control system (ICS) security that concerns the segmentation of physical processes, sensors, supervisory controls, operations, and logistics. However, this model, developed in the 1990s, does not address some of the more modern challenges and requirements of ICS environments, such as the emergence of new, sophisticated cyber threats targeting OT systems and exploiting their vulnerabilities.

Because mining businesses now want to be able to access valuable data within their environments for reporting, there is – by default – an interconnection between IT and OT solutions. This can widen the attack surface, should the necessary controls not be in place. For instance, you may be using a computer running Windows 7 that works perfectly well for what is required, but this access point is vulnerable. The solution could be overlaying a secure network between the IT and OT environments, meaning that the equipment being run does not need to be changed, and you can still access the intelligence needed for reporting. It could even be as simple as rolling out a web application firewall (WAF) to reduce risk or using local machines to patch vulnerabilities.

“Security solutions could include management software for the OT stack, which would offer protection to some extent and also bring out key performance indicators to consider, such as potential areas of improvement,” adds Pillay. This would need to be done on a separate management layer, with virtual patching. It could be as straightforward as implementing a web application firewall (WAF), which will protect against exploits on the application layer, while still maintaining segmentation with IP and port control on the network layer, thereby mitigating IT risks to within acceptable levels.

Digital transformation security

As mines adopt digital transformation, data becomes more important and analysing data from equipment out in the field, geological surveys, etc., can provide invaluable information. What data protection solutions and processes should they be implementing? These systems also need protection, which should be designed into the solutions from the start.

“There are a number of data protection solutions and processes that could be rolled out by mining organisations to assist with the safe gathering and analysing of data from equipment out in the field,” states Pillay. “For instance, identity access and management (IAM) is key. An IAM solution would ensure that only the right people have access to devices and are able to bring data back into the environment for analysis. Multifactor authentication (MFA) is also critical here to ensure that users are not being spoofed – where an unknown source poses as a known, trusted source - or impersonated by a cybercriminal.”

Not only external threats

It is not only threat actors outside the company that pose a threat to mines. Insider threats are naturally a constant cause for concern in any industry, and the payroll departments within mining businesses are no strangers to malicious activity, from ghost workers to blatant fraud. A cybersecurity strategy must also include policies, processes and applications designed to curb insider mischief without preventing people from doing their jobs.

Pillay says data loss prevention (DLP) is critical to circumventing insider threats. DLP assists with data classification, identifying and helping to prevent unsafe or inappropriate sharing, transfer, or use of sensitive data. DLP also helps to determine data classification – identifying sensitive data– as well as the movement of said data. For example, DLP can determine whether a user is allowed only to upload to a database or if they may also email it.

Datacentrix’s cybersecurity offerings

Highlighting the security services Datacentrix offers, Pillay says, “Datacentrix offers comprehensive, end-to-end security services and solutions. This includes a cybersecurity operation centre-as-a-service, which entails threat monitoring and management, endpoint protection services, a firewall-as-a-service option, privileged access management (PAM), email security, identity access and management (IAM), vulnerability management, brand protection (dark web monitoring), and cyber advisory services.

“In addition, Datacentrix is able to assist with incident response recovery, where in the case of a ransomware attack, the organisation would carry out isolation, investigation, remediation and eradication services, as well as help businesses to restore their data. Essentially, the company’s managed services approach means that it can deliver the people, processes, and technologies needed to meet clients’ cybersecurity needs.”


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

From the Editor's desk: The good, the bad, and the victims
Technews Publishing News & Events
When the Internet first arrived, everyone was expecting amazing things from it, well, everyone who knew what it was and how it worked. We had the dotcom boom and bust, and it’s fair to say that if we ...

Read more...
Data resilience at VeeamON
Technews Publishing SMART Security Solutions Infrastructure Information Security
SMART Security Solutions attended the VeeamON Tour in Johannesburg in August to learn more about data resilience and Veeam’s initiatives to enhance data protection, both on-site and in the cloud.

Read more...
Identity, Security & Access Alliance focuses on intelligence and integration
SMART Security Solutions Ideco Biometrics BoomGate Systems Bosch Building Technologies Technews Publishing Integrated Solutions Surveillance Access Control & Identity Management
The Identity, Security & Access Alliance (ISAA) hosted several launch events in Johannesburg in August, showcasing the participating companies’ technical solutions with a primary focus on the solutions made possible by integrating high-quality systems to deliver comprehensive solutions.

Read more...
Get the AI fundamentals right
Technews Publishing SMART Security Solutions Leaderware Editor's Choice Surveillance AI & Data Analytics
Much of the marketing for CCTV AI detection implies the client can just drop the AI into their existing systems and operations, and they will be detecting all criminals and be far more efficient when doing it.

Read more...
SMART Surveillance Conference in Johannesburg
Arteco Global Africa Technews Publishing SMART Security Solutions Axis Communications SA neaMetrics Editor's Choice Surveillance Security Services & Risk Management Logistics (Industry) AI & Data Analytics
SMART Security Solutions hosted its annual SMART Surveillance Conference in Johannesburg in July, welcoming several guests, sponsors, and speakers for an informative and enjoyable day examining the evolution of the surveillance market.

Read more...
Directory of suppliers
Technews Publishing SMART Security Solutions Fire & Safety
The Directory of Product and Solution Suppliers for the fire safety industry includes details of companies that provide security and risk mitigation products, advice, and services within this market.

Read more...
Fire safety in commercial kitchens
Technews Publishing Kestrel Distribution Products & Solutions Fire & Safety Commercial (Industry)
Fire safety in commercial kitchens is becoming increasingly critical. Defender is Europe’s first EN 17446:2021-approved kitchen hood fire suppression system and offers the indispensable safety measures required.

Read more...
From the editor's desk: Regulations, standards and skills, but poor enforcement
Technews Publishing SMART Security Solutions Fire & Safety
South Africa depends on the carrot approach to fire safety; in other words, businesses choosing to do the right thing, as the stick (or enforcement of regulations) is unfortunately lacking.

Read more...
SMARTpod talks to Sophos and Phishield
SMART Security Solutions Technews Publishing Sophos Videos Information Security News & Events
SMARTpod recently spoke with Pieter Nel, Sales Director for SADC at Sophos, and Sarel Lamprecht, MD at Phishield, about ransomware and their new cyber insurance partnership.

Read more...
From the editor's desk: Showtime for Securex
Technews Publishing News & Events
We have once again reached the time of year when the security industry focuses on Securex. This issue includes a short preview, with more coming online and via our special Securex Preview news briefs. ...

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.