Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

More than physical intrusion

October 2017 Mining (Industry), Information Security

By Sean Duffy, executive of security solutions for MEA at Dimension Data.

Mining and manufacturing sectors are becoming increasingly vulnerable to cyber attack. This is highlighted in Dimension Data’s Global Threat Intelligence Report for 2017, where it was revealed that the manufacturing sector was second only to the finance industry on the list of most attacked sectors in the Middle East and Africa region in 2016. In fact, manufacturing featured amongst the top three targets for five out of the six global regions.

Sean Duffy.
Sean Duffy.

Sectors like mining and manufacturing are fast becoming a favourite with cybercriminals and it’s not difficult to see why. Most manufacturing systems today were made to be productive, with funds traditionally spent on upgrades for productivity rather than cybersecurity.

OT environments are at risk

Taking a closer look, mining and manufacturing plants are run by operational technology (OT) which controls the physical devices within the plant. These environments are generally operated by the engineering function, independent of the enterprise network run by IT in the organisation. This is problematic, because historically manufacturers have not been security focused.

To complicate matters further, most operational technology was introduced into our mines 20 or 30 years ago when there was little risk of a cyber attack. The result is that the necessary IT systems to prevent cyber attacks simply weren’t put in place. This includes failing to introduce measures to authenticate the traffic between the various devices contained in the plant and the logical security application of segmenting networks.

This threat to the OT environment is being exacerbated by the proliferation of the Internet of Things (IoT). With digital transformation on the rise, organisations are deploying applications and devices that interact with business operations to enhance business outcomes.

For mining and manufacturing this means connecting IT and OT systems securely into one enterprise network to enable boundless information flow for real-time, informed decisions.

The move from isolated devices to Internet-enabled platforms that can communicate with each other creates entirely new cybersecurity risks. Critical systems are now exposed and vulnerable to information attacks and Denial of Service (DDoS) attacks.

The consequences can be devastating

It is estimated that by 2020 there will be more than 40 billion devices connected to the Internet. And particularly concerning for South Africa is that 21% of all IoT attacks originated in the MEA region in 2016, according to the Global Threat Intelligence Report.

When connecting the digital and physical worlds, new data sources need to be considered as both a source and target of an attack.

While in the past, cyber attacks have been largely focused on targeting confidentiality of information, we are now seeing a shift towards the availability and security aspect of IT. This is particularly relevant in the OT environment, where an attack on the technology can bring an organisation to a standstill. Critical services are all controlled via automation and operational technologies, and the impact on their availability has an adverse effect on consumers of these services. For example, if the power grid should be made unavailable because of a cyber attack, electricity would become unavailable to all consumers, ultimately impacting the economy of the country.

This requires a new approach to securing OT environments. A consultation process is needed to understand what the impact on the business would be should its OT environment come under attack as well as the cybersecurity requirements to prevent attacks. These requirements include the discovery of elements that form part of the OT network, build and design based on security principles, controls for segregation, monitoring, access control and endpoint protection. Penetration tests should also be run to uncover cybersecurity gaps, allowing for advice on technical solutions to cover those gaps, and assisting manufacturers to implement controls to manage their entire IT security.

It is critical that OT form part of an overall enterprise cybersecurity strategy. This will enable manufacturing and mining organisations to take advantage of the benefits of the digital era, while still ensuring that they have invested in the required measures to protect their OT environment from becoming the soft target of a cybersecurity attack.





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Digital transformation in mines
NEC XON Technews Publishing Mining (Industry)
Digital transformation has been hyped to death, but is a reality all companies in all industries need to address, including the mining sector. BCX and NEC XON weigh in on the challenges mines face.

Read more...
Fire safety in mining
Technews Publishing Mining (Industry)
Clinton Hodgson, Head of the Industrial Fire & Life Safety Division at FS Systems International, provides SMART Security Solutions with his insights into fire safety risks and solutions as they pertain to the mining industry.

Read more...
Leading products, trustworthy service
Mining (Industry)
First Distribution Digital Security & IoT aims to be the leading value-added distributor of IP video, advanced video analytics, high-density storage solutions, access control, fire detection, public address, IoT, and networking products in Africa.

Read more...
Key and asset management for mining
Traka Africa Mining (Industry)
Traka specialises in intelligent management solutions for keys and equipment, helping organisations control their important assets, improving productivity and accountability, and reducing risk in critical processes.

Read more...
Cybersecurity in mining
Technews Publishing Mining (Industry)
One does not usually associate mining with cybersecurity, but as big technology users (including some legacy technology that was not designed for cyber risks), mines are at risk from cyber threats in several areas.

Read more...
Directory of Product and Solution Suppliers
Mining (Industry)
The Directory of Product and Solution Suppliers for the mining industry includes the details of companies that provide products, advice and services to the mining sector, primarily, but not limited to the areas of security and risk.

Read more...
Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Read more...
Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

Read more...
Mines require proof of performance
Technews Publishing Mining (Industry)
The relatively hostile environment and remote locations of mining establishments mean that any electronic/technical implementations have to be easily installed, require little or no maintenance and, once commissioned, require no adjustment.

Read more...
Container conversions for access control
BoomGate Systems Mining (Industry)
The container conversions available from Boomgate Systems offers instant onsite secure access control points for industries and applications such as mines and remote locations where construction projects might be underway.

Read more...











SMART Security Business Directory



Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.