Safeguarding Operations Amid Digital Threats

The year 2024 marked a pivotal shift in the mining sector's approach to cybersecurity, with the issue reemerging as a major concern in EY’s Risks and Opportunities Survey 2024, where it secured the eighth position. This renewed focus on cybersecurity is largely driven by the sector's increased digitization, the widespread adoption of remote work, and escalating geopolitical tensions.

Digitization has led to a significant rise in cyberattacks, with incidents increasing by 15% in 1H24 compared to the same period in 2023. According to cybersecurity firm SILIKN, there were 1.5 million hacking attempts, underscoring the urgent need for the industry to enhance its protection against these digital threats.

Marcos Lopes, Partner and Managing Director for Mining & Metals, EY, noted that EY's survey data showed 40% of corporate boards express confidence in their understanding of the most critical risks facing their organizations. Paul Mitchell, Global Mining & Metals Leader, EY, emphasizes the importance of this awareness, noting that a deep understanding of the current cyber risk landscape and emerging threats is essential for ensuring reliable and resilient operations.

David Tintor, Director of Operations, TBSEK, pointed out that the mining sector faces unique challenges related to equipment obsolescence. Unlike other industries, mining equipment is typically designed to last up to 30 years. “The challenge of obsolescence in mining is complex; it is not just about outdated software. While cyber threats evolve rapidly, production lines installed 10 or 15 years ago were not designed to counter the sophisticated techniques used by today’s cybercriminals,” Tintor explained in an interview with MBN.

Alexandro Fernández, OT Cybersecurity Executive Director, Intelligent Network, agrees with Tintor’s vision adding that cybercriminals see opportunities in outdated operational technology (OT) that has not been updated. “As companies seek to connect these systems to the internet, they expose themselves to increased risk,” he adds. 

Tintor noted that mining companies are particularly attractive targets for cybercriminals due to the easily quantifiable nature of potential damages, adding that for a mining company, if cyber criminals disable a mill, every second of downtime costs approximately US$5.97. "I had the unfortunate experience of having a mill shut down for weeks in a project I investigated due to a cyberattack that entered through the IT infrastructure. Due to the significant convergence with OT, it reached the control systems," Lopes testified.

Tintor notes that cybercrime has become such a lucrative business that the average salary for an attacker is approximately €50,000 (US$55,430) per month, plus the success of their operations. He also highlights that attacks on the sector have increased by 300%. 

As for the origin of such cyberattacks, Fernández notes they are usually linked to certain national governments. On the other hand, Tintor highlighted that while drug trafficking once reached the status of the sixth-largest economy in the world, cybercrime is now approaching the third position. In 2023, cybercrime surpassed drug trafficking in scale, and some organized crime groups are even seeking to diversify into cybercrime. 

Fernández said that while surveys are important and illustrative, sometimes they fall short because some companies do not report when a cyberattack happens and how it happened, which makes it harder to evaluate the real state of cybersecurity in the mining sector. Nonetheless, experts agree that the mining sector is relatively mature in terms of cyber resilience as the sector is well trained in other security measures for the physical world. “We saw it in Acapulco during Hurricane Otis: miners were able to significantly reduce the risk within a couple of days after the hurricane,” Tintor notes. 

Alexandro stressed that cybersecurity is not an option, it is a necessity if companies want to operate safely. He also notes that one of the key actions to take is conducting an assessment that includes OT, evaluating the existing technologies, network configurations, interconnections, and protection measures. A second crucial point is having a robust incident response team with the experience and skills necessary to handle threats, acknowledging that there are very few such experts available. Additionally, visibility is critical; it is essential to understand which assets are connected, the protocols in use, and how everything is interconnected. 

Fernández says there are many frameworks available, and while he would advise adopting one, it should be tailored to fit specific operations. Similarly, Lopes adds that it is important to educate people working in each business division, so they understand why there is a specific way to perform their tasks.