No one knows exactly what the mine of the future will
look like, but we can be sure of one thing: it will be a target
for hackers.
Mining may not seem an obvious place for cyber-security risks, but the industry is transforming fast.
Brunswick Partner Carole Cable features in Mining Magazine discussing the cybersecurity threats facing the mining industry.
Axa Assurance Maroc - Insurer Innovation Award 2024
Precious ore, precious data
1. Get Rolling Today:
+1.504.300.1347
sales@center-lift.com
Launching a 550 ton
dredge into a tailings pond
using our Patented Stability
Control System.
Specializing in moving marine assets using
PNEUMATIC ROLLERS
CENTER-LIFT.COMalternative to other heavy launch methodsalternative to other heavy launch methodsalternative to other heavy launch methodsalternative to other heavy launch methods
FLEXIBLE, EFFICIENT, SAFE & ECONOMICAL
and our patented Stability Control System
MANAGEMENT
Precious ore, precious data
A digital future exposes mining to new threats
DATA MANAGEMENT
N
o one knows exactly what
the mine of the future will
look like, but we can be
sure of one thing: it will be a target
for hackers.
Mining may not seem an obvious
place for cyber-security risks, but the
industry is transforming fast. Com-
modity prices have fallen 52% since
2011 and mining productivity is
down 3.5% per year over the past 10
years, according to a 2015 McKinsey
report. In response, the industry has
turned to digital and technological
innovation to help preserve cash
in the short term, and capture value
over the long term.
Mining operations are often in
remote locations, with variations in
geology, metallurgy and weather
extremes. New technology is help-
ing mitigate such variability by low-
ering risk and cost while increasing
safety and productivity.
“We believe this to be the future
of mining,” says Pedro Fuenzalida,
innovation manager at Antofagasta
Minerals. Analytics can “deliver
a step change in productivity”, he
says.
Digital tools already move equip-
ment fleets and driverless trains,
schedule maintenance and manage
the global supply chain. Drones and
scanning equipment create 3-D
maps of underground areas, and
78
A bank of
servers at a data
centre: mining
companies’
information
could be less
secure than
managers realise
“Mining
may not
seem an
obvious
place for
cyber-
security
risks, but
the industry
is trans-
forming
fast”
2. September 2016www. .com
MANAGEMENT
underestimate the longer-term con-
sequences on reputation.
In 2012, Saudi Aramco revealed a
cyber assault on its systems, to “stop
the flow of oil and gas to local and
international markets,” Abdallah al-
Saadan, Aramco’s senior vice-presi-
dent of finance, strategy and devel-
opment, said at the time. While it
didn’t succeed, damage was done.
In 2015, Canadian company
Detour Gold was hacked, putting
at risk credit-card numbers and
employees’ personal data. And in
2016, Canada’s Goldcorp had 14.8
gigabytes of sensitive data accessed
and posted on a public website by
‘hacktivists’, with a message railing
against “corporate racism, sexism
and greed”.
One of the most prolific
hacktivists, Anonymous, this year
relaunched a campaign under the
guise of #OpCanary focusing primar-
ily on the military and mining indus-
tries. It defaced BCGold Corp’s web-
page and two days later did the
same to Kenyan Petroleum Refiner-
ies. While databases were not
breached and data wasn’t stolen, the
incident was embarrassing and ulti-
mately has an impact on reputation.
TOTALLY TRANSPARENT?
Meanwhile, the industry has been
poor at disclosure and communica-
tion of how it assesses, manages and
mitigates cyber risk.
Of the top 20 global mining com-
panies, just 12 mention cybersecu-
rity as a risk in their 2015 annual
reports. Among them, disclosure
varies widely: from a minimal state-
ment saying the topic was discussed
by the Audit and Risk Committee,
to a vague outline of the potential
impact of attacks. Only one classi-
fied a potential breach as a “reputa-
tional risk”.
While there is little debate about
the value of the data produced and
held, there is a difference of opinion
about how transparent to be with
that data. As we move from the
information age to the digital age
and most recently to the transpar-
ency age, mining companies need to
address the issue of how transparent
they want to be with their data,
given it is often commercially and
politically sensitive.
The balance between secrecy and
transparency may be shifting in the
quest for a transparent world, and
good communication holds the key
robots are being developed to mine
hard-to-reach resources.
For example: Rio Tinto’s fleet of
autonomous trucks has driven the
equivalent of 98 times around the
earth to deliver loads 24 hours a day,
and BHP Billiton intends to develop
apps for mobile devices to improve
communications and productivity
across the company.
“The team working in Shanghai
will develop a range of mobile appli-
cations that could include the capa-
bility for operators to re-plan crew
work in the field, check equipment
maintenance requirements and loca-
tion, immediately report potential
safety problems or even check
where and when people are travel-
ling,” says Diane Jurgens, BHP’s
chief technology officer.
As mining companies increasingly
become digitised to lower costs, and
improve productivity, safety and flex-
ibility, the risk to cyber security is
heightened as the data is increased
and becomes more valuable to the
business.
“Our operations are increasingly
digitised,” says Richard Williams,
chief operating officer of Barrick
Gold Corp. “Data flows from one
point to another, which makes it
open to attack,” he adds.
The fallout from a cyber attack
can have negative short-term finan-
cial impact, but companies often
79
www.paus.de
MinCa
> For real tough conditions underground
> Payload 4t
> Extremely versatile
All you ever wanted
while moving in a mine.
Visit us:
Noth hall, booth 1568
“Our operations
are increasingly
digitised. Data
flows from one
point to another,
which makes it
open to attack”
“The industry
has been
poor at
disclosure
and
communi-
cation of
how it
assesses,
manages
and
mitigates
cyber risk”
3. 80 MANAGEMENT
to foster stakeholder trust and
understanding of the company’s
approach to managing valuable data
and mitigating risk.
According to Kroll’s review of
2015 cyber-security breaches among
financial services, health care, retail
and education sector, 60% of the
reported cases were from human
error. While the review does not
include mining data, the statistics
are likely to be similar. Using effec-
tive internal communication to edu-
cate and empower employees to
protect the company’s valuable
information is as important as having
IT adding more padlocks. It is sur-
prising how many companies do
not consider communication in their
cyber-protection strategy.
Stakeholders want to know that
you are using data in a way to cre-
ate value and that you are doing
everything you can to ensure it
doesn’t fall into the wrong hands.
“Every company should have a
chief information security officer sit-
ting on the board and a written
information security plan ready,”
says Ingrid Hobbs, Insurance Group
partner at Mayer Brown.
The threat environment is becom-
ing increasingly complex as the list
of attackers include nation states,
criminal groups and activists, and
as increased public awareness puts
pressure on companies and boards.
As the mining industry depends
more on digital technology, stake-
holders will look for a balance
between transparency and secrecy,
creating value and protecting it. This
is not an IT issue; everyone in the
company must take responsibility.
“People see risk as a separate
subject managed by specialists,”
Williams adds. “But cyber risk being
managed by IT is the same as lead-
ership being managed by HR –
it feels like a function and is not
owned at the highest level of the
organisation.”
Booth 25331
LED Lights
For ConditionsFor ConditionsExtreme
Superior Vibration And Shock HandlingSuperior Vibration And Shock Handling
Teaming With
800.346.1956
WWW.JAMESONLLC.COM
Carole Cable is a partner in Brunswick’s London office and co-leads the Global Energy and Resources practice. A version of this article was
featured in the Brunswick Review Spotlight on Cybersecurity
‘Hacktivists’
could target
mining
companies
“Every
company
should have
a chief
information
security
officer
sitting on
the board
and a
written
information
security
plan ready”