Threat of cyber attacks to mining companies is on the rise
As if increased legislation, longer permitting times and a steady stream of opposition from anti-mining groups wasn’t enough to contend with now there is a report from Ernst & Young saying the threat of cyber-hacking is on the rise for mining companies.
The list of threats includes the usual suspects who would like to disrupt mining operations around the world, as well as criminals looking to manipulate the price of commodities through disruptions as well government and state-owned firms and even industry players looking for a leg up on the competition.
As the industry becomes more dependant on technology for everything from automated equipment to virtual offices and sites the opportunity to be hacked increases. In fact, more than 40 percent of metals and mining companies in the survey experienced a rise in external threats over the past 12 months.
“Criminals are attracted to the sector because of the massive cash flows,” the advisory firm said in its report.
While the threat exists industry wide, the report found that the most vulnerable miners are small to mid-sized companies who produce strategic metals such as rare earths, tin and tungsten. Many of the larger companies have tightened security in their systems over the past few years.
“The big miners have more sophistication in their risk management systems and probably have already experienced some degree of hacking activity in the last couple of years. For them it's a real life battle,” said Mike Elliott, Ernst & Young's global metals and mining leader.
Reuters reported that in 2009, former BHP Billiton Chief Executive Marius Kloppers told a U.S. diplomat in Melbourne he was worried about espionage by China and competitors like Rio Tinto, according to a report on a diplomatic cable released by WikiLeaks.
Elliott said one fairly large miner was hit by a cyber-attack in the past two years which it detected only by accident when it was examining the reliability of a piece of equipment in its supply chain.
The company discovered coding in the software for the equipment had been changed with an unauthorized amendment.
“It was designed to cause a problem that never eventuated because they picked it up,” Elliott told Reuters. He declined to name the company that was targeted or where it was located.
“There are a lot more victims of this sort of activity than would be reported, because people don't like to talk about when these things are detected,” he added.
Smaller miners are more vulnerable to cyber-hacking because they don't see themselves as targets, and as they look to cut costs they are increasingly using web-connected technology and automated systems that could be infiltrated.
Web sites are easy targets for political and social activists, or hacktivists. A hacker defaced and blocked access to rare earths producer Lynas Corp's web site last year as part of a campaign against the opening of a processing plant in Malaysia.
Lynas has since moved its web site in-house.
“It was a wake-up call for us to bring the web site under the control of IT and have them secure it in the same way as our internal networks,” said Gillian Kidson, Lynas Corp's general manager of IT told Reuters.