Mining companies caught flat-footed by cyberattacks

Attackers are seeking business secrets and trying to disrupt supply chains, according to an Ernst & Young survey

Mining companies increasingly are being targeted by hackers trying to steal information and disrupt operations, as the metals industry expands its dependence on Internet-connected systems to reduce costs, according to an Ernst & Young survey.

Of the 39 mining companies that responded to the company's Global Information Security Survey, 41 percent said they faced a rising number of external threats, including cyber-incidents.

Mining companies have tended to focus on the tools of the trade, such as trucks and graters, even though IT has increasingly been used to control that equipment in the past decade, said Mike Elliott, global mining and metals leader for Ernst and Young.

"They don't see themselves like consumer organizations that hold large amounts of credit card details," Elliott said. "They're not like a financial institution sitting on large amounts of cash and security. Hence they think they're not really a target."

Safety systems and sensors are increasingly being linked to the Internet, which has saved mining companies money but created new avenues for attack, the survey found. Mining companies often don't realize how reliant they are on IT, Elliott said.

The mining sector may not have accepted that there are certain "non-negotiable infrastructure costs" associated with increased dependence on IT, he said.

The merging of operations technology with information technology has provided hackers a path to the operation systems from the Internet, the report says. The operations systems become "inherently less secure, as many old systems were not developed with security in mind."

Computer security experts have warned for years that industrial control systems used by utilities, manufacturers and the energy industry are vulnerable to attacks due to buggy software and infrequent patches.

The motivations for attacks are varied. Activists alarmed by mining activities may use them to expose confidential information or create "communications mischief, such as defacing websites or triggering false announcements," the report said.

Some hackers hunt for information about business deals, while others seek to disrupt the metals markets for profit. Copper is a particularly price-sensitive metal due to tight supply, and the closure of one or two mines can cause its price to spike, Elliott said.

Having access to information about those closures before it is made public could therefore be valuable.

"If someone is taking an appropriate derivative position on the LME [London Metal Exchange], they could profit in doing so," Elliot said.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags intrusionErnst & Young

More about Twitter

Show Comments
[]