Security is more than just a bit of a byword on site.
Whether it is securing your actual mine from trespassers, activists or potential illegal miners (in the case of South America and Africa), or just trying keep the wrong people out of your computer network, security is key.
And with automating processes and getting a single network for all of a business’ operations the goal of many companies right now, ensuring your information is secure is becoming even more important.
But one of the main hurdles in the industry at the moment is the fact that many companies do not recognise or realise the importance of network security and how the wrong people accessing their networks can have long ranging affects, particularly in this age of greater interconnectedness.
Speaking to Sourcefire’s Australian-New Zealand regional director Chris Wood, he explained that companies have to pay attention to who has access to their networks, and how.
While it may seem a little unrelated to the mining industry, cyber security is starting to become as vital as ensuring your machinery is operating at full capacity, particularly SCADA networks, which can be more vulnerable.
“Most of our job now is actually trying to educate the mining companies of this risk,” Wood told Ferret.
He explained that “there has been an increasing number of mines using SCADA, and their networks are now more IP-centric than before, so the delineation that existed between the corporate and the work networks has now gone”.
As more mining companies utilise remote operation control centres, such as Rio Tinto’s Mine of the Future centre, which is located more than 1000 kilometres away from the mine itself, total control of your remote and SCADA networks becomes more critical.
However “a lot of them don’t realise the security risks of their networks, and that their networks need to be able to detect changes and also users.”
There is currently an evolving threat from cyber attacks and network disruptions right across the digital landscape.
Examples such as the affects of the apparently government sponsored Stuxnet and the havoc it wreaked, particularly as it spies on and subverts industrial systems, and was designed to target SCADA networks and fake industrial process control sensor signals, cause concern for miners.
On top of this is Duqu, related to the Stuxnet worm, which enables attackers to steal data from manufacturers of industrial control systems and then use this data to exploit SCADA and PLC systems.
“You can shut down a mining company’s email with malware and it can keep operating, but you can’t keep operating if your trucks or coal loaders have been shut down.”
What makes the issue even more concerning is that “no one says who the bad guys are, who wants to illegally access these networks, but we know they’re out there”, Wood said, “there are vulnerabilities people are exploiting.”
There is also the danger from employees misusing the network.
“In a recent investigation we carried out we found that one worker had actually used a wireless USB with open access on his computer so he could work away from his desk, and work while in the cafeteria.
“As miners’ process control systems come on to the network you want to know who does what and where they are,” Wood said.
However some have recognised the danger.
“There is one company we are working with who are carrying out security scans every few months,” he said.
Wood stated that the company has a few miners as customers as these companies have recognised that they need to know who is doing what, and from where, on their SCADA and process control networks.
“It’s about greater control.
“You need software and hardware that continually monitors your networks and traffic, mapping the traffic, destinations, and lets users know what has changed.”
Wood explained that information security “is about having more information about the workings of your network than the bad guys.
“Because if a miner doesn’t have control over their trains, scheduling, trucks, and processing, how are they going to work?”