“Control of mine sites is still done manually as the perceived cybersecurity risk of the internet of things is too high.”
Mining businesses share large amounts of organisational DNA with businesses from other industries – financial systems, human resources systems, procurement systems, desktop systems, and many others – are much the same. In other crucial ways though, mining is a very different industry. It is facing several technology challenges alone and will ultimately be compelled to take leadership in these areas.
First among these is the challenge of geology. Unlike the natural gas or petroleum industries, geology is very difficult to characterise from a small number of samples. Natural history is highly variable and often unique to a given geography. Currently, mining companies design their value chains to absorb ranges of variability in the ore body, leaving much potential scope for improvement of production. Advanced ore characterisation through machine learning and operational responsiveness through automation of extraction and processing has the potential to create a huge lift in the utilisation of ore bodies and the inputs consumed. Assets will become, in effect, operated by advanced software. The embedded strategic cyber risks for mining businesses from this shift are clear.
A second major challenge is the remoteness of major mining assets. The pre-eminence of acquiring ore bodies in building business value means miners have limited discretion on where their assets are located. Many embed a sovereign risk layer to their investment decisions. It is difficult to avoid the issue of remoteness – just consider Australia’s north-west iron ore basin or Canada’s mining operations in the Arctic. Geography has influenced how security has traditionally been considered, leading to isolationist (‘air gapped’) strategies, made possible by the lack of interconnectivity to urban grids and networks. Automation and communications connectivity have made this concept redundant, potentially causing a more abrupt shift for miners than for other, less remote, industries. Paradoxically, remoteness is the central driver for remote operations and autonomy.
“With the next generation of satellites, no one will be remote and with the cloud, your data and applications could be anywhere in the world, including at the bottom of the ocean.”
A third challenge facing the industry that separates it from most industries are its long global supply chains and the number of specialist service companies brought to bear on extracting and delivering mining products. For this reason, suppliers are one of the main sources of cyber risk for mining companies and accordingly will need to become one of their main sources of cyber resilience. They are part of your overall enterprise and ‘should be treated as such’. Unfortunately, the evaluation and testing of suppliers are ‘currently poor across the board’ which ‘needs to be fixed now…there is a tsunami of technology in cyber-attacks that even the NSA cannot handle.’
Service companies are culturally far more responsive to their customers than mining companies because they have to be. As miners begin to prioritise cybersecurity in their commercial terms and communications to the market, suppliers will respond. The shift is already underway – of our survey respondents, over two thirds said a strong cybersecurity reputation will become critical for suppliers in the next five years. Another third said it will be important. None said it will be unimportant. Government bodies, in particular, recognise the global competitive advantage that advanced cyber capability will deliver their mining services businesses.