Cybersecurity and the Mining Industry:
The author will be writing a monthly article throughout 2019 on Cybersecurity across various market segments. Be sure to watch for it to see how your business may benefit from this important information. Good reading and see you next month.
In the 19th century, mining ruled the economy of the U.P. with the Copper Country mines being the world’s largest producer of copper. Although the industry declined many years ago, there are still some mining operations being conducted across the U.P. to this day.
Like most industries, mining must approach cybersecurity as an overall business risk and not just an IT risk. A report from Ernst & Young, a multi-national advisory service headquartered in the UK, states that 97% of mining companies know that they are lacking in cybersecurity protections, despite 55% of mining operators admitting they have experienced a significant cyber threat in 2017. 
The modern mining industry utilizes the Internet of Things (IoT), which is the concept of attaching sensors or controls to inert “things” (in this case, equipment) so they can communicate with other connected “things” on the internet. For example, use of this system allows for a proactive maintenance approach. Thresholds can be set up for each asset (equipment) so if the condition data falls outside that range, the system can dispatch a technician to address the problem before it occurs. This is an essential asset management tool in the mining industry, but it is also a window of opportunity for a broad set of attackers that range from hackers aiming to disrupt operations, to hostile governments attempting to acquire a competitive edge on commodities, to ‘hacktivists’ looking to promote political, environmental, or social change.
Michael Rundus is a global mining and metals cybersecurity leader for Ernst & Young. “Mining companies must have digital strategies in place which have collaboration and innovation at their core. Collaboration between companies, and even industries, helps to educate the workforce and allow companies to learn from best practices”, Mr. Rundus says. “Cyber must be a key consideration moving forward as the industry takes on this significant change, otherwise the cyber risk may outweigh the business benefits.”
With cyber attacks on the rise, every industry is a target. However, by adopting proactive cyber policies instead of reactive, post-attack responses, companies can increase their protection against cyber threats and can prevent costly data breaches.
 “Do Mining Companies Need to Wake Up to the Cyber Threat?” Ernst & Young, Mining Technology, September 2018
A. Elisabeth Tolsdorf is author of this article and the Director of NIST SP 800-171 Compliance for Hawk Technologies, a woman-owned firm located in Houghton, Michigan. Hawk is the Upper Midwest’s primary source for NIST SP 800-171 Compliance services. Additional information about NIST SP 800-171 and Hawk’s CAD services capabilities can be found at www.hawktechinc.com.