Cyber risky business

While miners are pushing forward with plans to expand the industrial internet of things (IIoT) in their operations, the significant cyber risks within that cannot be ignored, writes Roman Arutyunov, co-founder and vice-president of products at Xage Security
Cyber risky business Cyber risky business Cyber risky business Cyber risky business Cyber risky business

"One device lacking security means risking the security of all devices deployed."

Roman Arutyunov

Smart, connected devices promise significant improvements in operational efficiency, but come at a cost.

To date, inefficient workflows, low utilisation rates and machines sitting idle have been the norm. However, mining operations are taking full advantage of the IIoT, embracing decentralisation, automation and the low-cost connected devices implemented from mine to port.

The IIoT significantly improves communication, increases workflow efficiencies and boosts productivity. A miner has been using autonomous vehicles since 2016, controlled from more than 1000km away, allowing for cost-cutting in travel as well as improvements in safety of employees.

Companies are using IIoT devices to manage and monitor data and devices without requiring them to visit the sites as frequently. Outposts employing operations via autonomous and/or connected cars, drills, trucks and trains are saving companies significant money and time that would otherwise be spent flying employees to unsafe, remote areas or paying employees significantly more money to live there.

Most notably, implementation of IIoT devices in mining allows for a major improvement in collection, accuracy, and visualisation of vital data.

Data access means increased efficiency within a variety of processes. Specifically, visualisation tools provide intelligence into mine structure, temperature, contamination and other vital data points. This information is essential in ensuring mine safety, productivity and viability.

But at what cost?

In the next three years, cybersecurity-related costs will exceed US$6 trillion across industries. And while the mining industry benefits greatly from integrated networks, connectivity also raises significant new concerns and obstacles when it comes to security. Employing connected devices poses huge threats both in terms of human safety, as well as in terms of cost for individual businesses. Froth flotation requires accurate data to separate metals such as lead from zinc. This requires precise measurements of the collector - such as sodium ethyl xanthate. Malicious actors can enter the system, manipulate data and purposefully mismanage the delivery of chemicals in this process, resulting in dangerous environmental pollution and significant economic loss to the company.

In the instance of a data breach in a connected network, a single breach impacts widespread devices, making central points of entry potentially truly disastrous.

Consider a coal mine. When coal remains stagnant, we know the disastrous implications - fires that can take years to put out. Malicious actors in industrial control systems have the ability to access the now-automated processes that keep track of when coal has been disrupted to avoid explosion. If the calendar or record is disrupted by hackers within a system, the results can be life-threatening.

Across the mining ecosystem, many different organisations and people require access to a multitude and variety of applications, devices and machines, creating security gaps through passwords and remote-access possibilities.

In addition, transient devices - connected to the same networks as the industrial control devices - risk impacting the security of the larger devices, as large as autonomous vehicles, which can drive off cliffs if a data source is hacked.

Because many of these autonomous or connected vehicles and devices are controlled by a centralised fleet-management system, a single hack or error can cause a massive accident, and a true domino effect within the network.

Laptops, smartphones and tablets that control much larger devices provide an easy jumping-off point from which the entire network can be attacked once an initial compromise has been affected. What's more, these devices often face inconsistent human behaviour: high turnover rates for employees, lack of adequate security training, and weak password protection and credentials. One device lacking security means risking the security of all devices deployed.

The collaboration between operational technology and information technology devices, combined with legacy systems and inconsistent human behaviour, makes the mining industry particularly vulnerable to attack across the ecosystem. From initial extraction to shipping, these vulnerable systems need sharp security attention.

However, modern mines, connected via widespread networks, are becoming increasingly prone to cyberattacks. This is especially true of organisations which seek to quickly attain IIoT benefits without fully evaluating the risks of digitising legacy systems which often are not properly secured.


According to a 2017 World Economic Forum report, 55% of mining operators reported significant cyber-security incidents. Perhaps even more frightening, almost half of those surveyed questioned whether they would know a dangerous cyberattack on their company's systems when encountered.

Further, 97% of companies across industries know the security systems they have in place are inadequate. Businesses need to change their approaches to security.
Blockchain is uniquely suited to secure the IIoT, because, like the industrial operation, it is distributed by nature. Through decentralisation, secure access control and uncompromised data integrity, blockchain provides the most comprehensive security network for the IIoT.

Deploying a distributed, tamper-proof security fabric across all sites in a mining ecosystem is the solution for a connected, digitised industry. The most secure solutions for the IIoT are those that mirror the IIoT itself and allow the industry to securely take advantage of the benefits of autonomous, connected, smart devices.

These systems are scalable and distributed, able to cover the breadth and depth of mining networks. Since industrial mining operations are decentralised and employ large field elements spanning diverse entities, whether operators or servicing companies, security services need to mirror this distribution, and must be decentralised themselves.

The IIoT works to improve efficiency, rather than cause additional roadblocks, so its security must be easily to deploy on all devices and enable simple and controlled remote access for those authorised to do so.

Securing systems this way means removing a singular, central point of entry through which a single hack can infiltrate and dismantle an entire system. Blockchain further removes the risk associated with a central point of entry because of its self-healing nature. If one blockchain node is attacked, it does not compromise the safety of the entire system.

Blockchain is capable of determining malicious behaviour and tampered-with nodes, removing them from the fabric while continuing to secure the system.

In other words, a single compromise does not impact the entire network or cause significant damage to the system as a whole. One human error does not result in an entire fleet of autonomous vehicles to crash into one another and have dangerous impact, not to mention a serious economic loss.

Instead of one central hack impacting an entire network - one device controlling all autonomous chemical distribution within a mine - devices remain connected while removing a singular point of security failure.

Tamper-proof blockchain systems allow complex systems to authenticate transactions and identify problems, as well as immediately identify and isolate unauthorised changes, manipulations and bad actors - before harm can be done.

Blockchain creates trust between controllers, sensors, computers and other devices participating in data exchange.

Plus, companies can enrol approved equipment while simultaneously identifying and isolating rogue devices, removing interruptions, increasing efficiency and maintaining security.

Controlling access and changes across systems accelerates rollouts and speeds up recovery efforts once a device has been hacked, minimising downtime so the devices can get back to work.

Tamper-proof blockchain security ensures that edge operations and interactions between people, machines, devices and data are protected.

In a highly networked, automated and software-driven system, identity and access management is critical. Interactions happen between a diverse set of devices - operators, servicing companies, individual employees performing maintenance, etc. - which means that to ensure control, security, and safety, IAM must be monitored closely.

Remote access control also saves significant time and money - and ensures workers' safety - by removing trips out to remote areas.

Secure remote automated technology increases the talent pool - opening the door to third-party contractors and vendors, lowering overhead, and simplifying hiring and onboarding.

Employees are safer, and companies are not paying hundreds of thousands of dollars in transportation costs. Automated security is based on information exchange that prioritises the integrity of information, making it paramount to the success of the operation. Whether this exchange of information is peer-to-peer, edge-to-edge or edge-to-cloud, a distributed system for information exchange ensures the integrity and privacy of the information from the source to the destination.

As we continue moving towards a safer, more efficient and connected industrial ecosystem, Blockchain security is the only solution that allows for a distributed, redundant and adaptive solution that gets stronger as more devices are added to a network.

A Xage representative will be presenting at Future of Mining Australia 2019 at the Sofitel Sydney Wentworth hotel on March 25 and 26

Most read Viewpoint