A massive 88% of mining companies globally are recognising the threat of cybersecurity risk within mine sites, and are increasing their investment in operational technology (OT) systems security – however, disjointed management leads to poor management co-ordination.
According to IDC’s Operational Security Challenges and Approaches in the Mining Sector survey, technology addresses only one part of the OT related challenge, management of cybersecurity across enterprise and operational sites must involve coordinated management of business risk posed by the threat of attack across the operation.
Instrumentation and connectivity within mining companies is increasing not only within the enterprise but across operational sites through equipment automation, cloud, and mobility for example. This is creating the opportunity for improved efficiency, productivity and control, but also poses challenges to mining organisations. As equipment is connected, and systems integrated, companies are facing a far increased critical threat from a broadening attack surface.
Results from IDC’s survey confirm that 78% of instrumented operations equipment is connected via wired or wireless networks. Mining companies recognize the associated risk and are increasing budget spend on OT security, but mining companies are not managing cybersecurity risk effectively operationally.
More structure, adoption of standards, consistent processes and a single point of management accountability across all enterprise and operational security is required to ensure that as connectivity increases in support of business outcomes security systems in place within enterprise and operational environment can effectively manage the growing commercial and operations risk from cyber breaches.
As companies embark on technology led transformations to create integrated digital operating environments that are optimized and more productive (enabled by investments in cloud, IoT, AI, Advanced Analytics etc.), the security risk in operations will increase.
Furthermore, the survey showed that increased cloud and IoT investments are two of the top three drivers for increased investment in securing OT systems by mining companies. However, also in our survey 33% of mining companies globally highlighted the increased use of these disruptive technologies as a major barrier to improved security for OT systems. Findings from the survey further highlight the risks we identified earlier to OT systems.
“This growth in technology led integrated digital operating environments is driven by management’s need for improved insights into operations activities as a basis for improvements in productivity and yields and on a more consistently basis. Improved insights need increased levels of integration of OT and IT data. Ninety-six percent (96%) of mining companies have reported an operational focus on IT/OT integration as a strategic priority for investment over next two to three years, contributing to the growing exposure and risk in operations systems security,” says Daniel Nimmo, senior research manager at IDC Energy Insights and WW Mining.
In order to manage this growing and significant risk to the business, a coordinated approach to cybersecurity across the enterprise and operations is required. This should include common reporting lines for security strategy and execution across IT and operations security. According to the survey, 32% of mining companies confirmed that their lack of a holistic strategy across IT/OT systems security was one of top four barriers to their achieving higher levels of security across operations systems.
“Effective management of cyber security across mining operations is not simply a technology issue, the biggest challenges mining companies face in protecting their environments holistically and managing this risk relates to management and governance. IDC’s research shows only 15% of respondents have a common management structure of IT and operational security. The lack of a single reporting line exacerbates the management of security on a consistent basis across the enterprise,” adds Nimmo.