Engineering and Mining Journal - Whether the market is copper, gold, nickel, iron ore, lead/zinc, PGM, diamonds or other commodities, E&MJ takes the lead in projecting trends, following development and reporting on the most efficient operating pr
Issue link: http://emj.epubxp.com/i/799329
CYBERSECURITY 44 E&MJ • MARCH 2017 www.e-mj.com Scenarios: Scenario 1: Theft by transfer One of your accounts staff receives an email purportedly from their regular contact at a supplier, telling them that the bank account details for future online payments have changed. Three months later, the supplier calls, asking why their last two invoic- es have not been paid. They were, but to the hacker's account. The original email had been fake and your company has to pay those substantial bills twice. Scenario 2: Activist sabotage Your operation relies on a pipeline to transport concentrate slurry from the mine to the port that handles your exports. Hackers with an axe to grind about mining in general and your operation in par- ticular manage to gain access to the control system for the pumps and valves that manage the flow. There is a major leak: your com- pany gets hit with the clean-up costs and suffers significant repu- tational damage with the authorities and with the general public. Scenario 3: Engineering a takeover Your company has a small, well-run mine, but has to renegotiate financing before long. Securing a good deal will be dependent on maintaining the cashflow from your operation. But there is a pred- ator out there, who likes the look of the mine but wants it cheap. For some reason, your mill starts to run outside its settings, and breaks down badly, stopping production just when you need it most. The lender pulls out and the alternatives are too expensive — but all of a sudden there is a white knight out there, offering a deal that, in the circumstances, you can't refuse. Target achieved. Scenario 4: Political strings The country where you operate is financially dependent on reve- nue from its minerals sector, with your operations making a sub- stantial contribution to the national budget each year. However, political relations between the country and one of its neighbors are strained, and the neighboring state is bent on making life un- comfortable for your country's government — both politically and economically. Cutting off a main income stream would be one way of achieving this, with the control systems at your operations a key target for hacking and manipulation. Over time, the government's negotiating position is weakened as reduced mineral-sector in- come undermines its finances and international credit rating. Scenario 5: Trucks amok Just because industrial control systems are mainly used in min- eral processing plants does not mean that other parts of a mining operation are cyber risk-free. Imagine a situation where the links between a remote control room and a fleet of autonomous haulers became the target for hackers. The potential for mayhem is inde- scribable, and while the replacement cost would be substantial, the sudden loss of production could be economically disastrous. Scenario 6: Held to ransom With the incident at the German steel mill, the perpetrators' in- tention was perhaps to show that they have the capability of in- flicting serious physical and financial damage. After all, a demon- stration is a lot more effective than merely making an unsupported threat. Financial demands follow and, of course, unless a plant's entire management and control systems are replaced with some- thing more secure, the threat will always remain. Ransomware is already out there, effectively locking down business IT systems until payment is made, and according to CyberX, the FBI predict- ed ransom-demanding to be a US$1 billion business last year. Scenario 7: Manipulating commodity markets Your negotiations with your customers are confidential, affecting the way you organize your operations and your company's profit- ability. This is especially true when your business is involved in reg- ular renegotiation with a small group of large purchasers — whose custom is being eagerly sought by your competitors. How much effort would they be prepared to invest in being able to see all of your internal correspondence relating to the next pricing round? Scenario 8: Eyes in the sky With online retailers offering professional-capability, high-defini- tion camera-equipped drones for well less than US$1,000, peo- ple with an interest in your operations can easily stand outside the fence and see what is happening by remote control. And, as Jeff Melrose, principal technology strategist for cybersecurity at Yokogawa US told the ICS conference last year, drones can not only be used for photographing industrial sites but also for data gathering and control system infiltration. Having photos of sensitive areas of an operation splashed across unfriendly media could cause reputational damage, as well as compromising a company's competitive position. Scenario 9: Just for fun Kids will be kids, and today's kids are no exception. Let them loose with technology, and they'll find some way of either break- ing it or extending its capabilities beyond its designers' inten - tions. Computers, coding and the internet are today's analogies for the plastic model kits and railway layouts of yesteryear, and experimentation knows no bounds. The intent to do damage may not be there, but if corporate IT systems are sufficiently insecure that they can be compromised, there is a chance that it will happen — inadvertently or otherwise. Ensuring that corporate and operating systems are secure is absolutely crucial.