Minimising the risks of increased connectivity
The growing level of digitisation in mining makes cyberattacks even more dangerous because of the potential safety implications. Image: Pixabay
The recent cyberattacks have highlighted the importance of cybersecurity in the industrial space. When large multinational companies — including equipment manufacturers, mining companies, banks, and power plants — are affected by such attacks, the implications can be massive.
While revelations of industrial espionage are far rarer than those of attacks that affect banks, retailers, and other businesses, the costs to business are estimated in the billions of dollars.
In an increasingly connected world, the Industrial Internet of Things (IIoT) has numerous advantages for companies making use of the functionality this provides. At the same time, it has increased the need for highly secure connectivity across all aspects of the plant, particularly since it is now connected to the enterprise network, as well as to suppliers and customers. The increasing prevalence of telematics and big data in the mining and construction sectors also increases both the potential impact of cyberattacks and the potential points of entry into connected systems and networks.
As the string of cyberattacks on industrial networks grows, security vendors are developing new protection systems. Rockwell Automation and Cisco are two companies that have joined together to provide a network security solution, called Converged Plantwide Ethernet (CPwE) architectures, designed to help information technology (IT) and operational technology (OT) professionals address constantly changing security threats. The architecture features technology from both companies, including design guidance and validated architectures to build a more secure network across the plant and the enterprise.
But while technology can help to mitigate these risks, it is the people using the technology who play the key role in improving security and limiting vulnerabilities. In addition to creating parameter and internal network safeguards, the joint architecture tool includes policies on managing access.
Probably the most well-known industrial cyberattack is Stuxnet, a malicious computer worm that infected at least 14 Iranian industrial sites in 2010. The worm targeted Microsoft Windows machines and networks, before seeking out Windows-based Siemens Step7 software that is used to program industrial control systems (ICSs) and finally compromising programmable logic controllers (PLCs), allowing it to collect information on and causing damage to centrifuges.
The increasing prevalence of digitisation in the mining and construction sectors increases the potential impact of cyberattacks on connected systems and networks.
The Stuxnet worm damaged ICSs in five Iranian industrial facilities suspected of enriching uranium, and while it was not the first ICS-targeting cyberattack, it was the first to infect a PLC and demonstrated just how vulnerable industries are against cyberattacks targeting their ICS environments (Huq, 2016: 7). Unlike any previous virus or worm, Stuxnet caused actual physical destruction to the equipment controlled by the infected computers.
Four years later, in 2014, a German steel mill was the target of a cyberattack, which resulted in ‘massive damage’ to the foundry. This was the second such attack after Stuxnet, and once again, the control systems were accessed via initial penetration of the office network. In this attack, however, once the attackers had gained control of the systems, they focused on destroying human-machine interaction components, which prevented a blast furnace from being shut down and caused serious infrastructure damage.
In 2016, hackers stole project data from the plant engineering division — among others — of one of the world's largest steel makers, ThyssenKrupp.
Rockwell Automation and Cisco’s network security solution – Converged Plantwide Ethernet (CPwE) architectures – is designed to help IT and OT professionals address constantly changing security threats.
Image: Rockwell Automation & Cisco
Public reports from ESET antivirus firm and Dragos cybersecurity company released in June this year, identify an extensible malware framework — a highly capable ICS attack platform — that was used in the 2016 cyberattack on the Ukraine electric grid and could be used to target critical infrastructure sectors. According to Dragos, the group behind the 2016 attack using CrashOverride “has direct ties to the Sandworm Team that targeted infrastructure companies in the United States and Europe in 2014 and Ukraine electric utilities in 2015.”
Increasing ICT and IoT spend
According to global ICT research and consulting services firm International Data Corporation (IDC), spending on big data and analytics in the Middle East and Africa will increase by 11.0% in 2017 to reach USD2.2-billion, compared to USD1.98-billion in 2016. This data comes from IDC’s latest Worldwide Semiannual Big Data and Analytics Spending Guide. The growth is expected to reach approximately USD3.20-billion in 2020 — a compound annual growth rate (CAGR) of 10.0% over the 2016–2020 period.
IT and business services accounted for 55.1% of overall spending, with software the next biggest spender. According to Megha Kumar, research director for software at IDC MEA, there is a lot of focus around customer and operational analytics, and uptake around advanced and predictive workloads. Kumar says that this shows that organisations in the region acknowledge the need to leverage data for strategic decisions, but face challenges in finding skills to support big data and analytics deployments, with the majority of software spending focused on solutions for end-user query as well as reporting and databases.
Geographically, 22.7% of this investment was generated in South Africa, second only to Saudi Arabia, with 24%. Industries with longer-term potential include discrete and processed manufacturing, resource industries, and transportation, while construction has shown very little spending in this area.
IDC’s Worldwide Semiannual Internet of Things Spending Guide forecasts that the IoT market will grow 19.6% year-on-year in 2017 to total USD7.8-billion, compared to the 18.1% growth seen in 2016. IDC attributes this to the proliferation of digital transformation initiatives across the region as businesses and government entities strive to boost productivity and improve efficiency.
According to Wale Babalola, research analyst for telecommunications, IoT, and digital media at IDC MEA, “IoT now offers a myriad of industry-specific solutions that can be easily deployed by organisations in a bid to stay ahead of competition.”
IDC forecasts that manufacturing operations will account for more than 51% of the projected IoT-related spending of USD1.3-billion from manufacturing organisations in 2017. The transportation industry is also forecast to see IoT-related spending of around USD1.3-billion in 2017, with freight monitoring expected to account for USD849-million, highlighting the increasing importance of monitoring goods and improving productivity.
According to the Global Cybersecurity Index (GCI) 2017 report, in 2016, “nearly one percent of all emails sent were essentially malicious attacks.” The demands from ransomware attackers are also escalating, with the same report claiming that the average ransom demand in 2016 was over USD1 000, up from USD300 in 2015. A New York Times article published in June, ‘Ponzi scheme meets ransomware for a doubly malicious attack’, said that while ransomware attacks in 2016 were estimated to have raked in around USD1-billion, the number is likely to be much higher this year.
NotPetya’s ransom note.
The outbreak of the WannaCry ransomware in May this year made international headlines, as it affected hospitals, banks, universities, engineering companies (including Sandvik), automotive companies (including Nissan and Renault), manufacturing plants, telecommunications companies (including Telkom), and even government ministries. Hundreds of thousands of computers in 74 countries were affected in around 24 hours, and by the time it was over, more than 150 countries had been affected.
Then, six-and-a-half weeks later, there was a second cyberattack making headlines. According to the New York Times (‘Cyberattack hits Ukraine then spreads internationally’), the outbreak, which initially appeared to be a second ransomware attack, spread across Ukraine — and the world — for five days before activating on 27 June. Among those affected were steel manufacturing and mining company Evraz and shipping giant Maersk. More worryingly, the Chernobyl plant was also affected, with the computers responsible for monitoring radiation levels affected. While these were fortunately not connected to the site’s industrial systems, the huge volumes of radioactive waste needed to be manually monitored. Despite its apparent similarity to WannaCry, according to Slovak antivirus vendor ESET, 80% of all infections were in Ukraine, suggesting a political motivation.
In 2014, a German steel mill was the target of a cyberattack, which prevented a blast furnace from being shut down and caused massive damage to the foundry.
Far more frightening, barely a week before the Ukraine-focused attack, the New York Times published an article on an attack that occurred a mere two weeks before the WannaCry outbreak, this one against the Manhattan-based IDT Corporation. The article, ‘A cyber attack “the world isn’t ready for”’, described a much worse attack that went largely unnoticed due to the focus on WannaCry.
While this attack also appeared superficially similar to WannaCry, with a ransom demand for decrypting encrypted IDT data, like the NotPetya attack, this was a smokescreen. The truth was far more sinister: the ransomware attack masked the theft of employee credentials, which could have been used to access confidential information or even destroy machines. Even more worrying was the fact that the attack went undetected by “leading cybersecurity products, the top security engineers at its biggest tech companies, government intelligence analysts, or the FBI.”
The only reason it was noticed at all was “a digital black box that recorded everything on IDT’s network,” together with the tenacity of IDT’s global chief information officer Golan Ben-Oni, who described the attack as a “nuclear bomb” compared to the fire of WannaCry.
According to Deloitte’s Tracking the Trends 2017 report, mining companies are exploring digitisation as a way to improve operations. However, the same report points out that over the past few years, most major mining companies have experienced attacks, with their IT security technologies unable to protect against increasingly sophisticated and malicious online threats. The report highlights that ransomware has become one of the most prevalent forms of cyberattack over the past year, with many companies, including those in the mining sector, being subject to this type of attack.
The growing use of telematics and data analytics, as well as the increase of data in the cloud, the convergence of IT and OT technologies, and the uptake of IoT, amplifies the potential cybersecurity risk. Malicious viruses or worms, like Stuxnet, “explicitly target critical systems,” and autonomous vehicles are also a concern, not just because of potential disruptions, but because of the potential safety implications.
Over the past few years, most major mining companies have experienced cyberattacks.
Despite the increased risk, a Trend Micro white paper on cyber threats to the mining industry states that while the sector is under threat from cyberattacks and the exploitation opportunities are significant, it is an area that almost no one wants to talk about (Huq, 2016: 3). And this is something that needs to change.
Anderson, M. 2017. “NotPetya”: Latest ransomware is a warning note from the future. IEEE Spectrum, 30 June.
Auchard, E. & Käckenhoff, T. 2016. ThyssenKrupp secrets stolen in “massive” cyber attack. Reuters, 8 December.
Budd, C. 2016. The mining industry is getting rocked by cyber threats. Trend Micro, 13 July.
Dragos. 2017. ‘CrashOverride: Analysis of the threat to electric grid operations’.
Huq, N. 2016. ‘Cyber threats to the mining industry’. White Paper by Trend Labs, the global technical support and R&D centre of Trend Micro.
International Telecommunication Union (ITU). 2017. Global Cybersecurity Index (GCI) 2017.
Karnouskos, S. 2011. Stuxnet worm impact on industrial cyber-physical system security. Germany: SAP Research.
Kushner, D. 2013. The real story of Stuxnet. IEEE Spectrum, 26 February.
Perlroth, N. 2017. A Cyberattack “the World Isn’t Ready For”. New York Times, 22 June.
Perlroth, N., Scott, M. & Frenkel, S. 2017. Cyberattack hits Ukraine then spreads internationally. New York Times, 27 June. .
Sentryo. 2016. Cyberattack on a German steel-mill.
Wakefield, J. 2017. Tax software blamed for cyber-attack spread. BBC News, 28 June.
Zetter, K. 2014. An unprecedented look at Stuxnet, the world's first digital weapon. Wired, 3 November.