Cyber risks in mining oil and gas companies

Cyber risks in mining oil and gas companies

Jan 11th, 2017

Mining is in transition from the electro-mechanical era toward the cyber-informational one. Cyber risks in mining oil and gas companies become relevant and one should include them in any operation risk landscape assessment.

Cyber risks in mining oil and gas companies

Information technology (IT) , Internet of Things (IoT), and spreading connectivity are bringing very significant benefits to mining. However they increase the mining industry’s exposure to cyber criminals and possibly terrorists. This phenomenon is general and occurs in every single industrial, infrastructural and service space, not only in cyber risks in mining.

Cyber risks in Mining oil and gas companies

Insurers practice actuarial approaches, rooted in a rear-view vision of the world. Thus they seem to be less than efficient advisors insofar Cyber risks in mining oil and gas companies are concerned.

A management conundrum

At Riskope we have worked on large cyber risk assessments, at national scale, or included cyber risks in holistic multi-hazard approaches. Our clients since the very beginning of the century were civilian as well as military clients .
Reportedly at least one major mining company has been the target of a massive hack. However serious infrastructural damages have only seldom been inflicted, and not in mining (as far as we know), but in other industries.
Given the rapid escalation in the number and sophistication of cyber attacks, infrastructural damages are to be expected “any time”. Any infrastructural damage, especially those with environmental consequences or harm to people, will lead to significant crisis potential, reputational damages and legal consequences. Cyber risks in mining oil and gas companies are a reality one cannot ignore.

Coal Wharves Facilities, Critical Infrastructure

There is a strong temptation to squander capital on “technological solutions”. That is due to the complexity and far reaching interdependencies of the receiving system, i.e. the mining operation, corporation, etc. . Furthermore, there is and there has been a lot of focus on the technological mitigation for cyber. That include perimeter technologies like firewalls, intrusion detection, etc. That type of “specialist approach” forgets, however, that the easiest way to stop a computer is and will remain “unplugging” it. One can perpetrate a malevolent cyber-attack to a mining site in rather unsophisticated, but efficient ways. And the consequences are far from stopping at IT.

The financial implications of the capital squandering is so significant that Cyber-protection costs have been predicted to exceed benefits by 2019.

The solution

Contrary to other natural or man-made hazards cyber-hazards evolve and expand in a high-rate growth. Many hazard specialists (the IT guys) state that it is “impossible” to keep track of all the threats. Companies which specialize in network monitoring and threat detection are very successful and expanding their capabilities. However not necessarily at the pace demanded by the rate of acceleration of the threat.

Most risk assessments we review are very light on the study of interdependencies and complex consequences. That is because of the lack of methodological support.
Cyber risks, more than any other component of the overall risk landscape require solid, robust solutions.

At R&R we presented a paper “Military Grade Risk Application for Mining Defense, Resilience, and Optimization” which focuses on ORE, our flagship platform for multi-hazard scalable, drillable and convergent risk assessments.

With ORE it is possible to comparatively evaluate mitigative alternatives, process alterations. This leads to stronger leadership, transparency and finally, cultural transformation.
We recently read an encouraging note. It reported that, recently and in some cases, corporation spent two-thirds of the overall capex on the cyber risk mitigation strategies in non-technological areas.

Cyber risks in mining

The idea that cyber risk is not an IT issue is finally sinking. This, however, does necessarily mean the capex is allotted in the most efficient way at all, unless proper prioritization was performed and silo-culture is replaced by a “horizontal” thinking. And all of the above does not necessarily lead to proper inclusion of cyber risks in the ERM program.
Cyber risks in mining oil and gas companies are a reality. Ultimately the deployment of an adequate analysis methodology will eliminate capex squandering.

Tagged with: , , , ,

Category: Consequences, Crisis management, Risk analysis, Risk management

2 responses to “Cyber risks in mining oil and gas companies”

  1. Roy Wares says:

    Should cyber risk be a special organization within a company or just part of IT ?
    My vote is the former,

  2. Jean says:

    independent from -IT, be part of operational risk management

Leave a Reply

Your email address will not be published. Required fields are marked *

Riskope Blog latests posts

  • New achievements in risk assessment and management
  • 2-05-2023
  • PrintNew achievements in risk assessment and management will be attained thanks to SRK Consulting merging with Riskope. Indeed, we are…
  • Read More
  • Open letter to the organizer of the tailings dam round robin exercise
  • 29-03-2023
  • PrintDear Ryan, please receive this open letter to the organizer of the tailings dam round robin exercise. It explains our…
  • Read More
  • Landslides risk assessment and monitoring
  • 8-03-2023
  • PrintDuring the first couple decades of our professional life we worked extensively with Landslides risk assessment and monitoring in the…
  • Read More
  • Get in Touch
  • Learn more about our services by contacting us today
  • t +1 604-341-4485
  • +39 347-700-7420

Hosted and powered by WR London.