At a minimum, mining organisations must
develop context-specific cybersecurity strategies tailored to their unique operational needs. (Photo supplied)
The use of digital technologies are paramount for the South African mining industry to enhance effective, safe and sustainable operations, as well as to drive global competitiveness.
The modernising of mining is crafted in the South African Mining Extraction Research, Development and Innovation Strategy, which provides a roadmap to 2030 on ways industry, government, research councils and academia could collaborate in developing relevant technological solutions that ensure the survival and digital transformation of the mining industry.
This strategy is a partnership between the government, led by the department of science, technology and innovation, and the Minerals Council South Africa.
The strategy has led to the establishment of research centres co-located in local universities, focusing on mechanised mining systems, real-time information management systems and the strategic application of technology centred around people.
The annual Mining Indaba, held in early February in Cape Town, brought together local, regional and global leaders, experts and companies in the mining sector. A clear emphasis on digital mining was evident in the various discussions and presentations.
The conspicuous absence of cybersecurity from the Mining Indaba’s discussions and agenda underscores its low prioritisation in the industry’s modernisation efforts.
This common, cross-sector misconception — that cybersecurity is merely a supporting rather than a core function — belies the current threat landscape. This perception must change to ensure that digitalisation delivers positive outcomes for mining businesses rather than creating new vulnerabilities.
The mining sector, traditionally viewed as a purely physical operational environment, was once considered immune to cybersecurity threats. But the industry’s increasing reliance on automation, digitalisation, remote access to operational technology (OT) systems (such as Supervisory Control and Data Acquisition, Programmable Logic Controllers and Distributed Control Systems), centralised data analysis and digitally monitored safety and health has made it a prime target for cybercriminals.
These often-aging OT systems, designed for efficiency rather than inherent security, are now exposed to significant digital risks.
Cyberattacks in the mining sector target information technology (IT) systems, OT systems and the industrial internet of things (IIoT). While the sector faces common IT-related risks, the convergence of IT, OT and IIoT significantly expands the threat landscape. Furthermore, the prevalence of legacy OT systems, critical for operations but often digitally vulnerable, introduces another layer of complexity and risk for mining companies.
A recent survey by PwC, conducted among chief executives of various organisations, showed that cybersecurity has risen to the position of the third most concerning risk to organisations, with the estimated cost of a single data breach being R53.1 million, as reported by IBM and TechCentral.
Given the high cost of a single data breach, cybercriminals are increasingly targeting organisations as they streamline their operations through automation and managing facilities and assets remotely with the aid of internet-connected technologies.
In 2024, a series of cyberattacks were reported in the mining sector, locally, regionally and internationally. In August 2024, Sibanye-Stillwater issued a notice under section 22 of the Protection of Personal Information Act, reporting that the mining company had experienced a cyberattack that compromised certain global ICT systems, leading to the exposure of stakeholders’ personal information, such as identity details, health and financial information, banking details and contracts.
In the same month, an Australian gold mining company Evolution Mining Ltd, had a ransomware attack on its IT systems. This incident followed another cyberattack at Australian Northern Minerals Ltd, where sensitive employee information was compromised.
In 2023, a copper mining company in the United States, Freeport-McMoRan, was hit by a cyber incident that affected its information systems and led to their shares declining by almost 2% in a single day.
These cybersecurity incidents highlight the increased digital security concerns in the mining industry. These types of attacks have the potential to disrupt the mineral extraction operations, consequently threatening jobs and leading to possible company closures.
To maintain operational resilience, protect valuable assets and ensure long-term competitiveness, mining companies must prioritise the adoption of cybersecurity technologies and capabilities development.
At a minimum, mining organisations must:
- Develop context-specific cybersecurity strategies tailored to their unique operational needs;
- Gain a comprehensive understanding of their digital landscape, particularly the convergence of IT and OT environments;
- Conduct thorough cybersecurity assessments and risk management exercises to identify specific cyber threats and vulnerabilities;
- Develop and implement robust cybersecurity solutions, including continuous monitoring of cyber events and incidents;
- Provide regular cybersecurity awareness training and education for all employees, leaders and stakeholders; and
- Develop, regularly test and update cybersecurity incident response plans.
The Council of Scientific and Industrial Research (CSIR), in line with its October 2024 National Cybersecurity Survey, recommends that the mining sector integrate cybersecurity as a core component of its risk and safety management strategy. To improve their cybersecurity posture and mitigate escalating cyber threats, mining companies should consider the following strategic actions over and above the technical considerations:
- Invest in cybersecurity: Increase investment in cybersecurity infrastructure, technologies and especially home-grown tools, as well as prioritise the development of a skilled cybersecurity workforce for the mining sector;
- Foster public-private partnerships: Encourage collaboration between the public and private sectors to address shared cybersecurity challenges; and
- Establish sector computer security incident response teams (CSIRTs): These national CSIRTs can monitor, detect, respond to and recover from cyber incidents more effectively than individual companies acting alone. This initiative could also facilitate threat intelligence sharing within the mining sector.
While the mining industry modernises, the digital risks that threaten operations, reputation and revenue cannot be ignored.
Dr Jabu Mtsweni is the head of the Information and Cybersecurity Centre at the Council for Scientific and Industrial Research (CSIR) and a research fellow at the Stellenbosch in Security Institute for Governance and Leadership in Africa. Muyowa Mutemwa is the research group leader for data security and analytics at the CSIR.