METS Advice: Cyberthreats to the mining industry

Written by León Lanis V., Paralegal

The METS industry is constantly evolving. More and more, technology is applied to increase productivity, and by using automatisation and artificial intelligence many mining companies have been able to save costs and time, in relation to extraction and production.

Since 1990, the METS industry has started applying innovative technologies with automated programming. Previously, METS companies mainly relied on GPS mineral location and high speed wireless communication, but nowadays it has evolved into the use of automated drilling systems (which are far more ecological in use and safer to operate), automated transportation systems (such as automated hauls), Mining Communication Systems (or MCS), and automated safety protocols for risk mitigation inside the mines.

But while the technological transformation of the mining and METS industries has come with a number of exciting benefits, it does come with a risk that must be managed — cyberthreats. It is common to think of cybersecurity as a purely IT problem, but cyberthreat actors like criminals, governments and activists understand that targeting the METS and mining industries can help them in achieving their own goals.

Types of Cyber Threats mining industries may suffer

NIST (US National Institute of Standards and Technology) defines cyberthreats as “any circumstance or event with the potential to adversely impact organisational operations, assets or individuals through an information system”. There are a few cyberthreats that are of particular risk to the METS industry, including:

  1. Social Engineering: 98% of cyberattacks are accomplished because of human sources. Social engineering is “human hacking” or basically manipulating a target source or person into doing something they wouldn’t normally do. Most of these threats are done either physically (direct target manipulation) or by phishing attacks (fake emails, phone calls, etc), with the latter being the most common type of attacks. In this scenario, the hacker will pose as a credible source of information and manipulate the target (which could be anyone within the organisation) into clicking a web link or giving sensitive information. These types of attacks are commonly known as set up attacks, which subsequently lead to greater threats.
  2. DDoS: a Distributed Denial of Services (or DDoS) is one of the most common forms of attack. Through this attack, the hacker seizes the use of an information system by saturating the bandwidth or its access resources, letting the legitimate admin or user unable to access or use the system. These types of attacks are more common from hacktivists.
  3. Ransomware: this is a devastating type of attack in which the hacker gets full control of a system, encrypts the information or its access and asks for money in return, commonly threatening to destroy the system or its information if the payment is not made in time. These attacks are the biggest threat for mining industries. In 2019, the Norwegian company “Norsk Hydro” was hit by a Trojan virus that ended up in a ransomware, leaving 170 plants inoperative, resulting in losses of over $71,000,000 USD and losing 50% of its production globally.

Types of Cyberthreat actors

NIST defines a threat actor as any individual or group posing a threat. Some of these threats include:

  1. Cyber criminals: these are individuals or groups of hackers which seek an economical benefit or leisure with their attacks. They can be either amateurs (which are known as “script kiddies”) or professionals. They are also known as black hat hackers.
  2. Hacktivists: also known as grey hat hackers, these groups seek social justice or civil unrest with their attacks, exposing corporate sensitive information to the public (known as doxing) or producing massive DDoS in order to cripple an organisation’s productivity. The most common threat actors from this category are Anonymous and LulzSec.
  3. Advanced Persistent Threats (APTs): these are groups of hackers supported by a government with advanced resources. They tend to attack not seeking economical benefit or immediate political benefit. These are also known as black flag operations, where countries try not to seem involved in the attacks, but benefit from the economical loss they generate against an enemy country. These are one of the greatest threats for mining industries, as they tend to target in large scale companies from specific countries. The most common active APTs are: Lazarus Group (supported by North Korea), PLA Units (many hacker groups supported by the Chinese government), Charming Kitten (supported by Iran), Fancy Bear (Russian GRU team for cyber black flag warfare), Equation Group (United State’s NSA black flag operations), among many others.
  4. Competitors: it is common that the competition wants to know corporate sensitive information, cripple its operations, etc.
  5. Insider threat: there are instances where the relevant information given to the hacker to exploit a vulnerability comes from someone inside the company. The motivation may vary for this, such could be a disgruntled employee (or former employee) with economical problems or seeking revenge.

Protecting against cyber threats

Knowing the many threats there are for the industry, there are several things a company can do to keep itself safe, including the following:

  1. Training: 98% of the attacks are accomplished thanks to human negligence. Learning how to keep a tight security is key to protecting your company from any threat. Many risk prevention companies have security awareness training for cyberthreats, which normally teaches employees how to identify a threat and how to react before a crisis.
  2. Security Operations Center (or SOC): either in-house or external, SOCs are critical for an industry’s network and infrastructure security. The role of a SOC is to actively search for vulnerabilities and patch any flaws in the company’s security. Some SOC services include what’s known as a CSIRT (Computer Security and Information Response Team) who normally deal with incident response, backups, etc.


METS companies are currently in the thrust of a major technological upheaval and change. As more tasks go digital, processes become automated, and more smart devices are used, cyber security threats grow as well.

METS companies should not be scared of this new technology, but at the same time, it is important that companies recognise the importance of cyber security in order to mitigate risks before they arise. We invite you to talk to our experienced team today about how we can assist with data protection requirements.

Harris Gomez Group opened its doors in 1997 as an Australian legal and commercial firm. In 2001, we expanded our practice to the international market with the establishment of our office in Santiago, Chile. This international expansion meant we could provide an essential bridge for Australian companies with interests and activities in Latin America, and in so doing, became the first Australian law firm with an office in Latin America.

We provide innovative technology and resources businesses with legal and commercial expertise to realise their global potential. Our goal is to see innovative businesses establish and thrive in the global market. We are proud members of Austmine.

To better understand how we can support your management team in the Region, please contact  

Share This

Related Posts