Miners face rising threat of cyber-attacks

By Sonali Paul

MELBOURNE (Reuters) - Miners are becoming increasingly vulnerable to cyber-hacking as they slash costs, automate equipment, rely more on the internet, and run mines from hundreds of kilometers away, a survey of nearly 40 mining companies has found.

Threats can come from criminals looking to make money from supply disruptions, rivals hunting business secrets, governments and state-owned firms looking for a leg up in contract talks, and political and anti-mining activists, according to a report by Ernst & Young.

More than 40 percent of metals and mining companies in the survey experienced a rise in external threats over the past 12 months.

"Criminals are attracted to the sector because of the massive cash flows," the advisory firm said in its report.

The most vulnerable miners are small to mid-sized companies who produce strategic metals such as rare earths, tin and tungsten, rather than the mega miners, who have tightened security in their systems over the past few years.

"The big miners have more sophistication in their risk management systems and probably have already experienced some degree of hacking activity in the last couple of years. For them it's a real life battle," said Mike Elliott, Ernst & Young's global metals and mining leader.

Back in 2009, former BHP Billiton Chief Executive Marius Kloppers told a U.S. diplomat in Melbourne he was worried about espionage by China and competitors like Rio Tinto, according to a report on a diplomatic cable released by WikiLeaks.

Elliott said one fairly large miner was hit by a cyber-attack in the past two years which it detected only by accident when it was examining the reliability of a piece of equipment in its supply chain.

The company discovered coding in the software for the equipment had been changed with an unauthorized amendment.

"It was designed to cause a problem that never eventuated because they picked it up," Elliott told Reuters. He declined to name the company that was targeted or where it was located.

"There are a lot more victims of this sort of activity than would be reported, because people don't like to talk about when these things are detected," he added.

Iron ore miners are so aware of threats that one large producer requires staff to remove the batteries from their mobile phones at their most sensitive meetings, a person familiar with the company told Reuters.

Smaller miners are more vulnerable to cyber-hacking because they don't see themselves as targets, and as they look to cut costs they are increasingly using web-connected technology and automated systems which could be infiltrated.

Web sites are easy targets for political and social activists, or hacktivists. A hacker defaced and blocked access to rare earths producer Lynas Corp's web site last year as part of a campaign against the opening of a processing plant in Malaysia.

Lynas has since moved its web site in-house.

"It was a wake-up call for us to bring the web site under the control of IT and have them secure it in the same way as our internal networks," said Gillian Kidson, Lynas Corp's general manager of IT.

(Reporting by Sonali Paul; Editing by Richard Pullin)