"As mining and resource companies move into the next generation of remote operations, cloud computing, big data and analytics, and mobility, they will need to dramatically increase their security posture in order to maintain ongoing operations," Telstra says in a report based on a recent IT security survey of large energy and mining companies.

Mining still lags behind oil and gas - in mature production regions - in the IT-OT convergence stakes. However, both sectors have entered an era in which strategic emphasis on fully harnessing the benefits of modern information and operations technologies - including via remote operations centres and other centralised decision-support channels - is opening doors to new productivity, efficiency and safety benefits.

However, Telstra says it is also giving cyber-criminals access to operations systems via the internet.

"Organisations must ensure that their networks and applications are designed, installed, operated, and maintained to survive a cyber-incident and sustain critical functions," Telstra's report, IT security in the mining, oil and gas sector: Making IT part of your company's DNA, said.

"It is also important that your CEO and leadership team understand the strategic and economic risks of inaction, and that security must form part of a company's DNA."

Telstra is working with Australian resources companies on network security assessment, strategy and service provision. It is also finalising a multi-year blueprint for international expansion in the mineral and energy resources market.

Telstra mining/oil and gas industry executive Alan Hindes told MiningNews.net that market forces drawing traditionally disparate mining operations, and planning and decision-making islands, together, and speeding IT-OT convergence, were not just cost and margin pressures, and wider industrial-technology trends having a deeper impact in mining.

He said mining majors in particular had a longer-term focus on improving productivity and capital investment returns, and the clear imperative to connect expensive enterprise management structures with production centres that were at the heart of supply-chain optimisation and, potentially, increased profits.

"The industry has had to get more efficient and is adopting more technology as a means of doing that," Hindes said.

Harsh, sometimes unsafe operating environments, often in remote locations, contributed to the growing trend to centralise people and business processes. Clearly, though, big corporations would not be doing it if increased profits aren't on offer.

"Certainly for the tier-ones - and Rio Tinto is probably the global leader - they're really moving through a phase where they've gone from what was their traditional modus operandi and started to do some fundamental things around remote monitoring and then control, to then moving ahead with the introduction of the autonomous program," Hindes said.

"An integral part of that is starting to bring information from sensors and plant and equipment [back to an information hub]. Video is an area of particular growth [in data volumes]: when you have fewer people in certain areas you still need those eyes in that particular area."

All of this became mission-critical to operations, but also vital to organisational reputation.

"Cyber-attacks can come from criminals looking to make money from supply disruptions or the manipulation of commodity prices, competitors trawling for business secrets, foreign governments and state-owned firms in search of political advantage, hacktivists, who may be religiously, politically or environmentally motivated, and the just plain malicious," Telstra's report said.

"At risk could be anything from details of latest pricing plans, to prospecting information, competitive strategy, or even data from driverless trucks that lets competitors know exactly what you are achieving.

"Given the potential for the disruption of critical systems - not to mention risks to the safety of workers, and damage to a company's reputation and financial standing - most organisations recognise that cyber-attacks need to be stopped before attackers breach upstream business infrastructure."

Cultural change has to extend to employee awareness and accountability, with the survey indicating respondents believe more than half their recent cyber-security breaches resulted from human error.

"One of the things the research brought out was that a lot of issues related to peoples' behaviour internally," Hindes said.

"Not necessarily malicious behaviour, but … general behaviour related to loss of devices and things like that."

While anecdotally at least Hindes is hearing about and seeing high-level recognition of the increased likelihood of cyber-attacks rising up the list of business risks that miners and petroleum-industry leaders rank as their primary preoccupations, he believes - and the survey seems to show - many companies are falling behind those creating the threats due to limited in-house skills and budget constraints.

"People have got to look at the cost [of proper assessment and protection] in relation to the … potential damage to the organisation from operational downtime, the risks to organisational reputation … and safety implications," he said.

"I think they're very cognisant that the physical landscape has changed and they need to change their thinking to match that new physical landscape."

*Richard Roberts is editor-in-chief of MiningNews.net' UK sister publication Mining Journal.