Cyber risk has been a growing threat since the onset of the Industrial Revolution in Europe. With each passing decade, advancements in tools and techniques have heightened this looming risk.
The revolution was fueled by the discovery of energy sources like coal, gas, and oil, and the identification of various ore deposits, which led to the emergence of the metallurgical sector, frequently making commodities market headlines.
Metallurgy is a field within material science and engineering that examines the physical and chemical behavior of metallic elements. It plays a crucial role in producing metals for diverse applications, including airplanes, vehicles (automobiles, railways, and ships), recreational vehicles, buildings, implanted devices, and musical instruments.
Key areas of cyber risk in the metallurgical sector
Following the Industrial Revolution, a significant leap in the metallurgical industry occurred in the mid-20th century with the advent of information technology. Today, the sector is heavily automated. Simple tools like pickaxes have transformed into advanced drilling machines, and ore movement is controlled via control panels and Wi-Fi. However, this increased efficiency has brought new cyber risks to the forefront.
Automation
The metallurgical industry is well-acquainted with cyber risk. Since embracing automation, access control is managed through a unified information network. Company databases contain vital data, including client and supplier information, intellectual property, and other critical details about company operations.
Employee access
All employees possess electronic data accounts, heightening cyber risk in the sector. Information security can be breached through several avenues, such as social engineering. For instance, an unwitting employee might inadvertently share credentials with a hacker, open an unauthorized file, click on a malicious link, or insert an infected drive into a system.
Damaged equipment
Damage to IT or industrial equipment poses a significant cyber risk. Cyber attacks can impair machinery like drilling rigs or smelting furnaces, which are costly to replace. Moreover, the business interruption caused by equipment downtime can lead to substantial losses. Even if profits are recoverable after system restoration, fixed costs like wages and electricity persist.
A cyber incident in the metallurgical sector
In 2014, a German steel mill experienced a cyber incident when a blast furnace was disrupted by a cyber attack. Hackers infiltrated the system using spear phishing and social engineering tactics. The attack caused the metal inside the furnace to freeze, rendering the machinery irreparable and resulting in additional losses due to decreased productivity.
Since then, little has been done to safeguard such equipment from cyber threats inherent to operational technology.
The metallurgical sector must prioritize protection against cyber risk, focusing on mitigating potential equipment loss and business interruptions, along with loss of access to unified information networks. Reliable protection is essential for the industry’s survival, achievable through the implementation of effective techniques and the provision of cyber insurance policies.