Mining has always been about more than extraction. It underpins industrial growth, national development and geopolitical stability. In today’s increasingly contested global environment, access to minerals and natural resources is once again a strategic priority for major powers.
Yet while global attention focuses on trade tensions, nationalism and protectionism, another, less visible threat is rising: remote disruption through cyberattacks. As mining modernises, it is also becoming more vulnerable. Critical infrastructure, which typically includes the mining sector, energy and utilities and agriculture, refers to infrastructure so vital that any impact on it could have debilitating consequences for economic stability, national security and the physical health and safety of the public.
In an increasingly digitalised environment, critical infrastructure relies heavily on networked software and hardware systems, which in effect renders it “hackable.” At the 2026 Mining Indaba in Cape Town, the emphasis was on digitalisation and technological advancement of the industry. However, the industry recognises that cybersecurity can no longer continue to remain the unaddressed elephant in the room. The targeting of critical infrastructure is the next frontier in modern conflict and criminal enterprise.
Read Full Article on Mail & Guardian
[paywall]
Traditionally, the mining and minerals sectors, manufacturing and the energy and utilities industries have relied heavily on automation through the use of operational technology (OT), supervisory control and data acquisition systems and industrial control systems, as well as increasingly networked (and therefore interconnected) infrastructure. It is the nature of IP-based networking that makes devices, systems and their environments “smart” – and vulnerable to cyber incidents. It is therefore concerning that, although digitalisation and technological development rightly remained key topics during this year’s Mining Indaba, cybersecurity continues to be detrimentally neglected.
A conversation about artificial intelligence (AI) cannot be had without discussing its potential as a major disruptor of cybersecurity and the implementation of advanced robotic solutions cannot be explored without considering their autonomous nature and interconnectivity. The World Economic Forum continues to highlight cyber risk as the top business risk worldwide. It is now a global strategic risk and can no longer be relegated to the status of an add-on or afterthought.
A number of cyber incidents in the mining industry have been reported in the media in recent years. Eastplats experienced a cyber incident in May 2025 in which internal company documents were leaked. Sibanye-Stillwater suffered a major outage of its global information technology (IT) systems in 2024; while core mining operations were able to continue, its IT infrastructure was heavily impacted.
Rio Tinto, one of the world’s largest mining companies, suffered a major breach in 2023 that led to sensitive employee data, including payroll and personal information, being leaked online. The seriousness of cyberattacks on industrial control systems – where actions in the physical world can be perpetrated through digital means (e.g., the opening or closing of breakers at an electricity substation or the hijacking of an autonomous haulage system) – means that digital attacks can, for the first time, cause physical harm or even death. Through the pervasiveness of the IT/OT convergence, even non-intellectual property (IP)-based infrastructure can now potentially be manipulated remotely, for example by compromising human-machine interfaces.
While many cyberattacks involve data theft or leakage, with detrimental effects on organisations and individuals, real-world cyber-physical attacks are thankfully still less common, although they are expected to increase in frequency and severity. The South African Mining Extraction Research, Development and Innovation Strategy provides a roadmap up to 2030, outlining collaborations between industry, government, research councils and academia to ensure the digital transformation of the mining industry. The strategy has already led to the establishment of research centres co-located at local universities, focusing on real-time information management systems and the strategic application of people-centred technologies.
Central to this roadmap is cybersecurity and the role it plays in protecting and advancing the mining industry. Cybersecurity is not an add-on; it should be implemented through defense in depth – paramount to any digitalisation or cybersecurity strategy – meaning that security must be embedded at all levels. This includes hard technical controls, as well as softer policy and procedural controls.
It must also extend to employee training and awareness, as it has repeatedly been shown that humans remain the weakest link in even the best-designed ecosystem. The World Economic Forum estimates that as much as 95% of cyber incidents are enabled through human error or human involvement. Even advances in AI-based attacks are expected to target humans through social-engineering mechanisms and bespoke malware, rather than through automated exploits that directly target machines.
[/paywall]
All Zim News – Bringing you the latest news and updates.
