Open Access
An Examination of Cybersecurity Practices and Resilience in the Global Mining Critical Infrastructure Sector
4
Department of Computer Science and Engineering, Assam Don Bosco University, Guwahati, India
Abstract
Purpose: This systematic literature review examines the state of cybersecurity and resilience within the global mining industry, which is a critical infrastructure sector facing increasing digital threats. The review aims to synthesize current practices, identify unique vulnerabilities, and evaluate the role of international standards in mitigating risk. A novel conceptual framework based on Word Sense Disambiguation (WSD) is used to clarify key terminology, such as "cybersecurity" and "resilience," within the specific context of the mining sector.
Methodology: A systematic literature review was conducted using a search of academic databases and industry reports. A thematic analysis was then applied to synthesize the collected data, identifying recurring themes related to threats, vulnerabilities, current practices, and the implementation of standards like ISO/IEC 27001.
Findings: The review confirms that the mining industry's growing reliance on automation and interconnected technologies has exposed it to significant cyber risks, including ransomware attacks and disruption of Operational Technology (OT) systems. While some companies are adopting cybersecurity measures, the implementation of formal frameworks like ISO/IEC 27001 is not widespread. The findings suggest that while these standards offer a strong foundation, they are often insufficient on their own, as they do not fully address the unique challenges of OT-IT convergence and remote operations.
Originality/Value: This paper is among the first to provide a comprehensive, systematic review of cybersecurity specifically within the global mining sector. Its unique contribution lies in its use of the WSD concept to provide a clearer, more precise analysis of complex terminology, which is often a source of confusion in this field. The study identifies critical gaps in both research and practice, offering a clear roadmap for future research and policy development that emphasizes a shift toward a more holistic, cyber-resilient approach.
Keywords
Cybersecurity,
Mining industry,
Critical infrastructure,
ISO 27001
References
ReportLinker. Mining global market report 2023. 2023. Available from: https://www.globenewswire.com/news-release/2023/04/21/2651931/0/en/Mining-Global-Market-Report-2023.html
Garside M. Mining industry worldwide - statistics & facts. 2023. Available from: https://www.statista.com/topics/1143/mining/#topicOverview
Jahankhani H, Meda LNK, Samadi M. Cybersecurity challenges in small and mediumenterprise (SMEs). In: Jahankhani H, Kilpin DV Kendzierskyj S, editors. Blockchain andJOURNAL OF CYBER SECURITY TECHNOLOGY 23other emerging technologies for digital business strategies. Cham: SpringerInternational Publishing; 2022. p. 1–19. doi: 10.1007/978-3-030-98225-6_1
Mining-Magazine. Increased cyber risk in mining. 2017. Available from: https://www.miningmagazine.com/logistics/news/1331963/increased-cyber-risk-in-mining
Alahmari A, Duncan B. Cybersecurity risk management in small and medium-sizedenterprises: a systematic review of recent evidence. In: 2020 International Conferenceon Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). IEEE; 2020.p. 1–5. doi: 10.1109/CyberSA49311.2020.9139638
Muronga K, Letebele MO, Binda PL, Smith-Godfrey SM. Towards secure maritimetransport in South Africa: an investigation of cybersecurity readiness of organisations.2019. Available from: https://researchspace.csir.co.za/dspace/handle/10204/11176
Knott J. The cyber canary in the coal mine during covid-19. 2020. Available from:https://www.pwc.com.au/digitalpulse/aussie-mine-2020-report-cyber-security.html
Bakar ZA, Yaacob NA, Udin ZM, et al. The adoption of business continuity managementbest practices among Malaysian organizations. Adv Sci Lett. 2017;23(9):8484–8491. doi:10.1166/asl.2017.9916
Evans L. Protecting information assets using ISO/IEC security standards. Inf Manag.2016;50(6):28.
Al-Mayahi I, Sa’ad PM. ISO 27001 gap analysis-case study. In: Proceedings of theInternational Conference on Security and Management (SAM), The SteeringCommittee of The World Congress in Computer Science; Las Vegas. Computer; 2012.p. 1.
Culot G, Nassimbeni G, Podrecca M, et al. The ISO/IEC 27001 information securitymanagement standard: literature review and theory-based research agenda. TheTQM J. 2021;33(7):76–105. doi: 10.1108/tqm-09-2020-0202
Susanto A, Shobariah E. Assessment of ISMS based on standard ISO/IEC 27001: 2013 atDiskominfo Depok city. In: 2016 4th International Conference on Cyber and IT ServiceManagement; Bandung, Indonesia. IEEE; 2016. p. 1–6.
Rossi P. InfoSaaS and Axora partner to transform the processes and costs of ISOmanagement system certifications. n.d. Available from: https://itsupplychain.com/infosaas-axora-partner-to-transform-the-processes-and-costs-of-iso-management-system-certifications/
Gillies A. Improving the quality of information security management systems withiso27000. The TQM J. 2011;23(4):367–376. doi: 10.1108/17542731111139455
Wang C-H, Tsai D-R. Integrated installing ISO 9000 and ISO 27000 managementsystems on an organization. In: 43rd Annual 2009 international carnahan conferenceon security technology; Zurich, Switzerland. IEEE; 2009. p. 265–267.
Mirtsch M, Kinne J, Blind K. Exploring the adoption of the international informationsecurity management system standard ISO/IEC 27001: a web mining-based analysis.IEEE Trans Eng Manage. 2020;68(1):87–100. doi: 10.1109/TEM.2020.2977815
Fomin VV, Vries H, Barlette Y. ISO/IEC 27001 information systems security managementstandard: exploring the reasons for low adoption. In: Euromot 2008 conference; Nice,France. European Institute for Advanced Studies in Management (EIASM); 2008.
The ISO survey, the ISO survey of management system standard certifications – 2014. n.d. Available from: https://www.iso.org/files/live/sites/isoorg/files/archive/pdf/en/iso_survey_executive-summary.pdf
Woods A. The ISO survey of management system standard certifications 2019 | CQI |IRCA. n.d. Available from: https://www.quality.org/news/iso-survey-2019-management-system-standard-certifications
AbuSaad B, Saeed FA, Alghathbar K, et al. Implementation of ISO 27001 in SaudiArabia–obstacles, motivations, outcomes, and lessons learned. In: 9th AustralianInformation Security Management Conference; Citeseer; 2011. p. 1. doi: 10.4225/75/57b52709cd8b2
Vuppala V, Vincent J, Kusler J, et al. Securing a control system: experiences from ISO27001 implementation. In: Proceedings of ICALEPCS2011; Grenoble, France,ICALEPCS2011; 2011. p. 1062–1064.
Sharma N, Dash PK, et al. Effectiveness of ISO 27001, as an information securitymanagement system: an analytical study of financial aspects. Far East J Phychol Bus.2012;9:42–55.
Velasco J, Ullauri R, Pilicita L, et al. Benefits of implementing an ISMS according to theISO 27001 standard in the Ecuadorian manufacturing industry. In: 2018 InternationalConference on Information Systems and Computer Science (INCISCOS). IEEE; 2018. p.294–300. doi: 10.1109/INCISCOS.2018.00049
Vlachos T. Certifiable risk management & business continuity approach in miningindustry. In: Proceedings of the 4th World Congress on Mechanical, Chemical, andMaterial Engineering (MCM’18), DOI. International ASET Inc; 2018. Vol. 10. doi: 10.11159/mmme18.108
Molaei F, Rahimi E, Siavoshi H, et al. A comprehensive review on internet of things (IoT)and its implications in the mining industry. Am J Eng Appl Sci. 2020;13(3):499–515. doi:10.3844/ajeassp.2020.499.515
Directorate AS. Australian signals directorate releases 2023 asd cyber threat report.2023. Available from: https://www.asd.gov.au/news-events-speeches/news/2023-11-15-australian-signals-directorate-releases-2023-asd-cyber-threat-report
Smith J. Cybersecurity in mining: already a business imperative but soon a legalobligation. 2024. Available from: https://www.miningnews.net/miners/news-analysis/4375466/cybersecurity-mining-business-imperative-soon-legal-obligation
Mining E. Cyber incident. 2024. Available from: https://evolutionmining.com.au/cyber-incident/
Smith J. Lessons learned from rio tinto’s massive cyber-attack. 2023. Available from:https://mine.nridigital.com/mine_jun23/cybersecurity_ransomware_strategies_abb_basf
Jasanz. Jasanz certificate register. n.d. Available from: https://register.jasanz.org/
Aburas M, Lee A. Exploring the critical success factors for effective implementation ofthe iso 9001 quality management system. Aust Jou Bas Appl Sci. 2019;13(12):72–77.doi: 10.22587/ajbas.2019.13.12.11
Yusoff S, Nordin R, Yusoff H. Environmental management systems (ems) ISO 14001implementation in construction industry: a Malaysian case study. Issues Soc EnvironAcc. 2015;9(1):18. doi: 10.22164/isea.v9i1.97
ISO 45001 Occupational health and safety management systems – Requirements withguidance for use. 2018. https://www.standards.org.au/news/iso-45001-occupational-health-and-safety-management-systems-requirements-with-guidance-for-use#:~:text=ISO%2045001%2C%20Occupational%20health%20and,part%20of%20their%20business%20processes
CsC PH, Stehlková B. Information security management in small and mediumenterprises. In: International Multidisciplinary Scientific GeoConference: SGEM; Sofia.2011. Vol. 2. p. 527.
Topa I, Karyda M. From theory to practice: guidelines for enhancing informationsecurity management. ICS. 2019;27(3):326–342. doi: 10.1108/ICS-09-2018-0108
Shojaie B. Implementation of information security management systems based on theISOIEC 27001 standard in different cultures [Ph.D. thesis]. Hamburg, Germany: Staats-und Universitätsbibliothek Hamburg Carl von Ossietzky; 2018.
Coşkun İ, Akyüz GA. VARLIK YÖNETİMİ KAPSAMINDA ISO 55001 STANDARDI VE BİLGİTEKNOLOJİLERİNİN ROLÜ. Bus Manag Stud: An Int J. 2017;5(2):223. doi: 10.15295/bmij.v5i2.83
Mishra PC, Mohanty MK. A review of factors affecting mining operation. World J Eng.2020;17(3):457–472. doi: 10.1108/WJE-03-2019-0082
Tharshanth K, Damitha R, Thatshayini P. The importance of emergency preparednessand business continuity planning for business resilience: a literature review. 2020.Available from: http://dl.lib.uom.lk/handle/123/16542
Suresh NC, Sanders GL, Braunscheidel MJ. Business continuity management for supplychains facing catastrophic events. IEEE Eng Manag Rev. 2020;48(3):129–138. doi: 10.1109/EMR.2020.3005506
Jasanz. Jasanz annual report 2022–23. 2023. Available from: https://www.jasanz.org/wp-content/uploads/2023/10/JANZ003_Annual-Report_Web_FA.pdf
Simonovich L, Al-Ruwaii B, Beato F. Cyber resilience in the oil and gas industry: play-book for boards and corporate officers. 2021. Available from: https://www.weforum.org/whitepapers/cyber-resilience-in-the-oil-and-gas-industry-playbook-for-boards-and-corporate-officers/
Susanto H, Almunawar MN, Tuan YC. Information security challenge and breaches:novelty approach on measuring ISO 27001 readiness level. Int J Eng And Technol.2012;2(1):67–75.
Humphreys E. Implementing the ISO/IEC 27001 ISMS standard. United Kingdom:Artech House; 2016.
Watkins S, Calder A. It governance: an international guide to data security and ISO27001/ISO 27002. London: Kogan Page; 2020.
Wessels CH, et al. To IOT or not IOT: a critical analysis of the key legal considerationsapplicable in internet of things of implementations in the mining industry[Ph.D. thesis]. Pretoria, South Africa: University of Pretoria; 2016.
Snyder H. Literature review as a research methodology: an overview and guidelines.J Bus Res. 2019;104:333–339. doi: 10.1016/j.jbusres.2019.07.039
Page MJ, McKenzie JE, Bossuyt PM, et al. The prisma 2020 statement: an updatedguideline for reporting systematic reviews. BMJ. 2021;372:n71. doi: 10.1136/bmj.n71
Braun V, Clarke V. Thematic analysis: a practical guide. Los Angeles: SAGE publicationsLtd; 2021.
Adegbite AO, Akinwolemiwa DI, Uwaoma PU, et al. Review of cybersecurity strategiesin protecting national infrastructure: perspectives from the usa. Comput sci IT res j.2023;4(3):200–219. doi: 10.51594/csitrj.v4i3.658
Progoulakis I, Nikitakos N, Rohmeyer P, et al. Perspectives on cyber security for offshoreoil and gas assets. J Mar Sci Eng. 2021;9(2):112. doi: 10.3390/jmse9020112
Majernik M, Daneshjo N, Chovancová J, et al. Design of integrated managementsystems according to the revised ISO standards. Pol J Manag Stud. 2017;15(1):135–143. doi: 10.17512/pjms.2017.15.1.13
Kivilevich V, Bitton S. Australian mining companies and cybercriminals digging for thegold. 2017. Available from: https://www.kelacyber.com/australian-mining-companies-and-cybercriminals-digging-for-the-gold/
Yaokumah W, Brown S. An empirical study into information security governance focusareas and their effects on risk management. In: 2014 Annual Global Online Conferenceon Information and Computer Technology; Louisville, KY, USA. IEEE; 2014. p. 42–49.
Tatiara R, Fajar A, Siregar B, et al. Analysis of factors that inhibiting implementation ofinformation security management system (ISMS) based on ISO 27001. In: Journal ofPhysics: Conference Series; Medan, Indonesia. IOP Publishing; 2018. Vol. 978. p. 012039.
Soares L, Souza R. Cyber risks in the oil & gas industry. In: Proceedings of the Rio Oil andGas Expo and Conference, Rio de Janeiro, Brazil, Brazilian Petroleum, Gas and BiofuelsInstitute (IBP); Rio de Janeiro, Brazil. 2014. p. 15–18.
Lukwesa C, Upfold C. Information security practices in Zambian copper mines: aninvestigation into the state-of-practice of information security within Zambian coppermines based on the ISO/IEC 27002 standard. In: ICIME 2011-Proceedings of the 2ndInternational Conference on Information Management and Evaluation ICIME 2011; 27–28 April 2011; Ryerson University, Toronto, Canada. 2011. p. 281. https://www.google.com.au/books/edition/ICIME_2011_Proceedings_of_the_2nd_Intern/4HiKP9dDoc8C?hl=en&gbpv=0
PwC-Australia. Mine 2020: resilient and resourceful. 2020. Available from: https://www.pwc.com.au/mining/global-mine-2020.html
Cholteeva Y. Preventing cyberattacks in the oil and gas industry. 2021. Available from:https://www.offshore-technology.com/features/preventing-cyberattacks-in-the-oil-and-gas-industry/
Mitchell P, Wilson M. Cybersecurity in mining and metals. n.d. Available from: https://www.ey.com/en_au/mining-metals/cybersecurity
Kasyuma M. Cyber threats and cyber security in ISO certified organizations in Kenya[Ph.D. thesis]. Nairobi, Kenya: University of Nairobi; 2016.
Crozier R. Rio Tinto to build new ‘intelligent’ mines. 2018. Available from: https://www.itnews.com.au/news/rio-tinto-to-build-new-intelligent-mines-494651
Cassotta S, Sidortsov R, Pursiainen C, et al. Cyber threats, harsh environment and theEuropean high north (EHN) in a human security and multi-level regulatory globaldimension: which framework applicable to critical infrastructures under “exceptionallycritical infrastructure conditions” (ECIC)? Beijing Law Rev. 2019;10(3):317–347. doi: 10.4236/blr.2019.102020
Similar Articles
- Dr. Laura Stein, ADVANCING PROACTIVE CYBERSECURITY THROUGH CYBER THREAT INTELLIGENCE MINING: A COMPREHENSIVE REVIEW AND FUTURE DIRECTIONS , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 02 (2025): Volume 02 Issue 02
- Farah Al-Mansouri, THE IMPLICIT LANGUAGE OF CYBERSECURITY: EDUCATIONAL CHALLENGES AND IMPLICATIONS , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 07 (2025): Volume 02 Issue 07
- Dr. Arjun Pratap Singh, Dr. Neha Verma, Research on Unusual Transmission Pattern Recognition in Telecommunication Infrastructure Using Fuzzy Equation Approach , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 04 (2026): Volume 03 Issue 04
- Dr. Amara Ndlovu, Dr. Faisal Khan, CYBERSECURITY IN VIRTUAL GATHERINGS: RISKS AND REMEDIAL STRATEGIES FOR VIDEO CONFERENCING SOFTWARE , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 04 (2025): Volume 02 Issue 04
- Dr. Elena Petrova, Research on Unusual Transmission Pattern Recognition in Telecommunication Infrastructure Using Fuzzy Equation Approach , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 04 (2026): Volume 03 Issue 04
- Dr. Ahmed N. El-Tayeb, Miguel Ángel Ortega, INTEGRATING CYBER THREAT INTELLIGENCE WITHIN COMMERCIAL ENTERPRISES: A STRATEGIC FRAMEWORK FOR ENHANCED SECURITY POSTURE , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 1 No. 01 (2024): Volume 01 Issue 01
- Dr. Tanvi Das, James D. Walker, A FEDERATED MULTI-MODAL SYSTEM FOR INSIDER THREAT DETECTION IN ENERGY INFRASTRUCTURE USING BIOMETRIC AND CYBER DATA , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 01 (2025): Volume 02 Issue 01
- Prof. Hans-Peter Vogel, Dr. Farah Al-Dabbagh, UNINTENDED CONSEQUENCES AND SPILLOVER EFFECTS IN OFFENSIVE CYBER OPERATIONS: A SYSTEMATIC LITERATURE REVIEW , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 1 No. 01 (2024): Volume 01 Issue 01
- Dr. Alistair C. Finch, From Reactive to Predictive: A Framework for Integrating Threat Intelligence with SIEM for Proactive Threat Hunting , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 10 (2025): Volume 02 Issue 10
- Prof. Dmitry V. Volkov, Dr. Kofi Agyapong, ADAPTIVE TRUST BOUNDARY ENFORCEMENT: A COMPREHENSIVE REVIEW OF ZERO TRUST ARCHITECTURE IMPLEMENTATION AND USABILITY CHALLENGES , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 10 (2025): Volume 02 Issue 10
You may also start an advanced similarity search for this article.