As mining operations become more connected, the line between cyber and physical risk is blurring, prompting operators to adopt integrated, all-hazards security frameworks.
In security, there is no such thing as partial effectiveness; you are as good as your weakest link. Australia’s mining sector operates in an environment where security risks aren’t separated into physical and cyber silos, and where an all-hazards mindset is a competitive necessity.
While mining is not designated as critical infrastructure under the Security of Critical Infrastructure (SOCI) Act 2018, Anchoram head of critical infrastructure security James Kambourian said leading operators are aligning with its security expectations despite sitting outside its formal obligations.
“This gap creates a risk of complacency in an environment where the consequences of disruption, environmental harm or community impact can rival those in official critical infrastructure sectors,” Kambourian said.
Anchoram, a firm specialising in connecting data, technology and cyber issues, aims to bridge that gap, drawing on experience supporting critical infrastructure operators to strengthen cyber–physical environments, including complex operational technology (OT) and remote systems.
“That experience, spanning rail, energy utilities and other high-availability environments, is directly applicable to mining organisations seeking to attain maturity without waiting for regulation to force the issue,” Anchoram’s newly appointed mining sector lead Mithran Manuel said.
“Anchoram can help mining clients develop integrated security strategies that span physical, personnel, cyber and OT domains, supported by governance frameworks and playbooks aligned to an all-hazards philosophy.”
This approach extends to the interrelation of energy across the critical infrastructure sector, where electricity generation, transmission and distribution underpin operations. The removal of a significant portion of resources by any major participant could interrupt energy generation within the national energy market or wholesale electricity market.
“Forward-leaning miners are therefore adopting governance, risk and assurance practices aligned to critical infrastructure norms, including scenario-based planning for low-likelihood but high-impact events,” Kambourian said. “This means treating large mine complexes, integrated rail and port chains, and associated power and water systems as critical systems in all but regulatory name.”
Central to this shift is the all-hazards approach, which assumes threat vectors can interact and cascade across operations, rather than being managed through separate risk registers across safety, security, environment and cyber.
Anchoram identified key elements of this framework, including risk, consequence analysis and unified response, and recovery playbooks linking site, regional and corporate teams.
“This is increasingly supported by standards-aligned approaches to OT and cyber–physical systems risk, such as applying IEC 62443 concepts to rail for autonomous haulage, process control, and remote operations centres,” Kambourian said.
Manuel, who has extensive experience within the mining sector, said integration is becoming critical as digital transformation converges IT systems with OT networks.
“Access control systems, vehicle telemetry, explosives management, logistics scheduling and safety systems now share data and control pathways across IT and OT, creating new failure modes when attacked or misconfigured,” he said.
“In remote Australian sites with limited local infrastructure, these converged threats are amplified by response delays, harsh operating environments for equipment, and reliance on third-party connectivity and remote support.”
This convergence is addressed through aligned controls across physical and digital systems, including linking perimeter intrusion detection, CCTV analytics and OT anomaly detection, and integrating contractor onboarding, identity and access management, and remote access gateways so changes in role or risk profile update site and network permissions.
Anchoram also develops incident response runbooks where physical security, operations, health, safety and environment, and cyber teams rehearse joint scenarios rather than standalone incidents.
“Investors, insurers and major customers are asking more probing questions about cyber–physical resilience, supply chain continuity and crisis preparedness, particularly for operations in environmentally and socially sensitive regions,” Kambourian said.
With operations becoming more connected, remote and exposed to converging threats, Anchoram believes an integrated cyber–physical approach is no longer a future consideration but a present-day requirement to provide resilience.
This feature appeared in the April issue of Australian Mining magazine.