Reliability engineers and maintenance managers often assume that cyber attacks on mission-critical equipment in their plants are a remote prospect. However, recent devastating attacks on industrial facilities worldwide – and recently in Africa – show that increasingly automated and digitised equipment is far more vulnerable than previously thought.
There is much more at stake in dropping one’s guard: a cyber attack can cause extended downtime, leading to production losses that translate into huge sums of lost revenue.
In an interview with Machinery Maintenance Matters, Billy Petzer, Research Group Leader for Cybersecurity at the Council for Scientific and Industrial Research (CSIR) in South Africa, emphasises the need for greater vigilance. He urges heavy industries across the continent to invest adequately in cybersecurity measures to attain a robust level of cyber resilience.
It is better to be safe than sorry; err on the side of caution.
These two pieces of conventional wisdom – calls to action – have never been more relevant in the current atmosphere in African heavy industry. There is a growing threat to the reliability of mission-critical equipment: cyberattacks.
Conspicuously, in the hierarchy of risks, this is still not considered amongst the most likely causes of downtime. Usually, when machines stall, what first comes to mind are the ‘traditional’ root causes like component failure attributed to poor lubrication practices.
Mindset change
However, there is a need for a mindset change to confront the new reality, however costly and unpleasant it may seem from an OPEX perspective. Heavy industry should be to be vigilant considering the scale of the risks.
ECSA-registered professional engineer, Billy Petzer, Research Group Leader for Cybersecurity Systems at the CSIR in South Africa Petzer urges the industry to take the cyber risks seriously pointing out that the World Economic Forum (WEF) consistently ranks cyber risks among the top global threats. He draws attention to the vulnerability of machines.
What has elevated the vulnerability of heavy industry – in this context, mining and minerals, manufacturing, and energy and utilities, among others – to cyberattacks is that critical machines are becoming increasingly automated and digitally connected.
Usually, hackers target the IT environments that are often connected to the ICS/OT environments. Noteworthy is that these environments were not initially designed with security in mind, feature many legacy systems, and involve IT/OT convergence.
Plant reliability risk
Clearly, reliability engineers and maintenance managers can only underestimate cyberattacks in industrial plants at their own peril.
There are many cases indicating the reality of cyberattacks on critical plants.
Internationally, one of the high-profile cases is the Stuxnet worm cyberattack discovered in 2010 on an Iranian nuclear enrichment facility. The facility was targeted through a cyberattack, and nuclear centrifuges were physically destroyed as a result.
Locally, in South Africa, most such attacks have been more on the IT side, as opposed to the ICS/OT side, but the risks are very real nonetheless. The following, among others, stand out:
- Eastplats experienced a cyber incident in May 2025 in which internal company documents were leaked.
- Sibanye-Stillwater suffered a major outage of its global information technology (IT) systems in 2024. While core mining operations were able to continue, its IT infrastructure was heavily impacted.
For a business, an attack can have a devastating impact with implications for the bottom line, safety (leading to injury or death in some cases), and reputation, which affects investor confidence. So, reliability managers can’t ignore attacks anymore.
Building cyber resilience
With proper security planning and sound implementation, the potential risk to plant operations can be mitigated, states Petzer. “First, each business should know what its cyber-risk profile is. Once this has been determined, it usually becomes clear how big of a financial and reputational risk cyber incidents pose. After impacts are understood, investment should be appropriately allocated to reduce the risk. It should be deeply entrenched throughout the entire lifecycle of a system, from design all the way through to decommissioning.”
A critical area where cybersecurity must be extended is employee training and awareness, as it has repeatedly been shown that humans remain the weakest link in even the best-designed ecosystem, Petzer adds. The World Economic Forum has highlighted that a very high percentage of cyber incidents are enabled through human error or human involvement (with figures often cited around 95% in related discussions and reports).
After installation, once critical machines and control systems have been deemed secure and resilient, continuous maintenance is vital.
