The Rising Cost of Copper Theft in Critical Infrastructure

Copper has always been a target. But the economics driving theft from critical infrastructure have changed materially in recent years. Copper spot prices have climbed from around USD $4,000 per tonne in 2020 to record highs above USD $12,500 per tonne in early 2026 — driven by surging global demand from electric vehicle manufacturing, renewable energy buildout, and grid modernisation programs. The same infrastructure transition that is driving investment in Australia's energy and transport networks is simultaneously making every metre of copper cable in those networks more valuable to steal.

For thieves, the calculus is simple. A few hundred metres of signalling cable stripped from a rural rail corridor, or earthing conductors cut from a distribution network substation, can be worth thousands of dollars at a scrap metal dealer and is rarely traceable once it leaves the site. The risk is low and the reward is high. For the organisations that own and operate that infrastructure, the consequences are the inverse: significant repair costs, service disruptions that affect thousands of people, safety incidents, and a repair cycle that often takes days because the cable in question is a specialty item.

The volume and geography of these incidents make traditional physical security an incomplete answer. Your assets are spread across thousands of kilometres. You cannot patrol every section of track or every distribution line. But the people who steal copper at scale do not operate randomly — they scout locations, coordinate with buyers, discuss opportunities in networks, and move across jurisdictions in predictable patterns. That activity happens in open-source environments where it is visible to a system built to look for it.

When copper trades at record highs above USD $12,500 per tonne, a tonne of stripped cable is worth more than the average annual salary of the person stealing it.

Use Case 1: Protecting Railway Signalling Infrastructure

Australia's rail networks — passenger and freight — depend on extensive copper cabling for signalling systems, communications, and overhead wiring. Signalling cable is particularly attractive to thieves because it runs for long unguarded stretches through rural and peri-urban corridors, is accessible without specialist equipment, and is not easily monitored between maintenance visits.

The consequences extend well beyond the replacement cost. Signalling systems are safety-critical. When cable is removed, signals default to fault states, train services are suspended, and rail operators must dispatch track staff to verify safe conditions before services can resume. A single theft event in a rural corridor can cancel or delay dozens of services across an entire day. In 2023, rail operators in New South Wales reported multiple incidents across the regional network with copper theft confirmed as the cause.

The pattern of activity that precedes these incidents is consistent. Thieves typically scout target sections before acting — visiting sites, noting access points, and assessing cable runs. They coordinate with buyers who can move stripped copper quickly. And in many cases, they operate across multiple incidents in the same corridor before being detected, because each incident is treated as isolated rather than as part of a pattern.

CRIMP monitors social media, marketplace platforms, forums, and other open-source channels for signals associated with copper theft near your network. This includes keywords and location references indicating active scouting or selling, unusual activity in scrap metal trading communities, and connections between known identities and your specific corridors.

Use Case 2: Protecting Power Distribution Networks

Distribution network operators manage some of the most copper-dense infrastructure in the country. Substations, transformer installations, distribution lines, and earthing systems all rely on copper conductors — and unlike railway cable, much of this infrastructure sits in semi-urban and suburban environments that are easier to access and harder to monitor continuously.

Earthing conductors are a particularly common target: accessible, not always immediately apparent when removed from operational data, and their absence creates a genuine safety hazard for field workers who may assume the earthing is in place. In Queensland and Victoria, power distributors have reported copper theft costs running into the millions annually when total remediation, investigation, and service impact are included.

On the OSINT side, CRIMP monitors the same open-source environment — marketplace activity, coordination channels, scrap metal trading signals, and location-specific mentions near your assets. When copper prices spike, CRIMP can surface associated increases in relevant online activity, giving your security team advance warning that the risk environment is changing before the first incident in your network area occurs.

On the geospatial side, CRIMP monitors signals entering and exiting the boundaries of your defined asset areas. When an unknown device or vehicle enters the boundary zone of a substation outside normal maintenance windows, that signal is correlated against everything else active in the same context: relevant online activity in the area, a pattern of prior boundary events at nearby sites, and any dark web signals associated with the region.

When four substations across a regional service area register unexplained boundary activity within a three-week period, that is not four separate events. It is an organised ring with a methodology.

The Copper Price Factor

Rising copper prices have shifted the nature of the threat. Incidents that were previously opportunistic have increasingly given way to organised theft rings that target specific equipment types and move quickly across multiple sites in the same network area. The methodology is systematic, the geographic spread is deliberate, and the individual site-by-site view that most operational teams work with is poorly suited to detecting it.

CRIMP's monitoring is continuous and adapts to the signals present in the current environment. When commodity prices shift the incentive structure for theft, the relevant signals in online environments shift too. CRIMP is watching for both.

SOCI Act Obligations

Rail transport operators and energy network operators are both subject to the SOCI Act, with Critical Infrastructure Risk Management Program (CIRMP) obligations across physical security, personnel, cyber, and supply chain hazard domains. Copper theft sits squarely in the physical hazard domain, and CRIMP's capability — monitoring, detection, incident documentation, and law enforcement briefing — maps directly onto the physical risk management requirements of a compliant CIRMP. The record generated by CRIMP's case management is the kind of documented, systematic response that regulators expect to see: not anecdotes, but a clear trail of how threats were identified, assessed, and acted on.