Until recently, cybersecurity and the impacts of climate change were treated as distinct issues with separate focuses. However, today, these two critical challenges are merging. The rising frequency of extreme weather events and the worsening Atlantic hurricane season have vividly demonstrated the interconnectedness of our vital infrastructure and the far-reaching consequences of climate change.
Organizations operating within critical infrastructure sectors now confront heightened cyber threats as security vulnerabilities become apparent. Recent Bridewell research reveals that an overwhelming 84% of cybersecurity decision-makers in the United States’ critical infrastructure sector believe that environmental challenges are obstructing their efforts to protect crucial systems and data. Notably, climate events, like Hurricane Ian, are already causing substantial damage to infrastructure and compromising networks for a quarter of businesses.
An expanded attack surface
Organizations across all sectors bear the responsibility of contributing to the mission of achieving net-zero carbon emissions and are integrating new ‘green’ technologies into their strategies. However, the rapid proliferation of digital solutions also expands the attack surface of critical infrastructure networks.
A significant 91% of security leaders agree that newly introduced sustainable technologies and tools will increasingly serve as a primary point of entry for cyberattacks within critical infrastructure over the next five years. This concern extends beyond the direct consequences of the climate crisis to encompass the very measures adopted to address it.
Emerging sustainable technologies and carbon capture systems, often deployed by startups, frequently escape the scope and scale of regulation, thereby escalating cyber risks. Additionally, figures from the Financial Services Information Sharing and Analysis Center show 28% of organizations in the finance sector have reported a surge in ‘hacktivism’ linked to climate change. Recognizing and striking the right balance in addressing this dual challenge is imperative.
Challenges with Expertise and Awareness
Insufficient in-house expertise and limited awareness of cyber threats is further compounding the risk. Bridewell research found more than two-fifths (43%) of critical infrastructure organizations lack the skilled resources required to safely integrate these technologies into their existing systems. Additionally, almost half (49%) of C-suite leaders do not yet fully grasp the threats posed by sustainable solutions.
Navigating Regulatory and Security Challenges
The implementation of newly introduced sustainable solutions introduces an additional challenge. These solutions often rely on highly specialized equipment or software lacking a well-established security framework, making effective protection a challenge. Integrating these new sustainable technologies with legacy systems can also result in compatibility issues, leading to security vulnerabilities.
Meanwhile, cybercriminals are enhancing their toolsets to bypass existing protection, detection, and response capabilities offered by businesses. The increased availability of ‘off-the-shelf’ tools has lowered the entry barrier for less technically proficient criminals, heightening the potential for destructive attacks.
Mitigating Risks Associated with Sustainable Technologies
To effectively mitigate the risks associated with implementing sustainable technologies, organizations should embrace a security-by-design approach when deploying new sustainable tools. Consulting closely with experts to ensure that regulatory standards are met from the outset is vital.
Educating in-house employees about potential risks they can identify and avoid is the next step. Continuous training for teams across IT and OT (operational technology) departments within critical infrastructure can foster a holistic understanding of new technology deployments, their interdependencies, and the security threats they pose. A hybrid SOC (Security Operations Center) model can further alleviate the burden on internal teams by combining their expertise with that of outsourced experts, bridging existing skills gaps and upskilling employees.
Striking the Right Balance
Any forward-thinking business must remain committed to sustainability. However, it is crucial to address cybersecurity concerns associated with the deployment of new technologies. The potential disruption to critical national infrastructure networks, which support our way of life, including gas, water, and transportation, could have catastrophic consequences for society.
Nevertheless, by engaging with experts, organizations can successfully integrate security tools, leverage new approaches to sustainable solution integration, and educate their in-house teams about potential risks. Hybrid SOC models can combine internal and external resources to fill skills gaps. In this way, comprehensive cybersecurity and sustainability strategies need not be mutually exclusive.
By Chase Richardson, Lead Principal for Cybersecurity and Data Privacy at Bridewell