Preserving energy, reducing our carbon footprint and living more sustainably have — rightfully — become priorities for millions of people. Businesses are also making a more conscious effort to prioritise environmental sustainability. One of the most crucial ways to achieve green targets is with robust cybersecurity.
How does cybersecurity affect the environment?
While it’s hard to envision how these two topics correlate, they are very much interconnected. The energy industry is rife with cybercrime, meaning that if environmental leaders don’t implement better security controls, the long-term consequences can be damaging.
Without solid and reliable cybersecurity controls and measures, severe cyber attacks could affect technologies that are instrumental in improving sustainability.
Organisations in the energy sector have fallen victim to cyber-attacks over the years, costing millions. A famous example is SolarWinds, a company that produces system management tools for network and infrastructure monitoring for many worldwide companies in energy. The malware attack on its Orion software in 2020 cost around $90 million (USD). This attack went undetected for several months, and the severity of the attack wasn’t known until long after it had been discovered.
The ransomware attack on the US Colonial Pipeline distribution network in 2021 cost the organisation nearly $5 million (USD) which it had to pay to a Russian hacker group. The attack caused a shutdown of operations for several days which resulted in fuel shortages across the East Coast of the US.
These are just two examples of how cyber attacks can severely damage a company’s reputation, cost it millions and stunt the progress of greater sustainability efforts. Looking at this issue in a more general sense, it’s important to understand and anticipate what could happen if energy companies don’t start prioritising cybersecurity.
So, let’s take a look at some of the key ways cybercrime jeopardises the real-world environment.
1. Protection of smart grids
The national and global shift towards renewable and clean energy relies on the even distribution of power and real-time responses via the smart grid. Large numbers of cybercriminals have shifted their focus to this infrastructure because of its insufficient protection and ease of access.
This type of grid is particularly susceptible to many types of cybercrime like ransomware, denial-of-service (DoS) and man-in-the-middle (MitM) attacks. Until leading energy companies address this weakness in their infrastructure, the transition to green energy will be met with more obstacles and delays.
2. Environmental connectivity
Internet of Things (IoT) devices provide real-time data that environmental organisations need for processing. If this connectivity isn’t secure, it could allow hackers to access controls to do the following:
- Alter chemical levels
- Release hazardous materials
- Disable or shut down stations
- Change temperatures
- Restrict access from authorised users
Numerous energy companies control and oversee various systems and applications that are all interconnected. If one is compromised, others could suffer the same fate. Therefore, multi-layered cybersecurity is an absolute minimum to ensure all processes remain uncompromised and risk-free.
3. Research
Environmental researchers use IoT devices for numerous condition-monitoring activities. This could range from tracking changes in ocean temperatures to the chemical composition of water supply networks.
Attackers that gain access to these systems can alter readings and provide misleading and false data. This can disrupt the progress of research and jeopardise any research or experiments conducted up to that point.
To protect the legitimacy, quality and sanctity of vital environmental research, devices and networks must be impenetrable with controls such as multi-factor authentication (MFA), endpoint protection and patch management.
4. Smart buildings and homes
Many homeowners are switching to smart homes in an attempt to become more sustainable and eco-friendly. Remotely controlling heating and lighting systems and other interconnected devices in a building is an innovative way to save more energy.
However, it’s important to ensure that the network (which is invariably a WiFi network) is secure, inaccessible and free from vulnerabilities. Any unsecured devices can provide an easy way in for an attacker, who can subsequently exploit other connected devices.
For example, an attacker might remotely infiltrate the commercial boiler or air source heat pump and increase the amount of heat it distributes, doing more harm to the environment, using more power and costing more for the building owner.
Therefore, it’s crucial to incorporate appropriate security controls for all interconnected devices that sit within a smart building.
5. Financial incentives
To become more environmentally friendly, companies often have to absorb higher upfront costs, such as investing in solar panels or heat pump installations.
However, the financial implications of a devastating cyber attack can dwarf these costs. As seen in the examples above, cybercrime can cost companies millions, which can severely restrict their ongoing spending on green initiatives.
A huge financial loss can delay a company’s plans to pursue top-level environmental causes. The disruption of Covid-19 undoubtedly halted many companies’ spending plans, so an overwhelmingly expensive data breach could do similar.
Therefore, it’s up to leaders and executives with financial influence to allocate sufficient funds for cybersecurity controls and protective measures, which are also expensive. However, it likely pales in comparison to the cost of a large-scale cyber attack. So it’s important to strike the right balance between protecting a company’s infrastructure and investing in its green future.
Environmental leaders must implement strict top-level cybersecurity controls
The bottom line is that cyber attacks and breaches don’t just affect a company. If hackers can access infrastructure at the highest level, the environmental dangers that exist could be so devastating that it negates all positive climate change efforts we have all made thus far.
It’s up to the leaders and people at the top to make these crucial decisions. They are inherently responsible for protecting the networks that link all these environment-saving activities and organisations together. Cybercrime must not disrupt any more activities now that the planet could be experiencing irreversible change.
