Eight-in-10 organizations across UK's critical national infrastructure (CNI) say that environmental challenges are hindering their efforts to safeguard critical systems and data, according to new research by cyber security services firm, Bridewell.
Twin threats
The research, which surveyed 500 cyber security decision-makers in the transport and aviation, finance, utilities, government, and communications sectors, reveals how the twin threats of climate change and cyber security are becoming intertwined and leaving organizations increasingly vulnerable.
Over eight-in-ten (83%) security leaders now agree that newly implemented sustainable technologies and tools will become a major new pathway for cyber attacks within CNI in the next five years, raising concerns about a fresh wave of attacks impacting daily life and the economy.
Lack a C-suite understanding
34% lack the skilled resource to safely integrate these tools into their existing systems
Amidst rising pressure to meet ambitious sustainability targets, organizations are already struggling to secure the new tools being introduced. For 42% of CNI operators, the challenges of managing and protecting rapidly deployed ‘green’ technologies are compromising their organization’s cyber security, while 34% lack the skilled resource to safely integrate these tools into their existing systems.
Almost half (43%) of organizations also lack a C-suite understanding of the cyber threats emerging from sustainable technologies, revealing significant blind spots at the highest levels of national security decision-making.
Climate-fueled cyber threats
With extreme weather events, including Storm Arwen, showcasing UK infrastructure’s natural vulnerability to the effects of climate change, Bridewell’s findings reflect mounting concerns about climate-fueled cyber threats and their cascading impacts on interdependent CNI sectors.
A quarter (25%) of organizations report that economic stress caused by climate change is causing an increase in cybercrime, while 20% are already seeing climate events damaging their critical infrastructure and compromising critical networks.
Heightened activism
Heightened activism around the climate crisis and other politically charged factors, such as energy shortages, are also creating new attack routes for nation-state actors and other criminals to exploit.
Following a recent surge in cyber attacks against European railway networks, three-in-10 organizations within the transport and aviation sector have seen a rise in ‘hacktivism’ due to climate change, creating further opportunities for critical systems to be targeted.
Cybersecurity risks
Sustainable technologies and carbon capture systems, being deployed by startups, pose risks"
Martin Riley, Director of Managed Security Services at Bridewell, commented, “Emerging sustainable technologies and carbon capture systems, being deployed by startups, pose significant cybersecurity risks for critical infrastructure as they fall outside of scope and size for regulation. This directly undermines the security of our most CNI, exposing organizations to even greater cyber threats."
Security-by-design approach
Martin Riley adds, "Organizations should be adopting a security-by-design approach with all newly implemented sustainable tools, consulting with experts to ensure that regulatory standards are being met."
He concludes, "By incorporating robust security measures from the outset and integrating them into existing systems, CNI can effectively address these vulnerabilities and mitigate the growing cyber threats being faced.”