#RSAC: Climate Change is Increasing Cyber-Risks

Written by

It is hard to imagine a link between climate change and cybersecurity, but there are a number of reasons why industry professionals need to pay attention to this existential threat.

Highlighting the connections between the two, Chloe Messdaghi, CEO & Founder, Global Secure Partners, said that  that the link between climate change and cybersecurity is “complex and multifaceted.”

She argued that climate change is leading to more opportunities for cyber-threat actors to strike.

Like all critical infrastructure, the green energy sector can be severely impacted by cyber-attacks. In 2021, the world’s largest manufacturer of wind turbines, Vestas Wind Systems, was forced to shut down IT systems across several locations after a cyber-incident.

These new energy sources come with reliance on new technologies, which are often particularly vulnerable to attacks as they often have not been hardened to combat cyber-threats. For example, Messdaghi noted electronic vehicles will require a network of charge points, which will need to be connected to the grid and operated by a central system – likely to be a big target for threat actors.

“As our world shifts towards clean energy, new systems will be developed and implemented, which will create new cybersecurity risks,” stated Messdaghi.

Read more on Infosecurity coverage of the RSA Conference: Cyber Intrusion Campaign Against Three US Federal Agencies Thwarted

Messdaghi noted that climate change can create more cyber-risk on global supply chains, “particularly for industries that rely on raw materials, energy and transportation.” This could lead to these businesses turning to alternative suppliers and adopting new technologies, in turn creating new vulnerabilities that can be exploited.

More frequent extreme weather events, like hurricanes and tsunamis, will put critical digital systems in greater physical danger, such as damaging underwater communication cables and off-site servers. The resulting disruption to internet connectivity puts systems at greater risk of attacks, said Messaghi, and this has already been demonstrated with events like Hurricane Sandy.

Further ways that climate change can indirectly increase cyber-attacks include causing a further growth in remote working due to extreme weather events, according to Messaghi.

Another is increased geopolitical instability due to famines and displacement of people because of rising temperatures. This environment could lead to more tensions between nation-states, which in turn leading to more cyber-attacks targeting rival nations’ critical infrastructure and for espionage purposes.

Messdaghi said that this is not a topic currently being discussed in the cybersecurity industry – “we are not prepared for it,” she said.

Organizations must be aware of the increased cyber-risks as a result of climate change, and build more resiliency into their systems, particularly when adopting systems to facilitate green technology, said Messdaghi. The starting point is to make this reality a frequent discussion point in the industry going forward.

What’s hot on Infosecurity Magazine?