Environmental sustainability has become a significant concern for businesses today. Yet, many are not seeing the connection between sustainability efforts and cybersecurity. Despite how different they may seem, these two topics are intertwined. If environmental services and infrastructure don’t embrace better security, the consequences could be severe.
If organizations hope to make a positive environmental impact, they need thorough, reliable cybersecurity. Without it, cyberattacks could jeopardize environmental technologies and bring sustainability efforts to a halt.
Greener Energy Means More Connected Infrastructure
The shift to green power is a main tenet of sustainability, and this move requires connected infrastructure. This is because large-scale renewable energy relies on smart grids to distribute power efficiently and respond to changing power generation rates. Consequently, the green energy movement increases areas’ attack surfaces.
The 2020 SolarWinds supply chain attack highlighted how vulnerable this connected infrastructure often is. Critical infrastructure and government targets made up a considerable population of the attack targets. Since cyberattacks have only recently become a threat to these processes, many lack sufficient protections.
Smart grids open the door for ransomware, DDoS, and other attacks on the energy critical infrastructure sector. If power companies don’t adapt to these risks, the transition to green energy could result in devastating attacks, including power surges, dips, and blackouts.
Cyberattacks Threaten Environmental Processes
Environmental services involve more connected devices than smart grids, too. IT/IoT convergence is critical to sustainability, as IoT devices provide the data and control that organizations need to protect the environment. Without better cybersecurity, this connectivity could let cybercriminals attack environmental processes themselves.
In February 2021, an attacker accessed the controls to a water treatment plant in Florida, changing the sodium hydroxide levels in the water from 100 parts per million to 11,100. Had operators not noticed and responded to the change early, it could have had devastating effects. The altered water could have poisoned citizens, as well as plant and animal life that came into contact with it.
Similar attacks could threaten many sustainability initiatives. Attackers could release hazardous waste into surrounding ecosystems or disable wildfire alert systems. In these instances, connected infrastructure may threaten the environment more than protect it.
Attacks Could Jeopardize Smart Buildings
Smart buildings have also become increasingly popular as businesses and homeowners reduce their carbon footprints. Internet-connected lights, water, and HVAC systems can reduce energy consumption by 25%, but they also increase vulnerability.
One smart building consulting firm noticed a 600% uptick in ransomware attacks against its clients in 2020. Building owners often incorporate extensive connected infrastructure without thinking about how it expands their attack surface. These many unsecured devices then give attackers many opportunities to wreak havoc.
These attacks could turn a system intended to protect the environment into one that actively harms it. Cybercriminals infiltrating a connected HVAC system could turn up the heat to extremes, consuming considerable amounts of power. The same thing can happen with connected lights and outlets, turning smart buildings carbon-intensive instead of energy-efficient.
Cybercrime Endangers Environmental Research
Connected devices also play a crucial role in environmental research. The effects of climate change are rarely evenly distributed. For example, the Gulf of Maine has warmed faster than 99% of the global ocean in the past decade. Researchers rely on IoT systems to monitor these changes, opening them to attack.
These attacks may be less obvious than those on smart buildings or critical infrastructure but could still have severe consequences. An attacker could change the readings of monitoring systems, providing scientists with misleading data. If this information informs policy changes or new technologies, it could thoroughly disrupt environmental efforts.
Incremental changes to how these devices measure their environments may not be noticeable without network monitoring. Consequently, without robust cybersecurity, cyberattacks could throw environmental research off-course.
Breaches Can Limit Environmental Spending
Finally, cybersecurity impacts environmental services and infrastructure through their finances. Decreasing an organization's carbon footprint often involves high upfront costs. The high cost of cybercrime can stand in the way of businesses spending that on environmental initiatives.
Despite companies’ willingness to pursue environmental causes, they’re still expensive, making them prone to delay after a financial setback. A 2021 survey revealed that 65% of executives cut back on environmental spending due to pandemic-related economic downturns. This precedent holds that businesses tend to delay their environmental projects after a financial loss.
Average ransomware costs have nearly tripled between 2019 and 2020, and this trend will likely continue as data becomes more widely valuable. Companies may not be able to afford to pursue environmental initiatives after an incident this costly. Data breaches delay construction projects too, and attacks may slow the building of new sustainable infrastructure. Cybercrime may not stop environmental spending and projects, but it will slow it.
Environmental Services Need Reliable Cybersecurity
Environmental responsibility is an urgent concern, and many businesses recognize that urgency. However, they must also recognize the urgency of cybersecurity in this area, or else their sustainability actions may cause more harm than good.
Sustainability is inseparable from connected technologies and data, and the nexus of the two emphasizes how much environmental services need reliable cybersecurity. As businesses increase their environmental infrastructure ventures, one way to make sure that they scale correctly is to invest proportionally in services and technologies that protect them.
About the Author: Dylan Berger has several years of experience writing about cybercrime, cybersecurity, and similar topics. He’s passionate about fraud prevention and cybersecurity’s relationship with the supply chain. He’s a prolific blogger and regularly contributes to other tech, cybersecurity, and supply chain blogs across the web.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire, Inc.
Achieving Resilience with NERC CIP
Explore the critical role of cybersecurity in protecting national Bulk Electric Systems. Tripwire's NERC CIP Solution Suite offers advanced tools for continuous monitoring and automation solutions, ensuring compliance with evolving standards and enhancing overall security resilience.
