Most organisations across UK critical national infrastructure (CNI) say that environmental challenges are hindering their efforts to safeguard critical systems and data, according to new research by a cyber security services firm.
Bridewell surveyed 500 cyber security decision makers in the transport and aviation, finance, utilities, government, and communications sectors. The twin threats of climate change and cyber security are becoming intertwined and leaving organisations increasingly vulnerable, it’s suggested. Most, 83 per cent of security leaders now agree that newly implemented sustainable technologies and tools will become a major new pathway for cyber attacks within CNI in the next five years.
Amidst pressure to meet sustainability targets, organisations are already struggling to secure the new tools being introduced. For 42pc of CNI operators, the challenges of managing and protecting rapidly deployed ‘green’ technologies are compromising their cyber security, while 34pc lack the skilled resource to safely integrate these tools into their systems. Some 43pc of those surveyed also lack C-suite understanding of the cyber threats emerging from sustainable technologies, suggesting blind spots at the highest levels of national security decision-making.
With extreme weather events, including Storm Arwen, showing UK infrastructure’s vulnerability to the effects of climate change, Bridewell says its findings reflect concerns about climate-fuelled cyber threats and their cascading impacts on (inter-dependent) CNI sectors. A quarter (25pc) of organisations now report that economic stress caused by climate change is causing an increase in cyber crime, while 20pc are already seeing climate events damaging their critical infrastructure and compromising critical networks.
Activism around the climate crisis and other politically charged factors, such as energy shortages, are also creating new attack routes for nation-state actors and other criminals to exploit. Following a recent surge in cyber attacks against European railway networks, three in ten surveyed within the transport and aviation sector have seen a rise in ‘hacktivism’ due to climate change, creating further opportunities for critical systems to be targeted.
Martin Riley, Director of Managed Security Services at Bridewell, pictured, said: “Emerging sustainable technologies and carbon capture systems, being deployed by startups, pose significant cybersecurity risks for critical infrastructure as they fall outside of scope and size for regulation. This directly undermines the security of our most CNI, exposing organizations to even greater cyber threats. Organizations should be adopting a security-by-design approach with all newly implemented sustainable tools, consulting with experts to ensure that regulatory standards are being met. By incorporating robust security measures from the outset and integrating them into existing systems, CNI can effectively address these vulnerabilities and mitigate the growing cyber threats being faced.”