It may not be apparent at first glance, but cybersecurity and sustainability are inextricably linked. Today, sustainability goals — the shift to renewable energy sources, more efficient energy usage, and integration of connected sensors to maximize resource productivity — are pursued against the backdrop of increased malicious activity from threat actors targeting critical infrastructure including oil, gas, and electrical grids.
In this analysis, we will explore this intersection of cybersecurity and sustainability with a spotlight on ransomware, the Internet of Things (IoT), and open-source software (OSS).
Ransomware and the Colonial Pipeline
One notable example of the cybersecurity and sustainability intersection is the Colonial Pipeline ransomware incident that sent many panicking due to its potential impact on oil prices. The incident served as a wake-up call to just how brittle our current ecosystem is when it comes to existing energy providers’ vulnerabilities and their supporting infrastructure.
The Colonial Pipeline incident saw malicious actors steal 100 gigabytes of data within a couple of hours and then go on to infect the organization’s information technology (IT) network as well, causing Colonial to shut down its systems to prevent further spread, which would have had a negative impact on the sustainability of the pipeline and its associated infrastructure. In this case, the malicious actors demanded and received more than $4 million in ransom, although the Department of Justice (DoJ) was able to recover more than $2 million in the end.
IoT Expands Attack Surface
We’re also seeing a rise in IoT and connected devices such as AI-enabled sensors and computer vision-powered cameras. These devices bring digital connectivity to traditional industrial infrastructure, which traditionally hasn’t been considered part of the broader digital environment. While increased connectivity brings benefits and capabilities that weren’t possible previously — including monitoring energy use, analyzing air quality, optimizing farming — it also brings an increased attack surface.
Many IoT devices lack even basic cybersecurity functionality, such as encryption and robust passwords. As we connect more devices, we open new pathways for malicious actors to compromise connected systems or leverage IoT devices for attacks themselves, such as in the case of Distributed Denial of Service (DDoS) attacks, which can impact the efficiency of systems by deggrading them or, in some cases, taking them offline entirely.
With IoT devices projected to grow into the tens of billions in the coming years, sustainability needs to be a key consideration for this increasingly ubiquitous technology.
Open-Source and Software Supply Chains
Another key challenge is the widespread growth and use of open-source software, even among critical infrastructure sectors. OSS usage contributes to sustainability by maximizing the use of existing software and code and eliminating inefficiencies. It also introduces standardization across the ecosystem and leads to a robust community of contributors and maintainers.
Research shows that OSS usage is pervasive across critical infrastructure (oil, gas, electrical grids) and that most OSS components contain at least one or more critical or high vulnerabilities. This rapid growth of OSS usage has left the industry struggling to figure out how to secure the software supply chain, with guidance coming from sources such as NIST, OpenSSF, the National Security Agency (NSA), and others as it relates to secure OSS usage.
Which companies are the most important vendors in cybersecurity? Click here to see the Acceleration Economy Top 10 Cybersecurity Shortlist, as selected by our expert team of practitioner-analysts.
Malicious actors have realized how potentially profitable it can be to target critical infrastructure, through methods such as ransomware, as well as how vulnerable and antiquated many legacy infrastructure systems are. They will be looking for the same or similar flaws in emerging critical infrastructure such as energy and industrial systems.
Emphasizing security’s role in these modern systems as they are developed can usher in an era of more stable and resilient critical infrastructure. That will require more work upfront to ensure that is the case. It also involves ensuring that key security requirements and best practices are considered throughout the development lifecycle of modern renewable and sustainable energy sources. Failing to do so will inevitably lead to us repeating the mistakes of the past rather than building on painful lessons learned.
Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel: