We continue to see a push for sustainability in the technology sector. It’s receiving greater attention due to political and social discourse on climate change and the growth of massive cloud computing facilities and their environmental footprint.
Innovative technologies including digital sensors, Internet of Things (IoT) devices, and others support the push for sustainability but they need to be safeguarded — along with the data they process, store, and utilize — in ways that don’t apply to the legacy technologies they are replacing.
Perils of Integrating Sustainable Technologies
As these “smart” devices get integrated into our operational technology (OT) footprint and critical infrastructure, they increase the attack surface that malicious actors can target. Massive growth in IoT and connected devices creates a need for modernized data security standards that takes these innovative technologies, and their expanding usage, into consideration
Additionally, sustainable technologies, much like the broader IT and OT ecosystem, rely heavily on open-source software (OSS), which requires its own unique cybersecurity safeguards. This includes understanding your OSS component inventory, the provenance of those OSS components, and being prepared to “virtually patch” components if project maintainers don’t respond to vulnerabilities in the timelines you require.
Which companies are the most important vendors in cybersecurity? Check out
the Acceleration Economy Cybersecurity
Top 10 Shortlist.
Attacks and the Need for Modernized Data Standards
Sustainable technologies play a key role in critical infrastructure and citizen services upon which our society relies. We know that critical infrastructure is regularly under attack, not just from run-of-the-mill malicious actors, but also national state-sponsored attackers, as we saw in the case of the Colonial Pipeline ransomware attack.
That attack impacted millions of Americans and cost a significant amount to both the organization and citizens due to panic buying and other responses to the pipeline’s shutdown. It also sparked a response from the Transportation Security Agency, which issued new guidance and requirements to pipeline operators.
This is where secure data standards for sustainable technology and efforts come into play. Organizations should be deliberate in their efforts to examine their sustainability efforts, the technologies involved and, most importantly, the data involved.
From there, they can create secure data standards that leverage existing frameworks such as the National Institute of Standards and Technologies (NIST) Cybersecurity Framework (CSF), which is currently undergoing its largest-ever update. As an indicator of the breadth of this work, NIST has even gone as far as producing a “Manufacturing Profile,” which is tailored for managing risk associated with manufacturers.
Continue the Conversation
NIST isn’t the only organization discussing cybersecurity and its relationship to sustainability and associated technologies. The World Economic Forum (WEF) states that cybersecurity should also be a part of environmental, social, and governance (ESG) efforts, saying that cyber threats pose risks to corporate value and to society, and that insurance cannot mitigate risk indefinitely.
Leaders from some of the world’s largest technology organizations, such as Julie Sweet, CEO of Accenture, are echoing this sentiment, noting that sustainability is driving business objectives and that corporate leadership must also consider cybersecurity in its conversations around sustainability.
While organizations are integrating sustainability considerations and goals into their key business objectives and strategies, they are faced with cyber threats that continue to evolve and a threat landscape that remains dynamic. This requires a comprehensive approach that considers cybersecurity as part of broader sustainability goals tied to business objectives. If we neglect to incorporate cybersecurity into emerging sustainability initiatives, we risk ending up with an approach that is “bolted-on” rather than “built-in.”
Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel: