It isn’t common to think of the intersection of cybersecurity and sustainability but the two areas are inextricably linked. Sustainability goals involve the shift to renewable energy sources, more efficient energy usage, and the integration of technology to maximize the productivity of existing energy resources.
And consider that all of this is occurring against the backdrop of increased malicious activity from threat actors against critical infrastructures, such as oil, gas, and electrical grids.
Fragility of infrastructures
One notable example of course is the colonial pipeline ransomware incident that sent many panicking regarding oil prices and served as a wake-up call to just how brittle our current ecosystem is when it comes to the vulnerabilities of existing energy providers and their supporting infrastructure.
This incident saw malicious actors steal 100 gigabytes of data within a couple of hours and then go on to infect the organization’s IT network as well, causing Colonial to shut down its systems to prevent further spread and impact. In this case, the malicious actors demanded and received over $4 million dollars in ransom, although the Department of Justice (DoJ) was able to recover over $2 million dollars in the end.
IoT increasing the attack surface
We’re also seeing a rise in the Internet-of-Things (IoT) and connected devices, bringing digital connectivity to traditional industrial infrastructure that many didn’t consider part of the broader digital environment. While increased connectivity brings a series of benefits and capabilities that weren’t possible previously, it also brings with it an increased attack surface.
Most IoT devices lack even basic cybersecurity requirements and as we connect more devices we open more pathways for malicious actors to compromise connected systems or leverage IoT devices for attacks themselves, such as in the case of Distributed Denial of Service (DDoS) attacks.
Open source software is open for attack
Another key challenge is the widespread growth and use of open-source software (OSS), even among critical infrastructure sectors. Research shows that OSS usage is pervasive across critical infrastructure and that most OSS components contain at least one or more critical or high vulnerabilities.
The rapid growth of OSS usage has now left the industry struggling to figure out how to secure the software supply chain, with guidance coming from sources such as NIST, OpenSSF, the NSA, and others as it relates to secure OSS usage.
In our shift to more sustainable and renewable energy sources, we have a multi-faceted problem in front of us. This involves securing the existing fragile and vulnerable infrastructure from incidents like some of those mentioned above. It also involves ensuring key security requirements and best practices are considered throughout the system development life cycle of modern renewable and sustainable energy sources and their supporting systems.
Failing to do so will inevitably lead to us repeating the mistakes of the past rather than building on often painful lessons learned.
Malicious actors have realized how potentially profitable it can be to target critical infrastructure, through methods such as ransomware, as well as how vulnerable and antiquated most legacy critical infrastructure systems are. They will be looking for the same or similar flaws in emerging critical infrastructures such as energy and industrial systems.
Emphasizing security’s role in these modern systems as they are developed can usher in an era of a more stable and resilient critical infrastructure, but it requires work upfront to ensure that is the case.
Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel: