In addition to animal extinction and economic recession, climate change also provokes cyberattacks on organizations that either did not install cybersecurity or developed it without taking cataclysms into account.
We are all aware of the effects of climate change: more frequent and extreme weather events are occurring, and they will only continue. Sea levels will continue to rise. Agriculture and food will be under threat. The physical and mental health of citizens will be affected. There will be new pandemics. If the economy suffers, it will suffer. Some animal species will become extinct.
Global Secure Partners is a consulting firm that provides end-to-end services for developing and maintaining a strong security culture, minimizing the risk of security incidents, and retaining valuable security employees. The company’s founder and CEO is Chloe Messdagi, a renowned cybersecurity expert and philanthropist.
“There is no direct causal relationship between climate change and cybersecurity. But the main takeaway is that climate change will lead to more cyberattacks,” Messdagi admitted.
Link between climate change and cyberattacks
Messdagi said climate change is increasing cyber threats, instability and disruptions that cybercriminals can take advantage of. In particular, she noted the following effects:
- extreme weather events can damage physical infrastructure, including data centers (DPCs), servers, and critical IT systems, leaving them vulnerable to attacks.
For example, during Hurricane Sandy in 2012, large data centers were damaged, resulting in internet outages. The 2018 Indonesian earthquake and tsunami damaged underground cables, disrupting internet connectivity, mobile networks and financial transactions.
- Supply chain issues, especially in industries dependent on raw materials, energy and transport, may arise as a result of climate change. When supply chains are disrupted, businesses turn to alternative suppliers or adopt new technologies to maintain production levels. These changes could create new vulnerabilities in the supply chain that could be exploited by attackers.
For example, severe floods in 2011 in Thailand caused a halt in the production of electronicsincluding hard drives and semiconductors. A number of factories have suspended their operations, including Western Digital.
- Boom of remote work started during the COVID-19 pandemic and continues to this day. Remote work creates new security risks, such as unsecured home networks or personal devices used for work purposes. Security burnout will definitely increase if you work from home and all the technology shifts are happening with new risks and new pandemics.
- Implementation of “green” technologies — or the introduction of any new technology — creates new attack vectors. Attacks on such systems can lead to failures or losses if they are not properly protected.
- Nation state attacks may intensify as a result of geopolitical instability caused by climate change. Cyber attacks will target critical infrastructure, target new technologies, and seek to steal intellectual property related to clean energy and climate change.
- cloud servicesadopted by many organizations in an attempt to reduce their carbon footprint, address new cloud threats and vulnerabilities.
- IoT devicesadopted by many organizations to manage and monitor climate risks have their own set of security policies and concerns.
- social engineering will rise as climate change causes more catastrophic events. Social engineering attacks are more successful when there is chaos, Messdagi said, citing an increase in phishing attacks during the COVID-19 pandemic.
How the IT and Information Security Industry Affects Climate Change
The cybersecurity industry may not be directly responsible for climate change, but it is part of a larger IT industry that is contributing to climate change:
- Data centers consume a lot of energy, rely on fossil fuels and produce a lot of emissions.
By dataAccording to the International Energy Agency (IEA), global data centers consume up to 320 terawatt-hours (TWh) of electricity annually, or about 1.3% of global electricity demand – more than energy consumption in Iran.
Data center transmission networks consume up to 340 TWh of electricity annually, or about 1.4% of global electricity demand. Together they account for 0.6% of total greenhouse gas emissions.
- Activity of crypto assets worldwide creates about 140 million tons of carbon dioxide (CO2) annually, or about 0.3% of global greenhouse gas emissions. US CO2 emissions constitute up to 50 million tons per year, which is up to 0.8% of total US greenhouse gas emissions.
Sierra Club and Earthjustice reportedthat crypto mining in the US from mid-2021 to mid-2022 resulted in 27.4 million tons of CO2 emissions, which is 3 times the emissions of the largest coal-fired power plant in the US in 2021.
- Artificial intelligence consumes a huge amount of energy. Training one AI system can lead to emitting 113 tons of CO2. Artificial intelligence in all sectors affects CO2 emissions in much the same way as the aviation industry.
How to reduce risk
Reducing climate change-related vulnerabilities and attack risks also requires standard cybersecurity practices. Messdagi made several recommendations for companies:
- Conduct a risk assessment;
- Develop a cyber security plan;
- Implement strong encryption and authentication protocols;
- Collaborate with other organizations;
- Develop a business continuity plan;
- Stay aware of new threats and vulnerabilities;
- Develop a strong safety culture;
- Train employees;
- Create and maintain an incident response plan;
- Develop cooperation with law enforcement agencies and government agencies.
With regard to climate change specifically, Messdagi recommended that security teams collaborate with other workers in their organization and do the following:
- Know your organization’s carbon footprint;
- Promote remote work and reduce the number of business trips;
- Implement green technologies and renewable energy sources;
- Promote policies and regulations that support sustainable practices.
While green cybersecurity has not been a big part of the climate change conversation, it will – and should – get more attention. Messdagi suggested that green cybersecurity technologies and policies, such as smart grid cybersecurity, green IT systems cybersecurity, and sustainable cybersecurity, be created and implemented to begin with.
Messdagi also encouraged organizations to start discussing climate change and how it affects a company’s cybersecurity. The expert urged security leaders to focus on resilience and educate their team so they can deal with the effects of climate change, starting with cyber attacks.