It’s not common to think about the intersection of cybersecurity and sustainability, but the two areas are closely related. Sustainability goals include shifting to renewable energy sources, using energy more efficiently, and integrating technology to maximize the productivity of existing energy resources.
And consider all this against the backdrop of increased malicious activity by attackers against critical infrastructure such as oil, gas and power grids.
One notable example, of course, is the colonial-era pipeline ransomware incident that caused a lot of panic over oil prices and the current ecological crisis regarding vulnerabilities in existing energy providers and the infrastructure that supports them. It was a wake-up call about how vulnerable the system is.
In this incident, malicious actors stole 100 gigabytes of data within hours and then also infected the organization’s IT network, causing Colonial to shut down the system to prevent further spread and impact. In this case, malicious actors demanded and received a ransom of over $4 million for her, but the Department of Justice (DoJ) was ultimately able to get back over $2 million for her.
IoT expands attack surface
We have also seen the rise of the Internet of Things (IoT) and connected devices, bringing digital connectivity to traditional industrial infrastructure. This was not considered by many to be part of the wider digital landscape. Improved connectivity brings a set of benefits and capabilities not previously possible, but also increases the attack surface.
Most IoT devices lack even basic cybersecurity requirements. As more devices connect, more opportunities exist for malicious actors to compromise connected systems or exploit IoT devices themselves for attacks, as in the case of distributed denial of service (DDoS) attacks. A pathway is opened.
Open source software is open to attack
Another key challenge is the widespread growth and use of open source software (OSS), even among critical infrastructure sectors. Research shows that OSS usage is pervasive across critical infrastructures, and most OSS components contain at least one critical or high-level vulnerability.
Today, with the rapid growth of OSS usage, the industry is struggling to find ways to secure the software supply chain. He has guidance from NIST, OpenSSF, NSA and other sources related to the safe use of OSS.
We face a multifaceted challenge in the transition to more sustainable and renewable energy sources. This includes protecting existing vulnerable and vulnerable infrastructure from incidents like the ones mentioned above. It also includes ensuring that key security requirements and best practices are considered throughout the system development lifecycle of modern renewable and sustainable energy sources and the systems that support them.
Otherwise, it is inevitable that we will repeat the mistakes of the past rather than accumulate lessons that are often painful.
Malicious attackers have realized how profitable it can be to target critical infrastructure with methods such as ransomware, and how vulnerable and outdated most legacy critical infrastructure systems are. recognizing. They look for the same or similar flaws in emerging critical infrastructure such as energy and industrial systems.
By emphasizing the role of security during the development of these modern systems, we can usher in an era of more stable and resilient critical infrastructure, but work ahead to ensure that is needed.
Need more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel.