CNI Firms: Climate Tech is Increasing Cyber Risk – Source: www.infosecurity-magazine.com

Over eight in 10 (83%) of the UK’s critical national infrastructure (CNI) firms believe new technologies designed to enhance sustainability will become a significant vector for cyber-attacks, according to Bridewell.

The security services firm polled 500 cybersecurity decision-makers in the transport and aviation, finance, utilities, government, and communications sectors to compile its report, Security and Sustainability Across Critical National Infrastructure: 2023.

Read more on CNI threats: Critical Infrastructure Firms See Cyber-Attacks Surge.

The report found that most UK CNI firms have active IT (58%) or OT (62%) projects underway, focused on reducing carbon emissions and enhancing resource efficiency.

However, the vast majority are also concerned that these new technology deployments – which could span cloud computing, renewable energy infrastructure and smart grids – will expand the cyber-attack surface and number of entry points across CNI networks.

Over two-fifths (42%) of respondents claimed these new technologies are harder to manage and protect, and a similar share (40%) that they will require significant retraining of security teams. Even more (43%) are concerned that the C-suite appears to have little understanding of the new risks their organization could be exposed to.

Industry professionals polled by Bridewell pointed to other ways climate change may pose a threat to cybersecurity.

A fifth (20%) claimed extreme weather could compromise critical networks, and 22% said it would lead to more home working, which also expands the corporate attack surface. A quarter claimed economic stress caused by climate change could be a spur for more cybercrime, while 23% agreed that it could also lead to a rise in political hacktivism.

“Emerging sustainable technologies and carbon capture systems, being deployed by start-ups, pose significant cybersecurity risks for critical infrastructure as they fall outside of scope and size for regulation. This directly undermines the security of most CNI, exposing organizations to even greater cyber threats,” argued Bridewell’s director of managed security services, Martin Riley.

“Organizations should be adopting a security-by-design approach with all newly implemented sustainable tools, consulting with experts to ensure that regulatory standards are being met. By incorporating robust security measures from the outset and integrating them into existing systems, CNI can effectively address these vulnerabilities and mitigate the growing cyber threats being faced.”