84% of US critical infrastructure now at heightened risk by the effects of climate change, with new sustainable technologies exposing organizations to greater security threats

Over eight-in-10 organizations across US critical infrastructure say that environmental challenges are hindering their efforts to safeguard critical systems and data, according to new research by leading cybersecurity services firm, Bridewell.

The research, which surveyed cybersecurity decision-makers in the transport and aviation, finance, utilities, government, and communications sectors, reveals how the twin threats of climate change and cybersecurity are becoming intertwined and leaving organizations increasingly vulnerable. Over nine-in-10 (91%) security leaders now agree that newly implemented sustainable technologies and tools will become a major new pathway for cyber-attacks within critical infrastructure in the next five years, raising concerns about a fresh wave of attacks impacting daily life and the economy.

Amidst rising pressure to meet ambitious sustainability targets, organizations are already struggling to secure the new tools being introduced. For 47% of critical infrastructure operators, the challenges of managing and protecting rapidly deployed ‘green’ technologies are compromising their organization’s cybersecurity, while 43% lack the skilled resource to safely integrate these tools into their existing systems. Almost half (49%) of organizations surveyed also lack a C-suite understanding of the cyber threats emerging from sustainable technologies, revealing significant blind spots at the highest levels of national security decision-making.

With recent extreme weather events, including Hurricane Ian, showcasing US infrastructure’s natural vulnerability to the effects of climate change, Bridewell’s findings reflect mounting concerns about climate-fuelled cyber threats and their cascading impacts on interdependent critical sectors. A quarter (25%) of organizations are already seeing climate events damaging their critical infrastructure and compromising critical networks, while 22% report that economic stress caused by climate change is causing an increase in cybercrime.

Heightened activism around the climate crisis and other politically charged factors, such as rising energy costs, are also creating new attack routes for nation-state actors and other criminals to exploit. Following a recent surge in ideologically motivated cyber-attacks against the financial services industry, almost a third (28%) of finance organizations have seen a rise in ‘hacktivism’ due to climate change, creating further opportunities for critical systems to be targeted.

Martin Riley, Director of Managed Security Services at Bridewell, commented: “Emerging sustainable technologies and carbon capture systems, being deployed by startups, pose significant cybersecurity risks for critical infrastructure as they fall outside of scope and size for regulation. This directly undermines the security of our most critical infrastructure, exposing organizations to even greater cyber threats. Organizations should be adopting a security-by-design approach with all newly implemented sustainable tools, consulting with experts to ensure that regulatory standards are being met. By incorporating robust security measures from the outset and integrating them into existing systems, organizations can effectively address these vulnerabilities and mitigate the growing cyber threats being faced.”