Climate pressures enable cyber threats against critical national infrastructure

80% of UK CNI now at heightened risk by the effects of climate change, with new sustainable technologies exposing organisations to greater security threats

Eight-in-10 organisations across UK critical national infrastructure (CNI) say that environmental challenges are hindering efforts to safeguard critical systems and data, according to new research by cyber security services firm, Bridewell. 

The research, which surveyed 500 cyber security decision makers in the transport and aviation, finance, utilities, government, and communications sectors, reveals how the twin threats of climate change and cyber security are becoming intertwined and leaving organisations increasingly vulnerable. Over eight-in-ten (83%) security leaders now agree that newly implemented sustainable technologies and tools will become a major new pathway for cyber attacks within CNI in the next five years, raising concerns of a fresh wave of attacks impacting daily life and the economy.  

Amidst rising pressure to meet ambitious sustainability targets, organisations are already struggling to secure the new tools being introduced. For 42% of CNI operators, the challenges of managing and protecting rapidly deployed ‘green’ technologies are compromising their organisation’s cyber security, while 34% lack the skilled resource to safely integrate these tools into their existing systems. Almost half (43%) of organisations also lack C-suite understanding of the cyber threats emerging from sustainable technologies, revealing significant blind spots at the highest levels of national security decision-making.

With extreme weather events, including Storm Arwen, showcasing UK infrastructure’s natural vulnerability to the effects of climate change, Bridewell’s findings reflect mounting concerns about climate-fuelled cyber threats and their cascading impacts on interdependent CNI sectors.  A quarter (25%) of organisations now report that economic stress caused by climate change is causing an increase in cyber crime, while 20% are already seeing climate events damaging their critical infrastructure and compromising critical networks.

Heightened activism around the climate crisis and other politically charged factors, such as energy shortages, are also creating new attack routes for nation-state actors and other criminals to exploit. Following a recent surge in cyber attacks against European railway networks, three-in-10 organisations within the transport and aviation sector have seen a rise in ‘hacktivism’ due to climate change, creating further opportunities for critical systems to be targeted.  

Martin Riley, Director of Managed Security Services at Bridewell, commented: “Emerging sustainable technologies and carbon capture systems, being deployed by startups, pose significant cybersecurity risks for critical infrastructure as they fall outside of scope and size for regulation. This directly undermines the security of our most CNI, exposing organisations to even greater cyber threats. Organisations should be adopting a security-by-design approach with all newly implemented sustainable tools, consulting with experts to ensure that regulatory standards are being met. By incorporating robust security measures from the outset and integrating them into existing systems, CNI can effectively address these vulnerabilities and mitigate the growing cyber threats being faced.”