The global growth of smart technology is booming across homes, industries, cities, and infrastructure. Its advantages are exponential and its uses vast; technologies range from home sensors and mainstream wearables, right through to connected vehicles and smart architecture.
Its ability to use big data, automate energy use, and create cost efficiencies means smart technology is becoming increasingly prevalent in national infrastructures. Operators are turning to smart tech as a solution to automating processes and unlocking the potential of data, helping them to build smart buildings, cities, and grids. The smart grid market alone is expected to reach a value of over $92.1 billion by 2026, representing a CAGR of 17.76% since 2019.
However, with power comes great responsibility and these initiatives can only truly succeed when they are underpinned by effective cybersecurity measures.
The attack on critical infrastructure
Governments around the world are on a mission to make national infrastructure faster, smarter, and greener. Unfortunately, this is something cybercriminals have quickly used to their advantage and attacks on critical infrastructure are on the rise.
However, it is important to recognise that these attacks aren’t always driven by opportunistic cybercriminals. More frequently, attacks turn out to be highly strategic, state-sponsored assaults, which aim to cause immense societal, economic, and environmental damage.
In fact, strikes on critical infrastructure can be considered as modern-day warfare. Rather than sending in troops on the ground, attackers are gathering digital soldiers to hit their enemies where it hurts. As well as impacting civilians and damaging society, these assaults proactively seek to cause extreme environmental damage.
As well as the immense threat to society, this level of cyber warfare significantly impedes sustainability initiatives and could result in grave consequences for the environment.
Therefore, it is even more critical that infrastructure organisations mitigate these risks by placing cybersecurity at the heart of their digital transformation and sustainability strategies.
Even when an attack isn’t intended to cause environmental damage, there is often still significant impact on both society and the environment. This was demonstrated when a cybercriminal gang took down the Colonial Pipeline, the US’s largest fuel pipeline.
The pipeline itself moves 2.7 million barrels of refined petroleum products a day from the Gulf Coast to the East Coast, providing states along the eastern seaboard with about half of their total fuel requirements. However, the operator had to quickly take itself offline when it realised it had fallen victim to a malicious malware attack originating in Russia, causing substantial societal disruption and environmental damage.
While the hackers claimed that the attack wasn’t intended to harm society (or the environment), the consequences were still severe. Shortages in fuel supply on the East Coast drove up prices by six cents per gallon, a level not seen since 2014. Due to the disruption to supply, the US government had to relax road restrictions to enable delivery transporters to ship fuel over land more freely. Meanwhile, traffic congestion along the East Coast skyrocketed as citizens attempted to obtain fuel before it dried up. Combined with the energy consumption required to fight an attack itself, and the subsequent power needed to recover and stabilise systems, the total environmental impact will be vast.
It appears hackers gained access to the Colonial Pipeline via remote desktop software, which engineers were accessing to control systems for the pipeline from home. To add insult to injury, the operator paid the hackers $5 million in a bid to reinstate services. A costly catastrophe on all accounts.
A cyber-embedded approach
This case alone reinforces the critical need for a fully embedded cybersecurity strategy. As cities around the world becomingly increasingly reliant on connected, sustainable infrastructure, it is simply not feasible (or responsible) to take a disjointed approach and hope for the best. Operators must adopt end-to-end solutions with a trusted partner, such as Capgemini.
Sadly, the Colonial Pipeline example isn’t unique; 99% of cyberattacks take place through the back door. That’s why it’s crucial to ensure cybersecurity is watertight across the board and to work with a partner that can advise on best practice throughout the full life cycle of cybersecurity. Only by taking this approach can national infrastructure become truly sustainable – in every sense of the word.