Into the wild: exploring the connection between sustainability and cybersecurity
This year’s Doomsday Clock, a metaphor of how close humanity is to doom developed by the Bulletin of Atomic Scientists, shows that catastrophe is creeping ever-close. The 100 seconds score beats the Cold War nuclear rough-and-tumble and continues the freefall that started in the 2010s.
The Science and Security Board of the Bulletin, who act as a jury for the Doomsday Clock, establishes nuclear threats and climate change as the main reason for their decision to move the clock ‘closer than ever’. Yet the Board also cited a fascinating and seemingly unobvious threat multiplier factor: ‘cyber-enabled information warfare, that undercuts society’s ability to respond’. In light of such dire predictions, the need for cybersecurity becomes ever-pressing — yet so is the need for sustainability. The connection between the two isn’t currently robust, even though their security implications remain intertwined and impactful for our very survival. Are there meaningful ways in which sustainability can reinforce cybersecurity, and vice versa? Let’s find out.
Twin forerunners of progress
Both cybersecurity and sustainability are recent societal developments, stemming from the need for social and economic progress. Simultaneously, both sustainability and cybersecurity are studies of complex dynamic systems. Such understanding allows for transporting knowledge from one domain to another for mutual enhancement. Although very different, both climate change and the recent emergence of robust cyberspace have adjacent anthropogenic risks. Yet while the ongoing digital transformation is fast-paced and extensive, the developments in the field of sustainability are lagging. In this particular case, it can be that increased digitization can support an improvement in the state of sustainability.
Sustainability in increased digitization
In a digitally enhanced world that we’re slowly reaching, security risks are associated with both increased automation and increased climate threats. Today, the most prominent example of an automated system is critical infrastructure (CI), especially the energy sector — oil, gas, electricity, and nuclear. CI needs protection from both increasingly frequent extreme weather conditions as well as from cyberthreats. The synergy between the two threats makes CI increasingly vulnerable to risks, and any break in continuity may result in severe fallout. That hurricanes or floods can bring energy supply to a halt and even create electrical dangers is well-known. The less popular news is that in 2015, a Russian cyber-attack on Ukraine’s energy grid left 225,000 people without electricity by remotely obstructing the functioning of three power plants — a case not so isolated and likely to increase in frequency.
Another already existing intertwinement manifests itself in the supply chains — currently, 72% of supplier companies acknowledge climate change as a risk that can have significant consequences on their operations. With the increasing automation of supply chains, the risk only multiplies with cyber threats. Any interruption in the work of suppliers will likely result in sustainability losses, for example, through creating food spillages.
These predictions should not serve as a scare to not pursue further digitization but as an incentive to simultaneously work on enhancing automation and the protection of the automated systems. The advancing digitization offers new opportunities for working in the field of sustainability, and as such, it should be seen as the most powerful tool in the effort towards sustainability, but a vulnerable one. System mapping can come in handy in analyzing the resilience of complex networks, such as information or energy ones. Except’s self-developed Symbiosis in Development framework includes a comprehensive set of system mapping tools, available open-source.
The need for higher protection of the offline and cyber-environment only increases while looking at the future high-tech scenarios for sustainability. Such schemes predict optimization as the main strategy for reducing waste and negative externalities. Optimization entails the creation of robust embedded systems that automate various aspects of the everyday. Think about the widespread adaptation of the Internet of Things (IoT), smart cities, or smart transportation. In these scenarios, artificial intelligence (AI) serves as the backbone of society, regulating everything from the built environment to social networking. If implemented without appropriate security measures, such a system faces increased efficiency at the cost of decreased resilience to cyberthreats. Deepened automation means deepened socio-economic consequences in case of a breach, amplifying the consequences that already hold relevant today.
Cybersecurity’s need for sustainability
Now that we tackled what increased digitization and cybersecurity can support sustainability with, it is time to reverse the question. What can sustainability do for cybersecurity? We’re not talking just about cybersecurity companies committing to sustainability, but rather about ways in which the support becomes mutual.
A major aspect of this reversed relationship concerns data storage. Data centers are essentially mega-computers, busy with storing data and making it accessible to web users. The need for such centers is ever-increasing with the expansion of the geographical and task-oriented scope of the internet. The companies that operate those centers seek locations that are politically and environmentally stable to build new facilities, which is why sustainable spots will have a higher chance of being selected to host a data center.
At the same time, cybersecurity’s raison d’etre is to minimize the risks of data breaches and to protect the integrity of a digital system. A way to achieve this is to minimize the amount of non-essential data stored. While backups are crucial to reducing exposure to ransomware, the chances for data to be compromised also increases with the amount of data stored. Storing less non-essential data would keep redundancy in case of attacks afloat while reducing the risks for some cyberattacks, at the same time contributing to fewer carbon emissions. Less data equals less storage space, and, as a result, less energy use. This is a significant development for sustainability, as global data centers currently take up 2% percent of global electricity, and the demand is predicted to rise to 8% by 2030. More commitment to cybersecurity, enforced by appropriate regulations, can help diminish data centers’ energy hunger.
The challenges in the ‘ahead’
While the marriage between protected automation and sustainability can bring many benefits for the planet and its inhabitants, it also runs into the risk of deepening the existing wealth gap. “Sustainability” also includes social equality or lack thereof. Digitizing infrastructure can reflect rather poorly on this measure. Digitization and cybersecurity are expensive endeavors that require a state-of-the-art level of research — this is visible, for example, in the quest for a powerful quantum computer that would be able to effortlessly crack most of the common cybersecurity measures. Therefore, only actors with considerable funds will be able to participate in the race towards optimization or simply enhanced protection. As a result, a technological rift can increase the financial gap between countries and corporations that can afford to invest in the development and protection of their digital infrastructure and those that can’t — a true peril to social harmony and justice.
There exists a natural symbiosis between the two domains since both are complex dynamic systems in their core. For example, the approaches of systemic sustainability, with its holistic understanding of complex systems dynamics, can prove vital in a new understanding, and strategy, of approaches in digital infrastructure and security. This way, the knowledge developed around concepts such as resilient cities and self-sufficient communities can contribute to the search for increased cybersecurity. This short article only touches upon various aspects of the interconnectedness between cybersecurity and sustainability. Its goal is to explore and inspire; to evoke questions rather than provide answers.
For sustainability and cybersecurity to succeed, we need long-term planning mixed with short-term strategies and an understanding of the technical and the human component. With that same root, solutions that strengthen each other, use each other, and mix each other are possible, and likely to be beneficial. As with any relatively fresh development, what matters is the responsibility of implementing the new technologies. This is why, today, we need more companies that take this unobvious connection between sustainability and cybersecurity and work on developing them simultaneously, so that they are not threat multipliers but supporters to one another.
Sources & further reading
Symoto — system modeling and simulation software
“New report links cybersecurity and sustainability” “How to stop global data centers from gobbling up world’s electricity” “The Quantum Computing impact on Cybersecurity” “Inequality in the digital era”