When you think of cybersecurity the next thing that springs to mind isn’t typically environmental services or protection. After all, cybersecurity is concerned with defending against hackers, data breaches, and scam emails.
Environmental services, on the other hand, are concerned with clean water supplies, safer energy provision, saving local wildlife from an ever-expanding society, and air pollution. There doesn’t appear to be an obvious link.
But if you take water supply as an example, there is a lot of infrastructure in place to take it from one location, clean it and ensure it comes pouring out of a faucet miles down the road. All of those processes are connected via a central hub, and if the hub is breached and shut down it impacts a considerable amount of people.
A scary example of this occurred in 2021 when a hacker tried to poison a water treatment plant serving parts of the San Francisco Bay area. So let’s dig a little deeper into the connection between cybersecurity and environmental services and why they must be protected from hackers.
The importance of environmental services
Organizations and institutions looking after the environment play a crucial role in society. From helping to save and preserve the environment to providing raw materials and energy, removal of human waste, and landscape maintenance, these services are vital for everyday life.
Services like these play a part in making our communities a safer place through efforts to reduce pollution, recycling, and waste destruction. But like any institution, they must arm themselves against threats, both physical and digital.
Threatening the value of environmental services
Up until recently, companies valued their assets based on tangible things like machinery, stock, vehicle fleets, etc. But today, intangible assets are big business. In 2018, intangible assets for S&P 500 companies hit a record value of $21 trillion. These assets largely come in the form of data, or intellectual property, and this was only accelerated during the pandemic as organizations and companies sought to go digital.
Given the size of organizations such as the Environmental Protection Agency or the Occupational Safety and Health Administration, the likelihood of a data breach increases, particularly as some of the data these institutions hold can be sensitive. Rather than focusing on protecting every computer or device, environmental services must ensure their critical intangible assets are protected. Those that would drive operations to a halt, impacting the lives of thousands of people, must be safeguarded as a priority.
A risk to society
Environmental services must create a culture from within that creates a strong understanding of cybersecurity. In 2021, it was discovered that one single password allowed hackers to disrupt Colonial Pipeline to the extent that fuel supplies were impacted. That breach gave a hacker entry into the system, causing havoc and ultimately creating income loss and disrupting the community.
A simple preventive measure like two-step authentication or frequently changing passwords can help boost an organization’s cyber defenses. In the case of Colonial Pipeline, the company paid a ransom demanded of it by hackers, an expense that few organizations can afford and can potentially weaken the service provided.
Given the essential nature of environmental protection services and energy suppliers, cutting costs along the line due to hacks represents a risk to society. There is a rise in hackers targeting large institutions which means that utility services must double down on their security.
What are the dangers following a security breach?
Institutions may find themselves the targets of not only cybercrime but also cyber terrorism. The difference here is that cyber terrorism is the conducting of an act that results in or threatens the loss of life or serious injury. Large-scale network disruptions can cause systems to fail or maliciously alter important information that brings about a danger to life.
From power outages to the disclosure of sensitive customer information, the impact of a cyberattack could have a high cost to energy organizations and the people who rely on their services. A security breach in a large environmental organization or institution can impact one of four common areas:
- Loss of confidentiality involves the loss of critical information and data, financial data, and sensitive customer or client information.
- Loss of Integrity is a situation where the organization’s critical system continues to operate but it is being controlled by a hacker and is commonly held at ransom.
- Loss of availability is an attack that renders parts of or an entire system ineffective or nullified.
- Destruction of a system leads to the total failure of an organization’s system, where it has no possibility of restoration.
Prevention rather than cure: relying on insurance isn’t sustainable
The demand for cybersecurity is growing, not just for environmental services but across all industries, and companies of all sizes now have to protect themselves from online dangers. There is also an expanding market for cyber insurance, which looks to cover or protect businesses from losses suffered following a breach in their IT network.
This insurance also helps with the cost of any investigative work that needs doing following a security breach. While an important insurance policy, it’s vital that large environmental services don’t just rely on looking after the problem once it occurs. With demand increasing, the scope that cyber insurance will protect against is likely to lessen, especially if courts are ruling in favor of policyholders.
Not to mention the fact that making a claim will only drive up the premiums for any organization and regulatory fines can be crippling to overcome in the wake of a data breach. Prevention is commonly more effective than cure for most aspects of life and cyber security is no different.
How can environmental services protect against hackers?
Large services must plan for the unexpected and have contingencies in place should their system experience a breach. This might be through the use of an auxiliary or failsafe system that operates on a different network but allows for core functionality to remain.
Another essential way to shore up cyber security is to engage in ethical hacking, which employs a cybersecurity professional to poke around in a company’s system looking for weaknesses. Once organizations know where their vulnerabilities lie, they can proactively protect themselves from would-be attackers.
Chester Avey has over a decade of experience in business growth management and cybersecurity. He enjoys sharing his knowledge with other like-minded professionals through his writing. You can connect with Chester by following him on Twitter @ChesterAvey.