How Cybersecurity Can Save Environmental Health

The public sector is a target for hackers. Here’s how a robust security plan can mitigate potential harm to public health and safety.  

On Earth Day, companies might reflect on their carbon footprints, especially as we become acutely aware of the threats of climate change worldwide. While operational changes like energy conservation are essential planet-saving strategies, ramping up your company’s cybersecurity plan can also have a significant, positive impact on the environment. 

Read on to learn why the energy industry is especially vulnerable to breaches and hacks, and how cybersecurity can mitigate environmental risks and improve health and safety in the public sector. 

New tech, more threats

Like in most industries, critical infrastructure companies have undergone a digital transformation. Now, these organizations rely heavily on cloud-based technology and remote operations. 

While this modernized operational technology (OT) is a boon to the industry in many ways, it has also enabled threat actors to interfere with critical systems that manage resources like water, power, and gas. 

Not your average hackers

The utilities and energy sector ranks third in the world for the most cyberattacks, and these attacks can have serious implications. Those behind the attacks, sometimes representing a nation-state, aren’t just after data—they seek to disrupt public access to essential resources. 

Additionally, organizations in the utilities and energy industry are more likely to pay the attackers’ ransom because of the resources that are at stake.

In 2020, the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory to make the industry aware of the threat to internet-accessible OT. The alert pointed to the likelihood of malicious attacks on civilian infrastructure by foreign powers and hackers’ ability to interfere with physical processes in the public sector.

Real-world stakes 

In February of 2021, unidentified hackers accessed a Florida water treatment plant’s remote network and manipulated the software that controls the water treatment process. They increased levels of sodium hydroxide, a corrosive chemical, in an attempt to poison the water supply, yet employees were able to thwart the attack before any harm was done. 

Though the public was spared, the implications of the attack remain devastating, as communities rely on access to safe drinking water. 

The same year, hackers managed to successfully cut off the supply of gas to the entire East Coast with a ransomware attack on the Colonial Pipeline. Natural gas shortages and price surges led to the use of highly-polluting coal, a giant step backward for the government’s clean energy goals. 

Other major attacks on critical infrastructure include: 

• Russia’s infamous 2015 attack on Ukraine’s power grid.
• An attack on a petrochemical company in Saudi Arabia designed to trigger an explosion (which, thankfully, failed) in 2018.
• The SolarWinds cyber attack in 2020.
• The ransomware attack on the world’s largest meat processor, which led to shortages in the supply chain. 

Taking action 

Last year, the U.S. government issued an executive order on cybersecurity in response to supply chain attacks and threats to national security. The Biden administration pledged to invest more resources in securing IT and OT, and implementing zero-trust architecture for the federal government’s cybersecurity plan (which Dashlane’s platform is also built on).

Similarly, the CISA’s advisory from 2020 urged organizations to limit internet-accessible OT where possible. For devices that must remain connected, they recommend public sectors strengthen their networks by:

• Enabling a VPN for communications with all remote devices
• Encrypting network traffic using a VPN
• Enforcing a strong password security policy
• Requiring periodic password updates
• Enforcing two-factor authentication for remote connections 

Get access to all the right tools with Dashlane

Dashlane provides trusted tools for organizations in the public sector to protect their networks, such as built-in multi-factor authentication, a VPN, a strong password generator, and reminders to update passwords periodically. These simple steps can make all the difference in protecting systems that control our nation’s vital resources.