on this page
How we combat climate change, and the technologies we use to reduce our carbon footprint are challenges many of us are considering today. But are we thinking about the security of these solutions? How is cyber security embedded into their design and where is our user data stored?
These questions aren’t just facing consumers, they are being faced by organisations of all sizes. Over the past decade many new technologies have entered the market to help us decarbonise, and countless more are set to join them. These technologies are paving the way to reduce the emissions of our most carbon intensive industries, but they also increase the attack surface of previously isolated networks and technologies that were never designed to be connected – yet are critical to our way of life. You may have seen headlines in the news about cyber security concerns for solar energy technology and wind farms, as well as electric vehicles.
There are existing regulations to tackle this, like the Network and Information Systems Regulations (NIS-R), however, not all renewable energy technology companies meet the supply thresholds to need to comply with these regulations, i.e., they don’t supply a large enough volume of customers. But while they may not meet these thresholds now, they will in the future. This creates a risk that cyber security will be treated as a ‘bolt on’ in the future, resulting in increased cyber security risk in the long run.
We have an opportunity now for organisations large and small to embed a security mindset from the outset, which can then be strengthened and evolved as these organisations scale. An example of this is a Carbon Capture and Storage project where our AtkinsRéalis cyber team have been involved from the concept design stage, to ensure cyber security and resilience is embedded.
Enabling Sustainable Behaviours
Achieving Net Zero by 2050 requires more than adopting green technology, it also requires wider behavioural change across organisations, enabled by technology transformation. An example of this is remote working: having been proven to maintain and even increase our productivity over the COVID pandemic, organisations globally are adopting hybrid working models. This is not just great for workers but also benefits the environment, with reduced commuting just one example of emissions reduction. To support this shift, we have adopted remote working tools and platforms to ensure effective collaboration and communication.
To integrate and adopt technology solutions there are multiple aspects to consider, including the readiness of the IT estate and setting up, configuring and testing the solutions themselves. When it comes to cyber security we need to think about how the solution is used and the risks associated. We need to implement appropriate security architecture to support the solution being adopted, as well as consider factors out of our control, such as how employees use their devices at home – for example, their Wi-Fi router settings and other consumer connected technology. Password management, and password reuse, is another huge issue for organisations and is difficult to implement appropriate controls against.
Attacks on CNI are not only bad for business; they have the potential to cause wider harm to society. Say a chemical processing plant was attacked and there was a leak of pollutants into water supplies as a result. The organisation could face immediate consequences from the attack like a ransom payment or a halt to operations; then following the attack, it may be subject to substantial fines from government for not complying with cyber security and environmental laws, effectively paying multiple times for one incident.
Ultimately, people are at the heart of this, making decisions based on cost, time and benefit, and importantly, risk. C-Suites grapple with these factors all the time when looking at how they must adapt their organisations to changing environments. While cost and efficiency savings are some of the main considerations, cyber security and sustainability are increasingly being considered – but should they be considered jointly?
Tackling sustainability and cyber security together
What does this mean in practice? Let’s consider asset management, this is a foundational principle of cyber security – you can only secure what you know you have. Asset management is also crucial from a sustainability perspective: know what you have, know its carbon intensity and improve accordingly. But these two thought processes are unlikely to be considered jointly. Full asset management investigations are something that large organisations with an aging technology state are often reticent to undertake, but having a combined cyber security and sustainability justification is more powerful and the problem can then be tackled from both angles. This leads to further collaboration, such as ensuring the data being captured benefits multiple stakeholders, so the most value can be extracted.
There are three key areas where cyber security can enable the shift to net zero being a success:
Ensuring security is embedded in the early design, integration and operation stages of green technology means it will not be treated as an afterthought later down the line.
Appropriately considering the security risks of technology changes that are instrumental in achieving net zero outcomes, such as the use of remote working tools.
Considering cyber security and sustainability in decision making when making technological and process changes.
To achieve these ambitions will require a mindset shift in how we work, not only at the C-suite level, but across the whole organisation. This will require cyber security professionals to consider sustainability, and sustainability professionals to consider security. This change in thinking will ensure that we can deliver a secure net zero future.
Please note that you are now leaving the AtkinsRéalis website (legal name: AtkinsRéalis Group inc.) and entering a website maintained by a third party (the "External Website") and that you do so at your own risk.
AtkinsRéalis has no control over the External Website, any data or other content contained therein or any additional linked websites. The link to the External Website is provided for convenience purposes only. By clicking "Accept" you acknowledge and agree that AtkinsRéalis is not responsible, and does not accept or assume any responsibility or liability whatsoever for the data protection policy, the content, the data or the technical operation of the External Website and/or any linked websites and that AtkinsRéalis is not liable for the terms and conditions (or terms of use) of the External Website. Further, you acknowledge and agree that you assume all risks resulting from entering and/or using the External Website and/or any linked websites.
BY ENTERING THE EXTERNAL WEBSITE, YOU ALSO ACKNOWLEDGE AND AGREE THAT YOU COMPLETELY AND IRREVOCABLY WAIVE ANY AND ALL RIGHTS AND CLAIMS AGAINST ATKINSRÉALIS, AND RELEASE, DISCHARGE, INDEMNIFY AND HOLD HARMLESS ATKINSRÉALIS, ITS OFFICERS, EMPLOYEES, DIRECTORS AND AGENTS FROM ANY AND ALL LIABILITY INCLUDING BUT NOT LIMITED TO LIABILITY FOR LOSS, DAMAGES, EXPENSES AND COSTS ARISING OUT OF OR IN CONNECTION WITH ENTERING AND/OR USING THE EXTERNAL WEBSITE AND/OR ANY LINKED WEBSITES AND ANY DATA AND/OR CONTENT CONTAINED THEREIN.
Such waiver and release specifically includes, without limitation, any and all rights and claims pertaining to reliance on the data or content of the External Website, or claims pertaining to the processing of personal data, including but not limited to any rights under any applicable data protection statute. You also recognize by clicking “Accept” that the terms of this disclaimer are reasonable.
The information provided by Virtua Research cited herein is provided “as is” and “as available” without warranty of any kind. Use of any Virtua Research data is at a user’s own risk and Virtua Research disclaims any liability for use of the Virtua Research data. Although the information is obtained or compiled from reliable sources Virtua Research neither can nor does guarantee or make any representation or warranty, either express or implied, as to the accuracy, validity, sequence, timeliness, completeness or continued availability of any information or data, including third-party content, made available herein. In no event shall Virtua Research be liable for any decision made or action or inaction taken in reliance on any information or data, including third-party content. Virtua Research further explicitly disclaims, to the fullest extent permitted by applicable law, any warranty of any kind, whether express or implied, including warranties of merchantability, fitness for a particular purpose and non-infringement.
The consensus estimate provided by Virtua Research is based on estimates, forecasts and predictions made by third party financial analysts, as described above. It is not prepared based on information provided by AtkinsRéalis and can only be seen as a consensus view on AtkinsRéalis' possible future results from an outside perspective. AtkinsRéalis has not provided input on these forecasts, except by referring to past publicly disclosed information. AtkinsRéalis does not accept any responsibility for the quality or accuracy of any individual or average of forecasts or estimates. This web page contains forward-looking statements based on current assumptions and forecasts made by third parties. Various known and unknown risks, uncertainties and other factors could lead to material differences between AtkinsRéalis' actual future results, financial situation, development or performance, and the estimates given here.
Downloads
Trade releases