Green IO Newsletter - July-August 2024
Building a greener digital world, one byte at a time
Hello responsible technologist!
Green IO is all about collaboration and building bridges, so what better way to kick off Season 3 than by handing over the pen to a former guest. This month we are thrilled that leading ICT sustainability advocate Michael J. Oghia (episode 35), is our guest correspondent. Thank you so much, Michael, for taking the time to delve into the key connections between sustainability and cybersecurity, geopolitics and safeguarding critical infrastructure, whilst casting an eye over the regulatory landscape. Enjoy!
Gaël DUEZ
When Gaël first approached me about recording an episode for the Green IO podcast in early June 2022, I was intrigued. At the time, I was in the middle of a 4-month stint in Mexico City working remotely on a new initiative bridging cybersecurity and international development, and I had already been focusing on sustainable infrastructure for years. The topic, Gaël said, was to focus on cybersecurity and sustainability. Admittedly, I hadn’t really considered these two topics as being connected before, nor did the policy spaces in which I participate. The cybersecurity community is well-established, and sustainability has (finally) received the attention it deserves within the digital infrastructure industry over the past few years. Did he mean the cybersecurity of green infrastructure then? Or, perhaps, how to make cybersecurity software leaner and more efficient, thus enabling energy savings?
“The two don't typically go together," I stressed, adding: “But, then again, infrastructure is a commonality between them – ensuring that critical infrastructure is both secure and sustainable.”
“That's the entire idea,” he said, adding a smiling emoji to reassure me.
Indeed, there would be a lot to cover.
Cybersecurity and sustainability?
Fast forward to early 2024. What appeared then as two seemingly distant concepts had morphed into a prominent debate (both due to my own work as well as persistent headlines). It was time – our conversation from nearly two years ago finally became a reality in late March when Mary Prokhorova from InDevLab, Gaël, and myself sat down to parse through these topics on Green IO. While preparing for our conversation, three themes stood out to me, which I would later highlight during the episode: safeguarding critical infrastructure, cybersecurity and sustainability’s relationship to geopolitics, and the introduction of new policy and regulation.
Surely, I thought, these must be three areas relevant to cyber professionals, developers, and everyone else in-between working across the IT and digital infrastructure sector. At least, I reasoned, they are the ones most relevant to their wallets.
The infrastructure is critical for a reason
While working on the aforementioned cybersecurity and development initiative in 2022, I’d summarize the rationale behind it as follows: what’s the point of investing US$20 million into building a hospital if, on the opening day, it’s immediately taken offline by a cyberattack? Or the point in investing EUR 5 million in a new water treatment facility only to have it transform into some kind of dystopian, science fiction nightmare due to the work of a malicious actor?
These examples are far from hyperbole.
In 2021, a water treatment facility in Florida was (allegedly) hacked, with potentially devastating results thwarted by a keen-eyed employee who noticed the levels of sodium hydroxide (lye) had been adjusted to more than 100 times the normal levels. Earlier this year, a ransomware attack in Romania forced 100 hospitals to go offline. Indeed, around the world, cyberattacks are on the rise. In Microsoft’s 2023 Digital Defense Report, more than 40% of nation-state cyberattacks observed last year targeted critical infrastructure. It’s a problem that keeps getting worse. Just look at the headlines:
“Cyberattacks on clean energy are coming — the White House has a plan” (The Verge)
“Default passwords jeopardize water infrastructure recent cyberattacks reveal soft targets and harder problems” (IEEE)
“Europe is bolstering [its] energy sector resilience. But cyber risk remains a major vulnerability” (World Economic Forum)
“Ransomware continues to pile on costs for critical infrastructure victims” (The Register)
“Water systems under siege: How CISOs can protect critical infrastructure from cyberthreats” (Cybersecurity Dive)
“U.S. says cyberattacks against water supplies are rising, and utilities need to do more to stop them” (AP)
There are a few important sustainability links here to consider. First, sustainability and cybersecurity are two sides to the same coin of ensuring consistent access. If residents or customers lose access, get locked out of systems, or can’t rely on the infrastructure that makes the 21st century function, it erodes trust, undermines economies, and creates significant disruption (as the Colonial Pipeline ransomware attack in the U.S. demonstrated so aptly). Moreover, interruptions can have far-reaching impacts, such as raising fuel costs, causing significant economic losses, and forcing governments to tap into stock reserves or rely on older, dirtier infrastructure.
Second, and more importantly, it has the potential to cause significant harm – both to people and to the environment. If the sodium hydroxide levels in the Florida water system hadn’t been corrected, not only could it have poisoned hundreds of thousands of residents, but it could have irreversibly damaged the sensitive ecosystems surrounding it.
Lastly, if we want to accelerate a sustainable energy transition, ensuring that renewable energy production, the grids that transmit energy, and all the accompanying infrastructure are protected is imperative. And given that so much of the world’s aging energy infrastructure is overdue for an overhaul to accommodate growing electricity demand and new renewable energy sources, it’s also an ideal opportunity to include a significant security update as well.
Geopolitics as a common denominator
Closely tied to infrastructure, another area that cybersecurity and sustainability intersect is their relationship to geopolitics. Understandably, security engineers and IT developers don’t tend to have the power to influence decisions being made in Moscow, Washington, Beijing, or Tehran. Yet, geopolitical decisions impact them regardless. An example of this in practice are the increasing cyberattacks against maritime shipping companies. As the Financial Times recently reported, “The shipping industry is facing a sharp rise in cyberattacks as geopolitical disputes prompt state-linked hackers to target trade flows.”
How do security operators counter geopolitical tensions and their ensuing threats? By ensuring their systems are “cyber resilient,” meaning they reduce their exposure to cybersecurity risks ahead of time and respond and recover from an incident effectively when one does occur. This can include investing in redundant systems, ensuring staff are prepared and drilled for a cyber event (and know how to contact a relevant CSIRT), focusing on improving the skills and capacities of personnel, mitigating risks across the value chain and with suppliers, and promoting security throughout the organization to minimize disruption and harm.
Yet, resilience is also necessary in safeguarding systems from the effects of climate change. This can range from extreme weather events such as flooding and wildfires, to heat waves overloading an electrical grid or rising sea levels impacting coastal infrastructure such as subsea cable landing stations. In this case, resilience extends beyond the pure cybersecurity domain, but also encompasses how infrastructure is designed, built, and upgraded. Thus, integrating both security and resilience into the design of infrastructure is ultimately a sustainability strategy that cybersecurity professionals can contribute toward.
What is important is that you don’t get lost in or discouraged by complexity, but instead recognize that in today’s interconnected world, it’s necessary to take a holistic, systems-based approach. This means recognizing how safeguarding infrastructure and its systems from cyber and non-cyber threats is an increasingly challenging but vital exercise.
Regulation: Crowdstrike has Entered the Chat
When it comes to the IT sector, a hill that I will die on is that sustainability is good for business. I have argued this again, and again, and again, in part, because sustainability is increasingly being sought after by consumers, all while governments are starting to mandate it via new regulation and policy.
Cybersecurity is an important component of sustainability, with the World Economic Forum underscoring that cyber risk is the most immediate and financially material sustainability risk that organizations face today. This shouldn’t come as a surprise. As we witnessed this summer with the Crowdstrike fiasco and its impact on critical infrastructure services, cybersecurity is paramount to both the dependability of businesses as well as their profit margins. This is exactly why company leaders must include cybersecurity management within their environmental, social, and corporate governance (ESG) strategy.
ESG reporting frameworks such as the Global Reporting Initiative (GRI) and the Sustainability Accounting Standards Board (SASB) now acknowledge cybersecurity’s important role in corporate sustainability strategy and ESG matters, ranging from the creation of pollution and waste caused by a cyberattack, an unanticipated shutdown of a safety system impacting staff’s occupational health and damage to facilities, or product and service safety (such as a recall stemming from cybersecurity vulnerabilities). Moreover, new regulations such as the EU’s Corporate Sustainability Reporting Directive (CSRD) include provisions related to cybersecurity, data protection, and risk management, further bridging the policy gap between sustainability and cybersecurity.
When taken together, cybersecurity and sustainability offer myriad opportunities for better governance, risk reporting, investment preservation, data protection, and customer satisfaction, on top of the benefit that corporations with cyber governance create significantly more value than those without. So, while teams themselves will likely focus more on one rather than then other, a C-suite should recognize the value of addressing both.
What can you do about it?
One of the most significant things you can do if you’re a cybersecurity professional is to encourage your management to incorporate a cyber strategy into its sustainability strategy. Focus on what you can do, and understand how your company’s actions and the choices they make can have significant impacts. It’s also important to take a holistic, risk-based approach to design, recognizing risks to systems that go beyond the technical and extend to physical ones as well. Another is to dispel myths about older hardware and systems, such as with refurbished hardware and their security vulnerabilities.
Sustainability might seem all-encompassing, reflective of the “software is eating the world” mantra, yet it will only become more relevant as the world becomes hotter, more volatile, and more complex. That’s why I encourage you to see cybersecurity and sustainability as fundamentally interconnected. Doing so will undoubtedly be better for your customers, your governance, your planet, and your bottom line.
Michael J. Oghia
Connect with Michael on LinkedIn or email.
📧 Want to share something, get involved or write in the newsletter? Drop us an email at contact@greenio.com
____________
What’s been happening this month in Green IO?
🎙️ Podcast episodes
Our latest podcast episodes - the perfect accompaniment to that end of summer beer.
#44 “Can the datacenter industry become circular?” with Deborah Andrews. Listen | Read
#43 “Digital sustainability in a Tech behemoth: Japan” with Trista Bridges and Paul Beddie. Listen | Read
____________
🔔 Never miss an episode! Follow Green IO on your favorite podcast platform here or subscribe for email notification here.
____________
🎤 Green IO conferences
London, September 19th, 2024
This year we have brought together an amazing community of responsible technologists. Check out the line-up and get your tickets here (use the voucher GREENIOVIP to get your free pass).
Paris, December 4th-5th, 2024
The most comprehensive program combining experts and use-cases worldwide. Check the line-up and get early bird tickets - until September 20th - here.
Singapore, April 16th, 2025
A second edition to boost digital sustainability in SEA - save the date! First speakers will be announced in Q4.
New-York, May 15th, 2025
It is looking likely that Green IO will host its first conference in North America in 2025.
Munich, July 3rd, 2025
It is looking likely that Green IO will also host its first conference in Germany in 2025.
Be part of the Green IO conference adventure
We are always looking for great speakers with inspiring stories and hands-on use cases. Apply to be a speaker via our Apidays partner here. You can also become a Green IO volunteer with tons of perks such as free tickets and networking opportunities. And it’s great fun too. Drop us an email at contact@greenio.com if you want to get involved.
____________
🎯 Looking for an easy way to make an impact? Share this edition! Forward this email to a colleague or spread the word on LinkedIn (or elsewhere).
____________
# Listen # Watch # Read # Study # Participate # Attend
What else has popped up on our Tech & Sustainability radar?
# Listen… We’re all ears
AI is once again causing a stir, as Sacha Luccioni packs a punch at GenAI in Tech Wont Save Us. Plus two great episodes from Environment Variables: Asim Hussein discusses the complexities of AI's growing energy demands and its environmental impact in #E75, and the tables are turned, as our very own Gaël stars in episode #E76, discussing with Chris Adams the latest news in green software and AI, measuring carbon, distribution of renewable energy and much more.
# Watch… Sometimes video is worth its environmental footprint
Fun yet thought-provoking ad from “The Juice Media” about AI and its existential threat to humanity, resonating with Justin Sheehy’s talk about being a responsible developer in the age of AI hype. NowTech.TV’s exploration of Apple’s environmental claims is a masterclass of humility and nuance. Pure greenwashing or not so clear cut? (English subtitles available).
# Read… Our coffee break reading this month
“Sustainable AI - a contradiction in terms” is a great thought-piece from Kilian Vieth-Ditimann at Algorithm Watch, plus major changes are coming to the way internet emissions are calculated. Compelling article about the fight for Argentina’s Lithium, where new technology claims to not deplete aquifers or harm the environment, plus an interesting piece on latest R&D where bacteria is helping to extract rare metals from old batteries. Following on from #E41 with Adrian Cockcroft, check out his article in the The New Stack to know more about the sustainability performance of hyperscalers, whilst Amazon claims climate goals are hit ahead of schedule.
# Study… We’re never too old to learn
“Electricity 2024 - Analysis and forecast to 2026” is the IEA’s lastest report examingin energy production, consumption, demand side management and much more, and the UN Digital Economy report 2024 makes for sober reading, highlighting the direct environmental impact of our increased reliance on digital tools. The GRI/TNFD joint interoperability mapping resource gives a detailed overview of the alignment of both recommendations/standards, and the European Green Digital Coalition (EGDC) Net-Carbon Impact Assessment Methodology identifies solutions to reduce emissions outside the ICT sector.
# Participate… One byte at a time
Join the EV adventure (Gaël did!), as the GSF podcast puts out a call for participants, and GreenSEO is inviting digital sustainability practitioners to share their stories.
# Attend… Meet fellow responsible technologists
Autumn 2024 has a whole host of digital sustainability events:
SICT 2024, Brussels (BE), Sep 9-13 2024
Sustainability Europe 2024, London (UK) 30 Sep-1 Oct 2024
GreenSEO Meet-Up, Brighton (UK) 2 Oct 2024
The Green IT Day, Montpellier & Toulouse (FR), Oct 3-4 2024
CNCF Cloud Native Sustainability Week (global) 7-13 Oct 2024
Green ICT Connect, Berlin (DE) Oct 16-17 2024
Green Tech Forum, Paris (FR), 5-6 Nov 2024
Ethics by Design, Nantes (FR), 13-14 Nov 2024
Climate Technology Show, London (UK), 27-28 Nov 2024
LOCO, Glasgow (UK), 3 Dec 2024
Green Tech Hackathon, Amsterdam (NL), 10-11 Dec 2024
____________
🔔 Was this email forwarded to you? Consider subscribing to the newsletter.
____________
One last (positive) thought…
David Attenborough looks out to sea in Southern England. From National Geographic and Silverback and in association with All3Media International, documentary special David Attenborough: OCEAN (WT) highlights the vital, achievable actions the world can take to restore the ocean and stabilize the climate, debuting in 2025. (Photo by Conor McDonnell)
David Attenborough: Ocean, a film not to be missed!
A veritable UK national treasure, Sir David Attenborough delivers this story of hope, showcasing the planet’s most spectacular undersea habitats, illustrating beyond doubt that our oceans are the most important place on Earth. (Release early 2025)
…
See you next month!
Jill TELLIER, Michael J. OGHIA, Gaël DUEZ & the Green IO Team