Cybersecurity’s Role in Combating Climate Change
In the midst of intense discussions surrounding climate change, cybersecurity has largely remained silent on the matter. However, Chloé Messdaghi, the head of threat research at Protect AI, believes that the infosecurity community has a significant role to play in addressing the issue. During an interactive community session at the Black Hat USA conference, Messdaghi emphasized the relationship between climate change, cybersecurity, and environmental sustainability, calling for an ongoing industrywide discussion on the topic.
Messdaghi outlined five key areas where the cybersecurity industry can contribute to cooling the warming planet. These areas include reducing the carbon footprint of infosec, minimizing energy consumption, sustainable procurement, protecting critical infrastructure from climate-related disasters, and supporting renewable energy systems. By taking proactive steps in these areas, the industry can make a positive impact on the environment.
One area that Messdaghi highlighted as relatively easy for the cybersecurity industry to address is electronics recycling and e-waste. Instead of disposing of old laptops and machines in landfills, companies can choose to donate them to local schools or libraries. Additionally, marketing materials and giveaways, such as plastic swag at conferences, can be replaced with more eco-friendly alternatives. By sourcing goods locally and paying attention to the materials used, the industry can reduce its plastic waste significantly.
While some cybersecurity vendors have sustainability programs, Messdaghi emphasized the importance of ensuring that these initiatives are not just superficial efforts to appear environmentally friendly. There is a phenomenon known as greenwashing, where companies claim to prioritize sustainability but fail to deliver on their promises when scrutinized. It is crucial for companies to have transparency and authenticity when it comes to their environmental practices.
However, addressing other concerns, such as reducing data center footprints and energy consumption for cloud services and AI programs, may be more challenging. Currently, there is a lack of frameworks, regulations, and standards regarding climate change and cybersecurity. Without clear guidelines in place, it will be difficult for the industry to implement substantial changes in these areas. Messdaghi believes that until there is a comprehensive framework, it is unlikely that significant progress will be made.
Beyond taking practical steps to reduce their carbon footprint, Messdaghi calls for the cybersecurity industry to engage in open dialogue about climate change. She believes that the industry needs to go beyond merely making sustainability pledges and actively participate in discussions surrounding climate change as a risk management issue. Natural disasters caused by climate change can disrupt operations and create chaos that threat actors can exploit. By acknowledging the risk and openly discussing it, the industry can better prepare for the challenges ahead.
Messdaghi recognizes that addressing climate change requires an industrywide effort and goes beyond political debates. Cybersecurity’s impact on the environment, such as its high energy consumption, should not be a subject of political controversy. She hopes that the attendees of her session at the Black Hat USA conference will join her in advocating for change and initiating a much-needed conversation within the industry.
In conclusion, cybersecurity has the power to make a difference in combating climate change. By reducing their carbon footprint, minimizing energy consumption, adopting sustainable practices, and addressing the unique challenges posed by climate-related disasters, the industry can contribute to building a more resilient future. It is essential for cybersecurity professionals to actively engage in discussions on climate change and work towards implementing environmentally friendly practices that align with the overall goal of protecting against cyber threats.