Climate, Cyber, Collapse?

by Rimsha Malik

Climate change and cybersecurity are no longer two distinct spheres of risk in the modern threat environment. Their angle of convergence is non-hypothetical, gathering pace and is underrated around the world. As a country plagued by both climate vulnerability and digitally stressed world, Pakistan is likely to bear the brunt of this polycrisis unless it acts quickly and takes on the challenge of the polycrisis reality.

Climate disasters increase cyber risks by disrupting infrastructure and enabling cybercriminal exploitation.

It is no longer just a threat that can be experienced in the future. Climate change is already a reality. Whether it is deadly heatwaves, glacial meltdowns and floods devastating everything in their path, Pakistan always finds a place at the top of the list of places that are at risk of facing environmental extremes. What has escaped less attention is that these physical disasters are establishing new vulnerabilities in cyberspace.

A community that has been devastated by a disaster, and is therefore thinking of methods of survival and recovery, tends to become a favored target of cybercriminals. Fraudsters increased exponentially in the wake of 2022 floods in Pakistan and fraudulent fund raising websites were seen across cyberspace, with social engineering attacks perpetrated against non-pros, thus posing as them, and other crucial government portals facing service outage. This is not peculiar to Pakistan. The same trends were observed in the course of Hurricane Harvey, the California fires, or even the Japanese tsunami of 2011. Natural disasters bring disorder, and cyber actors make use of that mess.

But that is the tip of the iceberg. Closer to the surface is a more systemic weakness. Climate change is subversively undermining the insurance markets that have provided economic firewalls to climate and cyber-risk in the global economy. With environmental disasters becoming more regular and more dramatic, insurers and reinsurers are registering huge losses, particularly in property coverage and natural disaster insurance. Such a capital drain implies the diversion of means of more financial power to other arenas, especially the weak cyber insurance market.

This forms an unsafe, vicious cycle. Cyber risk coverage capital is in decline as insurance claims on floods, fires, and storms grow. With a lack of adequate insurance coverage, organizations in particularly in the low- and middle-income countries, such as Pakistan, remain vulnerable to digital threats without having a safety net. Ransomware during the monsoon season in a hospital not only interferes with patient information, but it also becomes a matter of life and death. Disaster at any provincial disaster management system may cripple coordination of real time response giving credence to the disaster on the ground.

Cybersecurity has been unjustly painted as an aspect of either the military or spy work. However, as the situation is in developing states, cyber risk threatens to appear as an economic security issue to a greater extent. Ransacking of banks, logistics chains, communication networks, and health systems has already cost countries billions in damages, as quantifiable GDP figures now attest. Researchers estimate damages caused by major cyber incidents to range between 0.2-2 percent of GDP in the victims’ countries. The loss on this scale needs a securitized response, not only perceived as an IT issue, but a national resilience issue like climate.

Insurance markets are strained by environmental losses, limiting cyber risk coverage for vulnerable countries.

This twofold threat has started to be put together by the literature which appeared over the last several years. Climate-related catastrophes, as it has been outlined in the studies of the Stimson Center and other international think tanks, do not only lead to physical destruction. They interfere with internet access, power supply, and emergency services-not only that, but also they weaken institutional setups at a time when the most digitally connected population is practically at their most vulnerable. What is also true is that the more the digital ecosystem expands, the more energy-intensive cloud computing, AI and data centers are becoming, producing more emissions, piling up on the same climate crisis that threatens it. Not only is the risk converging it is also circular.

Most importantly, the two most relevant governance systems of climate and cyber insecurity include a structural problem that both are underserved by poorly funded systems marked by fragmentation. Governments develop parallel policies, one policy is on digital resilience, another environmental risk reduction of risks, and they are usually located in different ministries whose communication is minimal.

The same concerning international governance, cybersecurity treaties and environmental protocols are unlikely to match in any way. As Jeanette Semeleer, President of the Centrale Bank van Aruba, said: The worsening of related risks causes the emergence of an equally non-isolated strategy. The time has come when we can no longer afford to address our climate risks and cyber threats in a piecemeal manner. Pakistan has not been left without a choice, despite the source of acute vulnerability.

To begin with, cyber resilience should be incorporated into disaster risk reduction planning systems fully in national security planning. This will entail conducting joint simulations and coordinating in real-time between the National Disaster Management Authority (NDMA), provincial governments, and the cybersecurity agencies of Pakistan. It also involves spending on ensuring digital infrastructure, particularly in health, energy, and emergency services, is defended against multiple climate and cyber shocks to ensure that infrastructure functions during such events.

Second, Pakistan ought to consider sovereign or regional cyber reinsurance pots that bet against climate-related capital deficits. Pakistan needs to access global institutions in addition to other factors since international insurers are withdrawing from unprofitable or risky ventures. The domestic insurance overseers and the State Bank will need to develop innovative financing and risk transfer mechanisms that will be able to secure the digital assets despite climatic fluctuations.

Pakistan must integrate cyber resilience into disaster planning and invest in protecting critical digital infrastructure.

Third, the international community has to aid capacity building at this juncture. As is the case with climate finance that allows vulnerable states to adapt to sea level rise, cyber resilience funds must be created to enable low-income states to create climate-smart digital systems that are robust and secure. Pakistan must promote the same platforms during international climate conferences, cybersecurity events and development talks, among others.

Polycrisis as a concept is no more abstract, it has become our new normal. The price of policy inertia is about to get more expensive as the definition of climate shock increasingly stretches into digital risk areas. The idea of cyberattacks in times of climate disasters is not a strange aberration but rather evidence of a systematic weakness that we have spared attention.

Pakistan has been hard-learned not every type of an institution, industry, silo or even a sector can govern the compound risk alone. It is no longer resilience that is required, though, but what has been termed as polyresilience: the ability to absorb, adapt, and respond to converging crises in real time. We should not pretend that there are two defense systems, namely the floodwall and the firewall. They are synonymous in this age.

Disclaimer: The opinions expressed in this article are solely those of the author. They do not represent the views, beliefs, or policies of the Stratheia.

You may also like

Leave a Comment

Stay Connected

Follow and subscribe

Contact CISS AJK

Center for International Strategic Studies AJK, King Abdullah Campus Chatter kalas Muzaffarabad, Azad Jammu and Kashmir

05822922322

admin@cissajk.org.pk

career@cissajk.org.pk