*This article also appears as a chapter in the 2024 KCIS Conference volume that was published in Sept. 2025

Introduction

In recent years, the discourse surrounding human security has evolved significantly, expanding from traditional state-centric concerns to encompass a broader array of threats that directly impact individuals and communities. This shift recognizes the importance of non-traditional threats such as economic instability, environmental hazards, and public health crises.[1] While states remain central in safeguarding human security, their governance structures and resources are increasingly called upon to address the growing complexity of emerging challenges. In particular, the intersection of cyber threats and climate change has revealed new vulnerabilities that demand coordinated state action and international cooperation to ensure population safety and well-being.

Both cyber threats and climate change, as nontraditional security concerns, present distinct but interconnected risks to human security. Cybersecurity issues, ranging from data breaches to ransomware and disruption of critical infrastructure, have become ubiquitous in a world where digital systems underpin nearly every facet of life. Meanwhile, climate change poses significant threats, from extreme weather events and rising sea levels to resource scarcity, which disproportionately affect vulnerable populations and ecosystems.[2] The intersection of these two domains introduces new and complex challenges, where vulnerabilities in cyber systems can be amplified by climate-related disasters, and vice versa. Unfortunately, these risks are often neglected due to siloed approaches to climate change and cybersecurity despite mounting evidence of their interconnectedness. In response to these growing threats, we propose a more comprehensive approach that combines environmental and cyber policies to address the modern security landscape. The 2024 Canadian defence policy update, Our North, Strong and Free, emphasizes this need for integration in addressing the new vulnerabilities that emerge from the intersection of environmental and cyber risks.[3] The intersection of these two fields has more common ground than might initially be apparent, and understanding the full scope of threats facing Canada—including disinformation, climate change, and adversarial cyberattacks—requires that they begin to speak to one other.

By leveraging scenario analysis, we aim to present concrete examples of how these interconnected threats might unfold in the future. In doing so, we also highlight the emerging dangers posed by adversarial actions and grey-zone conflict. While governments cannot control weather patterns or generate natural disasters, adversaries can exploit these events through covert cyberattacks, creating devastating consequences. Security scholars have become increasingly concerned with the ambiguous nature of grey-zone warfare, where it is often difficult to attribute responsibility for attacks. Our analysis introduces a new grey-zone tactic: exploiting environmental disasters through cyber means, a strategy that could be employed by both state and non-state actors. This introduces a new vulnerability for Canadian security, with implications for a broad spectrum of potential offenders and challenges.

This chapter presents a novel approach to understanding the human security risks that arise at the intersection of cyber threats and climate change. Using scenario planning, a strategic methodology for anticipating and navigating uncertainty, we explore plausible future scenarios in Canada where these two domains collide. We begin by reviewing existing literature on climate as a threat multiplier and its relationship to cyber insecurity. We then introduce two potential Canadian scenarios—flooding in Manitoba’s Red River Basin and a severe ice storm in Montréal—to illustrate the compounded risks that emerge from the convergence of these threats. Ultimately, we offer insights into the complex challenges posed by the intersection of cyber and climate and propose strategies for effectively addressing these risks to safeguard human security in an increasingly uncertain world.

Background on Cybersecurity and Climate

The Western security establishment has long coordinated efforts to address a range of threats that could harm their populations and state secrets. In the age of the internet, this has included a range of initiatives related to cybersecurity led by organizations such as the North Atlantic Treaty Organization (NATO) and the Five Eyes.[4] The Canadian Centre for Cyber Security (also known as the Cyber Centre), part of the Communications Security Establishment, is the primary institution that analyzes potential cyber risks, working closely with the Cybersecurity & Infrastructure Security Agency (CISA), its U.S. counterpart. Current alerts from Western allies highlight cybercrime, with ransomware attacks being a significant concern.[5] In these attacks, cybercriminals withhold stolen data in exchange for payment.[6] There are also worries about state-sponsored cyberattack groups, like China’s Volt Typhoon, targeting sensitive infrastructure.[7] A robust academic and practitioner literature exists that examines the unique security issues of cyberspace[8] as well as the responses necessary to address threats.

Prepositioned malware is one major threat identified by Canada’s national security apparatus, including ransomware, attacks on cell towers, and disinformation campaigns.[9] Managed Service Providers, such as those in healthcare and essential services, are prime targets. Cybercriminals may disrupt services by withholding vital information such as patient data or emergency response details. While often associated with criminal groups, the Cyber Centre has raised concerns about state-sponsored ransomware, particularly from Russia.[10] The Cyber Centre advises encrypting data and backing it up offline as key resilience measures. In our scenarios, we test the effectiveness of these strategies against ransomware in disaster response.

Cell towers, which provide critical services like phone communication and 911 access, are also vulnerable to attacks. Despite their importance, these towers are inadequately protected, and incidents like the 2022 Rogers outage that disconnected millions of Canadians demonstrate how internal errors can cause significant disruptions.[11] In our scenarios, we consider the combination of extreme weather and deliberate sabotage, similar the outcome of the 2024 Toronto rainstorm that disrupted communication and highlighted the lack of preparedness for severe weather.[12] There are also concerns about deliberate attacks on cell towers, as seen during the pandemic when anti-5G conspiracy theorists targeted infrastructure.[13] Combining extreme weather with cyberattacks could severely hinder emergency response.

Finally, disinformation and propaganda remain significant threats to cybersecurity. Disinformation campaigns manipulate public perception, especially in global conflicts such as the war in Ukraine.[14] The Canadian government’s defence policy update highlights the growing role of cyber capabilities and artificial intelligence in spreading disinformation.[15] With the rise of social media and AI, both intentional disinformation and accidental misinformation will become more prevalent, increasing the effectiveness of adversarial propaganda. The Cyber Centre’s National Cyber Threat Assessment highlights the risk of civilian exploitation through social media manipulation, denial-of-service attacks, and device compromises.[16] The danger of disinformation extends beyond political ramifications to public safety, as false information about evacuation orders or emergency services could impede effective disaster management. As such, it is important to develop useful analytical tools and approaches for dealing with such potential multiplying risks that increasingly threaten all facets of human security.

Cyber vulnerabilities can also have a significant impact on human security when other threats intersect with the cyber environment. Most notably, climate-related threats pose substantial challenges to cybersecurity. Although the climate/cyber nexus has received precious little attention in either expert community,[17] the physical impacts of climate change on the critical infrastructure of cybersecurity have begun to receive academic and practitioner attention. Gemma Anderson's study of data centres in Northern California, for example, found that rising heat and drought are increasing the cooling costs of data centres, raising important questions about the sustainability of cybersecurity infrastructure in light of rapidly accelerating costs due to climate change.[18] The Cybersecurity and Infrastructure Security Agency (CISA) has identified extreme weather as a threat to both data centres and infrastructure supporting national cybersecurity.[19] The CISA points to heatwaves, wildfires, storms, and rising sea levels, warning that outdated infrastructure may not withstand future extreme weather events. Damage to such infrastructure could severely disrupt national critical functions like energy and water services.[20] The intersection of climate change and cybersecurity can also be viewed through an economic lens. Bronskill argues that adversarial actors could exploit vulnerabilities in allied nations’ infrastructure to advance their economic interests, particularly through cyberattacks targeting critical infrastructure or intellectual property.[21] Climate change multiplies this vulnerability by jeopardizing natural resources and infrastructure that support national functions. Climate-driven events like floods or storms could compound economic disruptions, leaving countries more susceptible to cyber exploitation during crises.[22] The combination of climate events and cyberattacks could also amplify damage and delay emergency responses.

What has been less directly addressed is the possibility of human security issues that arise at the intersection of cyber and climate. Our study leverages the powerful methodology of scenario planning to explore the human security impacts of cybersecurity interactions with climate security events in two Canadian cities. By exploring flooding in Winnipeg and an ice storm in Montréal, we focus on seasonal threats to critical infrastructure and civilian livelihoods. While scenario analysis for environmental disasters is not new,[23] our study introduces the factor of adversarial exploitation through cyberattacks. We examine how cyberattacks—whether state or non-state-sponsored—can intensify the effects of natural disasters, adding a new layer to environmental policy and emergency response.

Scenario Planning as Strategic Methodology

Scenario planning is a strategic methodology that helps organizations anticipate and navigate uncertainty by constructing multiple, plausible future scenarios. The approach focuses on critical uncertainties and the interplay of external drivers, enabling organizations to develop a range of potential futures rather than relying on a singular, deterministic forecast. This approach is integral to decision-making processes, and has been widely adopted in public policy to assist in addressing complex, long-term challenges like demographic shifts and geopolitical instability.[24] By creating multiple alternative narratives, scenario planning challenges conventional assumptions and engages stakeholders in strategic dialogue.[25] This process allows organizations to explore a range of risks, opportunities, and discontinuities, which enhances resilience and strategic foresight.[26] Despite recent advancements in computational tools such as big data analytics, machine learning, and agent-based modeling, scholars still caution against over-reliance on quantitative models. While these advancements provide deeper insights into complex systems and future trends, scenario planning remains an essential tool for navigating uncertainty and shaping strategic decisions.

Scenario planning is particularly useful for our project as it allows us to explore the complex relationship between climate change and cybersecurity, which is characterized by numerous uncertainties. Given the non-linear nature of both climate change and cyber threats, developing multiple possible scenarios allows stakeholders to identify vulnerabilities in critical infrastructure, develop adaptive strategies, and visualize a range of future intersections of these two domains. Such a forward-thinking approach helps ensure decision making is robust, flexible, and prepared for a variety of challenges, fostering long-term security in an increasingly uncertain world.

Identifying Human Security Threats through Scenario Planning

The intersection of cyber threats and climate change introduces new, complex challenges to human security, highlighting the evolving nature of risks in the modern world. As these two domains increasingly converge, the potential for compounded threats to societal stability grows, making it essential to explore how these risks emerge and interact. Scenario planning offers a valuable tool for understanding the dynamics of such emerging threats, allowing for the development of foresight and strategies to mitigate their impact. This section presents two distinct possible scenarios to illustrate the potential human security challenges arising from the interplay between cyber and climate issues: flooding in Manitoba’s Red River Basin and an ice storm in Montréal. While created for the purpose of exploring and assessing threat impact, both scenarios are based in historical reality and involve conceivable climate and cyber events.

Scenario 1: Flooding in Manitoba’s Red River Basin

Flooding is a leading environmental hazard across Canada. Although coastal cities are particular hotspots, the prairie region has experienced the most severe flooding events on record. Indeed, every spring brings a combination of melting snow and heavy rainfall which has historically caused Manitoba’s Red River Basin to experience some of the most damaging floods in Canadian history. Winnipeg and its surrounding farmlands are particularly vulnerable due to their low elevation and proximity to the Red River, which is the primary body of water in a watershed that encompasses nearly 300,000 square kilometres, stretching across the United States border into North and South Dakota and parts of Minnesota.[27] Winnipeg’s flood vulnerability is being exacerbated by climate change as weather patterns shift to alter seasonal cycles, producing increasingly drastic temperature changes from day to day, and amplifying extreme precipitation events. Furthermore, riverbank erosion is increasing the likelihood of extreme flooding, a process which is also accelerated by changing precipitation patterns.[28] The 2011 floods, for instance, reached record levels after a late end to winter increased the period of overlap between snowmelt and the heavy precipitation patterns of spring.[29] While it is comforting to dismiss the damage of the 2011 floods, for example, as a “one-in-2,000-year event,”[30] extreme flooding in the Red River Basin remains a question of when rather than if. Moreover, climate change and historical time patterns of major flood events—the most extreme of which over the past century occurred in 1950, 1997, 2009, and 2011—indicate that extreme flooding is likely to strike the Red River Basin in the near future with unprecedented fervor.

Consequences of extreme flood events in the Red River Basin include the displacement of hundreds of thousands of Manitobans, damages to millions of hectares of lucrative farmland, billion-dollar responses from the federal government, and months-long closures of the Trans-Canada Highway,[31] among others. Despite having an extreme impact on those directly affected, evacuation planning and early action have prevented these floods from claiming more than a few lives. The following section will discuss the risk of cybersecurity threats when managing escalating flooding in areas like the Red River Basin.

Emergency response planning has been at the cornerstone of Manitoba’s successful flood management. There are several areas, however, where prepositioned malware could disrupt this process. The following scenario illustrates the disastrous potential impacts of such malware: Following a winter of heavy snowfall, Winnipeg and the region around the Red River Basin continue to experience snowfall into April while temperatures remain below freezing. Suddenly, temperatures rise, and the defrosting period begins, immediately filling up the Red River to the point of overflow. A week of heavy rain that is typical of early spring is forecast for the region, and Manitobans are warned to prepare for extreme flooding events to occur in two days’ time. Those who live close to the river are warned to evacuate as soon as possible. While some heed this warning and pack up their most valuable possessions to seek refuge with friends or family with homes on higher ground, many residents choose to stay back and protect their homes. To these individuals, the declining Canadian economy and the soaring prices of the housing market make staying back to manually preserve their homes a necessary risk.

As the rain starts falling, individuals begin patching up areas where water trickles into their houses. By the start of the second day of rain, however, many people begin to realize the flooding is becoming dangerous, and they need to evacuate. The Government of Winnipeg has issued a statement urging all residents to immediately evacuate their homes, this time encouraging several more low-lying neighbourhoods to flee to higher ground. In light of these government warnings, more and more people decide to pack up their cars in search of higher ground as the rain is now falling heavier and heavier. However, given the chaos of the situation, communication about which roadways are secure is not always up to date. Traffic jams are already heavy due to the expanded evacuation area and disrupted roadways, making one’s route out of the city an essential choice to get right.

To get the most up-to-date information and to find less popular routes out of the city to avoid traffic, people are relying on popular websites like Reddit or Facebook to hear from fellow residents which roads are clear and which to avoid. Unfortunately, however, there has been a disinformation campaign leading residents right into the path of dangerous, flooded roadways. Traffic continues to back up as cars reach blocked sections of the road which are now so full that they are unable to turn around, causing further backup that makes otherwise viable routes no longer usable. Some cars try to drive through the flooding, only to be carried away—a common mistake that is responsible for more than fifty percent of flood-related drownings in the past decade.[32] Others decide to leave their stuck vehicles and flee on foot, placing them at risk of directly encountering dangerous flood hazards. Children and the elderly are less physically adept at moving on foot, which places many families at heightened risk of exposure.

Elsewhere, emergency response units have experienced a ransomware attack that is withholding critical data on the location of vulnerable residents in flood zones like the elderly, who may need assistance to evacuate and are less likely to have up-to-date information on the flooding. Without this information, thousands of vulnerable residents are left waiting in their homes for help that may not come until it is too late. Structural damage rapidly begins to ramp up, and the likelihood of injury or death to these individuals starts to increase. With every passing minute, the blocked roadways, both from traffic and from floods, are making it increasingly difficult for emergency responders to reach vulnerable households.

As the federal and provincial governments work together to retrieve critical response data, power lines abruptly fall, cutting off communication between critical members of the federal government working to retrieve the data being held ransom, as well as between different emergency response units. While Winnipeg’s emergency flood response plan anticipates the loss of power at times, it tends to occur gradually as flooding goes on. Emergency responders are baffled; they recently took steps to ensure their power grids are more resilient against this exact scenario. It quickly becomes clear, however, that the loss of power is another cyber-based attack. Although a few units have walkie talkies available, any imposition on the ability to communicate within and across various response units comes at an immense cost, particularly as transportation throughout the city becomes increasingly difficult. Thousands who would otherwise be secure at this point are now in the direct path of the floods.

It takes days for the government to recover from the ransomware attack and to restore power lines and communication systems between emergency response units like the CAF, paramedics and ambulances, and the local police and fire departments. The deadly combination of cyberattack and flooding causes thousands of people to experience injuries and lose their lives. The time lost in the most critical moments of the flooding prevented emergency response services from carrying out their proper protocol, which first secures people before protecting against property damages. With countless people unaccounted for, first responders are unable to focus on mitigating the damage caused by the floods and are instead inundated with helping as many people as possible. As a result, Winnipeg loses many of its infrastructure networks and must now grapple with the mounting costs of rebuilding in an already precarious economic context. 

Even one of the three attacks outlined in this scenario would cause immense harm. Experts on flooding have noted that, particularly in those vital moments for first responders, any disruption to emergency protocols has deadly consequences. One cybersecurity attack, let alone the prospect of a number of attacks layered together, threatens to unravel centuries of hard-learned lessons that have and continue to save lives in the Red River Basin.

Scenario Two: Ice Storm in Montréal

Ice storms have long been a security risk for Canadian cities. With little warning, key centres of Canadian life become locked under centimetres of ice, causing power outages that place millions of residents at risk from life-threatening exposure to the cold, and driving waves of destruction that create further hazards like fires, collapsing structures, and unsafe driving conditions. The infamous ice storm of 1998 stands out as the most memorable instance of this disaster after a week of freezing rain caused “a trail of devastation” across Ontario, Québec, and New Brunswick that resulted in the largest domestic deployment of the CAF in Canadian history.[33] As the first line of defence against this storm, the CAF spent weeks responding to emergency situations and protecting residents against the hazardous combination of fallen power lines, inundated roads, and damaged buildings. Indeed, the storm caused mass power outages and immense destruction that is credited with injuring almost 1,000 people, temporarily displacing over 600,000 residents, and tragically taking the lives of thirty-five Canadians.[34] Ottawa and Montréal, the two major cities impacted by the storm, were hit particularly hard as immediate hazards from the ice combined with high concentrations of collapsed infrastructure and buildings to generate secondary hazards like electrical fires. Accordingly, these cities were essentially forced to shut down for weeks, further impacting the wide range of communities who depend on them to produce and/or distribute essential goods and services beyond municipal borders.

As the effects of climate change continue to accelerate, so do the chances of unpredictable ice storms. Caused by the collision of snow, wind, and approaching warm fronts, ice storms are a mounting threat to Canadian cities that are increasingly being launched from one temperature extreme to the next under rapidly shifting weather conditions.[35] Indeed, as highlighted by Canadian Veteran Weather Network presenter Chris St. Clair, “we know that one-in-100-year storms are now happening every five to ten years. We can’t out-engineer weather, but we can engineer for it.”[36] Accordingly, since the estimated $5.4 billion dollars’ worth of destruction in 1998,[37] Canada has taken critical steps to better prepare for future ice storms. These include rebuilding power lines underground wherever possible, for example, and strategically building energy towers to prevent the domino effect observed in 1998, where one tower’s collapse triggered surrounding towers to fall. The loss of electricity during an ice storm, where the ability to evacuate and mobilize emergency response services is limited by compromised transportation infrastructure, poses an immense security risk to cities like Montréal and Ottawa which regularly experience temperatures below freezing during their winter months. After the ice storm in 1998, for instance, Hydro-Québec was only able to restore power in Montréal with aid from the U.S. and other provinces—and even then, as Québec’s primary energy provider, the government-owned corporation had to divert resources and attention away from other affected areas in the province to restore power.[38] Recognizing that, despite the above efforts, energy systems remain vulnerable during ice storms, Montréal has launched a campaign advising residents to prepare for the worst by implementing a backup source of heat when possible, securing emergency stores of food, drinking water, and blankets, and establishing a household emergency plan.[39] Despite these preventative measures, rapidly changing weather patterns combined with the security risks of prepositioned malware have made ice storms a growing threat to cities across Canada. Although the unpredictability of ice storms makes them a less likely target for cyberattacks that require more time and planning, prepositioned malware poses a significant threat against Canadian cities vulnerable to ice storms. The following scenario has been broken down into three aspects of potential disruption: (a) evacuation, (b) emergency response coordination, and (c) disinformation campaigns. Each aspect highlights a specific way in which prepositioned malware could compound the devastation caused by an ice storm of similar strength to the one in 1998.

Montréal averages a whopping 52 centimetres of snow per year in the month of January alone.[40] This year, the city enters the New Year with a notable but unsurprising amount of snow forecasted for the next two weeks. Unphased by the snow, many of Montréal’s residents return to work after the holiday season. What is missing from the forecast, however, is the unexpected bout of warm weather in states like Michigan, Ohio, and New York. The warm air eventually collides with Montréal’s snow, and residents are suddenly confronted with a forecast full of freezing rain. While some alter weekend plans to avoid the roads, most remain unphased—Montréal experiences approximately 12 instances of freezing rain per year, so many of its residents understandably carry on as usual. Unexpected bouts of wind, however, push the warm air under the snowfall further and faster than expected, and freezing rain subsequently begins to fall earlier than anticipated. Realizing that these unexpected winds will increase the period of time in which warm air will rest beneath the falling snow, the City of Montréal issues a sudden warning for its residents to prepare for a full-blown ice storm, advising them to stay home and stick to public transportation if movement is absolutely necessary. As word spreads that this storm could reach the scale of that in 1998, many ignore these warnings and pack up their cars to try to evacuate the city. Compromised by days of snow and an already-forming layer of ice, the main roads on and off the island become swarmed with traffic, resulting in several tragic accidents that disrupt preparations as emergency response services are called to the scene.

Despite these disruptions, Montréal anticipated evacuation-borne accidents in its emergency response plan and has all hands-on deck. What was not considered, however, is a prepositioned malware attack on its traffic lights. As the first set of emergency responders make their way through increasingly congested traffic towards the mounting number of accidents, traffic lights suddenly flicker before all turning green at once. Unaware that their right of way has been compromised, cars begin to slide through icy intersections, swerving in attempts to avoid collision. Large traffic pileups have begun to form across the city as survivors blink in disbelief at the tragic destruction; several vehicles have flipped on their sides or crashed into buildings, causing fires to erupt from damaged engines. Many emergency response services are, themselves, stuck in these collisions and are unable to reach their destinations. People begin to flee their cars towards shelter. Some brave the unpredictable fires that are increasingly erupting to help those who are injured or trapped, but without proper medical equipment or transportation, many lose their lives.

In an ideal scenario, Montréal’s emergency response team would regroup, and help would be on its way via the metro system twenty minutes after the attack on traffic lights. While on route, however, the entire city loses power in one fell swoop as another wave of cyberattacks begin, leaving many responders stuck in the metro system and unable to help. With generators working overtime, federal, provincial, and municipal state offices work to make sense of the attacks, instructing emergency response teams to begin preparing to implement a shelter system for those without heat. Ready to communicate this plan to different response teams across the city, response coordinators are horrified to discover that cell towers are not functioning, leaving teams unable to communicate with each other or the residents in need of rescue. The city immediately sends out teams to assess the cause of this disruption, only to find that most cell towers remain structurally intact. Indeed, communication lines have been compromised by a cyberattack, a threat which the city is far less equipped to mitigate than the physical damages of previous ice storms. Unable to communicate between offices or with the residents in need of shelter and heat, the extensive implications of this attack begin to set in. Realizing that, without heat, time is of the essence, nearby responders head over to Hydro-Québec’s headquarters to gauge how long Montréal might be without power. Upon arriving, it becomes clear that Hydro-Québec has been subject to a ransomware attack which is holding the blueprints of Montréal’s electric grids hostage. While the city manages to restore its cell towers within a few days, the information being held ransom from Hydro-Québec is not regained for over a week, leaving Montréal without power in critical moments of emergency response coordination.

Further concern arises when, following the return of cell towers, disinformation campaigns begin to spread fear-inducing rumors that Montréal will not have power for months, or that the city will soon be under physical attack from the perpetrator of the cyberattacks. Panic ensues, and people begin to hoard essential resources that are dwindling. Transportation systems remain incapacitated, and the city is forced to rely on the limited resources that can be flown in via helicopter. With extensive casualties, injuries, and damages, Montréal faces a long— and expensive— road to recovery.

Conclusion

The increasing convergence of cyber threats and climate change presents a significant and growing challenge to human security, particularly in Canada, where both environmental hazards and technological vulnerabilities intersect. As illustrated by the Western security focus, particularly through alliances like the Five Eyes and NATO, there is an urgent recognition of the vulnerabilities faced by critical infrastructure systems, especially in regions like the Arctic, which are becoming increasingly exposed to both cyberattacks and extreme climate events. These vulnerabilities are compounded by the global rise of adversarial cyber actors, particularly from nations like China and Russia, whose attacks target essential services that citizens rely on daily. The exploration of three primary forms of cyber threat—ransomware, attacks on infrastructure, and disinformation campaigns—serves to highlight the emerging risks to public safety and the integrity of national infrastructures, emphasizing the complex nature of modern security challenges.

The cases of flooding in Manitoba's Red River Basin and an ice storm in Montréal provide poignant examples of how these threats can coalesce in devastating ways. In Manitoba, the combination of extreme flooding events exacerbated by climate change, disinformation campaigns that misdirected residents during evacuation efforts, and ransomware attacks that crippled emergency response systems resulted in significant casualties and infrastructure damage. Similarly, the scenario in Montréal illustrated the cascading impact of unexpected weather patterns, compounded by cyberattacks that crippled traffic systems, power grids, and communication infrastructure, further hampering strained emergency response efforts. These two scenarios exemplify the urgent need for advanced preparedness and comprehensive response strategies that account for both the physical threats posed by climate change and the technological vulnerabilities exploited by cyber adversaries.

Given the growing dependency on critical digital infrastructure and the increasing frequency and intensity of extreme weather events, the necessity of a robust, integrated approach to security has never been more pressing. This includes not only improving the resilience of infrastructure systems but also ensuring that cybersecurity measures are embedded in disaster planning and response frameworks. As demonstrated in both scenarios, disruptions to communication systems, emergency protocols, and access to real-time information can have catastrophic effects on public safety and delay recovery efforts. Scenario planning offers a vital tool for anticipating and understanding the compounded threats posed by the intersection of cyber and climate security. By using scenario-based exercises, governments, military agencies, and civilian organizations can better prepare for and mitigate the effects of these complex, interrelated challenges. The evolving nature of these risks highlights the necessity for a continuous reassessment of security frameworks to ensure they are fit to address the interconnected threats of the 21st century. Ultimately, a forward-thinking, proactive approach to security, one that integrates climate and cyber risk management, will be crucial for safeguarding human security and ensuring resilience in the face of increasingly frequent and severe disruptions.

Scenario analysis, as a methodological tool, does not seek to predict the future but rather helps to surface new questions and possibilities, expanding our understanding of potential challenges in complex and uncertain environments. For researchers, this method provides a framework to explore a wider array of risks and uncertainties, often uncovering dynamics or emerging trends that might otherwise be overlooked, thus fostering a more comprehensive examination of interconnected systems. For defence analysts, scenario planning plays a crucial role in enhancing strategic foresight by revealing a diverse range of potential future challenges, many of which could disrupt established defence paradigms, enabling the creation of more adaptable and resilient security strategies. By focusing on plausible futures rather than fixed, deterministic outcomes, scenario analysis encourages critical thinking, strategic innovation, and long-term preparedness, allowing stakeholders to better anticipate and respond to unforeseen events or shifts in the landscape.