The UK government's recent designation of data centers as Critical National Infrastructure (CNI) is a significant step forward, particularly from a cybersecurity standpoint
This status will strengthen data center defenses around their Operational Technology networks, such as connected air conditioning systems, electricity networks, surveillance cameras, and other connected equipment, which are all critical to data center operations.
"Putting data centres on an equal footing as water, energy and emergency services systems will mean the data centres sector can now expect greater government support in recovering from and anticipating critical incidents, giving the industry greater reassurance when setting up business in UK and helping generate economic growth for all." - UK Government.
Data centers and cloud computing infrastructure house the bulk of the digital assets that power our modern economy, including sensitive information and the systems that support essential services, such as healthcare and finance. With this new classification, data centers are subject to enhanced protection measures and government support. This will not only bring more support to bear during cyber incidents and minimize disruptions but should help raise the bar for the level of cybersecurity required around data centers – IT and OT included.
This is crucial as OT systems often bridge the gap between physical and digital assets. Cyber attacks on IT systems will propagate to OT systems, causing costly downtime. Raising the bar for cybersecurity in data center facilities will reduce the risk of catastrophic cyber disruptions to critical services.
Data centers are so foundational for many sectors supporting the global economy that more stringent cybersecurity requirements can only bolster investor confidence. With improved defenses, businesses are more likely to invest in building and expanding data center operations within the UK.
Labeling data centers as critical infrastructure has several beneficial consequences - other countries should consider similar initiatives.
DeNexus has been working with early adopters of Risk-based Cybersecurity for data centers. We have extended our Cyber Risk Management platform, DeRISK™, to account for the unique characteristics of data center facilities and enable data center security staff to allocate cybersecurity resources and budget to projects that matter and reduce cyber risk.
Visit any of the following resources to learn more:
- UK Government press announcement: Data centres to be given massive boost and protections from cyber criminals and IT blackouts
- DeNexus for Data Center Facilities
- Article in DataCenter Knowledge: Cybersecurity Risks Threaten the Physical Infrastructure of Data Centers
- Article in Beta News: Priorities for data center OT security in the cloud era