The UK government has designated data centres in the country as critical national infrastructure (CNI). The enhanced government cybersecurity support that comes with such a status, it claimed, will give these facilities greater protection from cybercriminals and IT blackouts. This marks the first CNI designation since the Space and Defence sectors were awarded such a status in 2015.
“Data centres are the engines of modern life,” said DSIT secretary Peter Kyle. Such facilities “power the digital economy and keep our most personal information safe. Bringing data centres into the Critical National Infrastructure regime will allow better coordination and cooperation with the government against cyber criminals and unexpected events.”
Enhanced government protection for data centres
As part of the CNI designation, a dedicated CNI data infrastructure team will be established. This team will monitor potential threats and ensure prioritised access to security agencies such as the National Cyber Security Centre. It will include senior government officials, who will coordinate emergency services in the event of an incident.
Bestowing CNI status on data centres in this way, argued the government, will ultimately deter cyber criminals from targeting facilities storing critical health and financial data, thereby reducing disruption to individuals, the NHS, and the economy. Business confidence in the UK’s data centre sector – an industry that generates approximately £4.6bn in revenues annually – would also be boosted.
The announcement of the designation coincides with a proposed £3.75bn investment in Europe’s largest data centre in Hertfordshire by data company DC01UK. This development is expected to generate more than 700 local jobs and support 13,740 data and tech jobs across the UK. It also comes after Amazon Web Services (AWS) unveiled plans the previous day to invest £8bn in the country over the next five years, focusing on developing, operating, and maintaining data centres nationwide. AWS’ investment alone is expected to contribute an estimated £14bn to the UK’s gross domestic product (GDP) by the end of 2028, in addition to supporting over 14,000 full-time equivalent jobs each year at local businesses across the country.
Perilous cybersecurity environment for CNI
The government’s bestowal of CNI status on data centres follows its announcement of plans this summer to pass new cybersecurity legislation. The Cyber Security and Resilience Bill, it said, would impose new requirements on operators of essential infrastructure to secure their supply chains, digital and physical, from breaches.
Precisely what impact CNI status will have on the protection of data centres from attack is hard to measure. Recent data suggests that sophisticated cybercriminal gangs may be unmoved by the announcement. A recent study by the cybersecurity firm KnowBe4 found that attempted breaches of CNI rose by 30% last year. Another survey by Check Point Research, meanwhile, that cyberattacks on US utilities have spiked by 70% this year alone.