Updated on: September 13, 2024
The UK is now labeling data centers as critical infrastructure to improve their cybersecurity defenses.
Critical infrastructure has more stringent cybersecurity standards than a normal company would have, guaranteeing its protection against a broad range of threats.
There are also large investments in data centers across England. This includes a 3.75 billion pound investment into the largest data center in Hertfordshire.
Amazon invested 8 billion pounds towards building data centers around the country. Other major companies have followed, putting pressure on the UK government to make sure the data centers are secure.
The push for increased security comes after the UK faced a series of devastating cyber-attacks across the past several years. According to Comparitech, more than 80% of companies faced incidents from 2021-2022.
Recent attacks, like the Crowd Strike incident, disrupted doctor appointments in clinics across the country. In May, the UK Armed Forces had its data exposed by a data breach, including the personal data of enlisted soldiers.
“Bringing data centers into the Critical National Infrastructure regime will allow better coordination and cooperation with the government against cyber criminals and unexpected events,” writes UK technology minister, Peter Kyle.
Labeling data centers as critical infrastructure automatically extends the same protection that water and energy companies get.
This includes government oversight and maintenance, intrusion detection systems, more comprehensive incident response plans, and more. It also means that data centers must comply with the Cyber Assessment Framework (CAF) and the National Cyber Security Centre (NCSC) security standards. They also will be required to send highly detailed incident reports.
If a company fails to meet the standards for critical infrastructure, it faces steeper penalties. Fines, sanctions, and even the risk of being completely shut down.
“Cyber-threats are growing — from hostile states to criminals using AI to exploit vulnerabilities,” Kyle explains in a post on X.