I N D U S T R Y I N T E L L I G E N C E

The classification of data centres as Critical National Infrastructure marks a pivotal moment for the UK ’ s digital economy . By providing enhanced protections and support , the UK government aims to ensure the resilience and security of data centres , fostering a secure environment for investment and growth . This move not only intends to safeguard vital data but reinforce the UK ’ s position as a leader in data security and technological innovation .

Earlier this month , the Technology Secretary , Peter Kyle , declared that UK data centres will now be classified as Critical National Infrastructure ( UK CNI ), marking the first new CNI designation since 2015 .

UK CNI constitutes critical elements of infrastructure of which the loss or compromise could result in major detrimental impact on essential public services , emergency systems , national security , defence or the functioning of the state .

This new designation places data centres on par with essential services , ensuring they receive prioritised support during critical incidents such as cyberattacks , environmental disasters and IT blackouts . This follows the Science and Technology Committee ’ s recent inquiry into the cyber-resilience of the UK CNI sector , during which the importance of bolstering the digital infrastructure against potential cyberattack was emphasised .

Dr Aleksandr Yampolskiy , CEO , SecurityScorecard

We welcome data centres being given greater protections from cyberattacks and IT outages , but more must be done to identify and address single points of failure across the UK critical infrastructure network .

History will continue to repeat itself if the cybersecurity community does not actively monitor supply chain risk . SecurityScorecard ’ s recent research , in collaboration with McKinsey , shows that 62 % of the global external attack surface

Any outage is a reminder of the fragility and systemic ‘ nth-party ’ concentration risk of the technology that runs everyday life : airlines , banks , telecoms , stock exchanges and more . Contrasting with the European Union ’ s proactive stance in cybersecurity legislation with the introduction of NIS2 and CRA directives , the UK currently lacks a cohesive legislative counterpart despite commendable efforts from the National Cyber Security Authority ( NCSA ).

Our previous report , Addressing the Trust Deficit in Critical Infrastructure , found 48 % of global critical manufacturing is at significant risk of breach demonstrating the need for a much more robust integration of cyber and infrastructure planning . SecurityScorecard takes this opportunity to urge the government to advocate for comprehensive legislative action .

For SecurityScorecard , the absence of standardised cyber-risk measurements has perpetuated a security trust deficit , with regulations and standards varying significantly across different sectors and nations . This inconsistency has led to a patchwork of security measures , leaving critical infrastructures exposed to cyberthreats .

Camellia Chan , CEO and Cofounder , Flexxon

Vast amounts of information are stored and managed in data centres , so it ’ s about time the UK government declared them a critical national infrastructure . This is especially important since the presence of such huge amounts of data – which is increasing with the rise in data-hungry applications like AI – is a massive motive for cybercriminals . The effects on business operations and continuity , as well as the financial losses of a cyberattack can be devastating – in 2023 , the average cost of a data breach was US $ 4.45 million .

Data centres cannot afford to rely solely on traditional software security such as firewalls and VPNs . These reactive , static and human-centric methods can be too

32 www . intelligentdatacentres . com