In a significant move, data centers in the UK will now be classified as critical national infrastructure (CNI) alongside energy and water systems. This decision, announced by UK Technology Secretary Peter Kyle on September 12, aims to provide enhanced protection against cyber-attacks and prevent major IT blackouts.

As part of this initiative, the UK government has proposed a substantial £3.75bn investment in a new data center in Hertfordshire, located in the north of London.

Enhanced Security Measures for Data Centers

By designating data centers as CNI, they will now benefit from increased government support in recovering from and preventing critical incidents. A dedicated CNI data infrastructure team comprised of senior government officials will be established to monitor and preempt potential threats, provide access to security agencies like the National Cyber Security Centre (NCSC), and coordinate emergency services in case of an incident.

This move is crucial in ensuring that essential services, such as critical NHS patient data, are safeguarded in the event of an attack. The government’s intervention will help mitigate risks and ensure continuity of services.

Technology Secretary Peter Kyle emphasized the importance of better coordination and cooperation with the government in defending against cyber threats and unexpected events.

The UK, being home to the highest number of data centers in Western Europe, generates significant annual revenues from the sector. A recent £8bn investment from Amazon Web Services (AWS) will further boost the industry and support numerous jobs across the country.

The decision to elevate data centers to CNI status has been well-received by industry experts, including NCSC CEO Felicity Oswald and cybersecurity firm CEO Andy Kays.

Promoting Internet Redundancy and Cyber Resilience

Jennifer Holmes from the London Internet Exchange (LINX) advocated for wider internet redundancy strategies to ensure network continuity in the face of cyber-attacks or natural disasters. This initiative aligns with the proposed Cyber Security and Resilience Bill to strengthen the UK’s defenses against cyber threats.

Aleksandr Yampolskiy, CEO of SecurityScorecard, highlighted the need to address single points of failure across the UK critical infrastructure network. While the UK has made commendable efforts in cybersecurity, more cohesive legislative measures are required for robust protection.

The elevation of data centers to CNI status marks a significant development, with the UK now recognizing 14 sectors as critical national infrastructure.