The Government’s Department for Science, Innovation & Technology (DSIT) has today announced that they’ve classed data centres – the buildings which store much of the networking and data generated in the UK – as Critical National Infrastructure (CNI). The move affords such sites greater protections, much like energy supply, water supply, transportation, health and telecoms (e.g. broadband and mobile).
Sites or networks designated as CNI are those facilities, systems, sites, information, people, networks and processes, necessary for a country to function and upon which daily life depends. It also includes some functions, sites and organisations which are not critical to the maintenance of essential services, but which need protection due to the potential danger to the public (e.g. civil nuclear and chemical sites).
NOTE: This move marks the first CNI designation in almost a decade, since the Space and Defence sectors gained the same status in 2015.
However, despite the fact that data centres help a lot of critical broadband and mobile networks to function (i.e. most of your internet data will be passing through them), they have thus far not been considered part of CNI. But putting data centres on an equal footing will mean the sector can now expect “greater Government support in recovering from and anticipating critical incidents, giving the industry greater reassurance“.
The CNI designation will, for example, see the setting up of a dedicated CNI data infrastructure team of senior Government officials who will monitor and anticipate potential threats, provide prioritised access to security agencies, including the National Cyber Security Centre (NCSC), and coordinate access to emergency services should an incident occur.
The government also claims that CNI status will “deter cyber criminals from targeting data centres that may house vital health and financial data, minimising disruption to people’s lives, the NHS and the economy“, which seems to venture more into the territory of wishful thinking. Granted, having extra legal protection and support is a positive, but that’s never stopped cyber criminals before, particularly state sponsored actors.
“In the event of an attack on a data centre hosting critical NHS patients’ data, for example, the Government would intervene to ensure contingencies are in place to mitigate the risk of damage or to essential services, including on patients’ appointments or operations,” said the announcement. But whether that sort of action is actually a help or a hindrance to recovery is another matter.
Peter Kyle MP, Technology Secretary, said:
“Data centres are the engines of modern life, they power the digital economy and keep our most personal information safe.
Bringing data centres into the Critical National Infrastructure regime will allow better coordination and cooperation with the Government against cyber criminals and unexpected events.
The huge £3.75bn private investment announced today in Hertfordshire is a vote of confidence in those plans and a clear example of my determination to ensure technological advancements are helping to grow our economy and create wealth across the country.”
Bruce Owen, UK Managing Director of Data Centre Provider Equinix, said:
“We welcome today’s announcement by the government which recognises the critical nature of data centres and digital infrastructure to the economy and society.
The internet, and the digital infrastructure that underpins it, has rapidly grown to be as fundamental to each one of our daily lives as water, gas, and electricity, and is now a service that people and the UK economy can no longer live without.
Equinix is happy to have played an important role in the consultation process to bring about today’s critical national infrastructure status, which we believe will help safeguard the industry by ensuring the stability and growth of the UK and global economy and lay the groundwork for the UK’s bright digital future.”
The Government claims this move will provide greater reassurance that the UK is a safe place to invest in data centres, although we don’t think that’s ever been a particular obstacle before. The country is chocked full of data centres, and indeed we’re already home to the highest number of data centres in Western Europe.
On the other hand, this news comes at the same time as a proposed £3.75bn investment in Europe’s largest data centre, as plans are submitted to Hertsmere Borough Council for construction in Hertfordshire by data company DC01UK, which will directly create over 700 local jobs and support 13,740 data and tech jobs across the country.
Lest we forget that the new Government recently proposed to introduce the Cyber Security and Resilience Bill (CSRB), which aims to strengthen the country’s cyber defences by mandating that providers of essential infrastructure protect their supply chains from attacks. But this comes only a short while after the previous government introduced a raft of new telecoms and network security laws, which operators are still adapting to.
Too many new rules, in a relative short space of time, risks putting a huge financial and resource strain on some network operators. Not to mention that some of the added government bureaucracy doesn’t always make for the most efficient of processes.