The UK has classified data centres as Critical National Infrastructure (CNI), a move that’s been described as “long overdue.”
It has been almost a decade since another industry was classified as CNI, with the country’s space and defence sectors gaining the same status in 2015.
In a rather excitable statement, the Department for Science, Innovation and Technology promised the data centre sector a “massive boost and protections from cyber criminals and IT blackouts”.
It said that the upgraded CNI designation meant the nation’s data “is set to be safer from cyber attacks, environmental disasters, and IT blackouts as part of government’s drive for economic growth.
The government hopes its decision will give more protection to information “housed and processed in UK data centres,” ranging from “photos taken on smartphones to patients’ NHS records and sensitive financial investment information.”
Westminster claimed data is now “less likely to be compromised during outages, cyber attacks, and adverse weather events.”
“Putting data centres on an equal footing as water, energy and emergency services systems will mean the data centres sector can now expect greater government support in recovering from and anticipating critical incidents, giving the industry greater reassurance when setting up business in the UK and helping generate economic growth for all,” the Department for Science, Innovation and Technology wrote.
“Critical National Infrastructure status will also deter cyber criminals from targeting data centres that may house vital health and financial data, minimising disruption to people’s lives, the NHS and the economy,” the Department added optimistically.
A dedicated CNI data infrastructure team of senior government officials will now monitor the nation’s data centres to “monitor and anticipate potential threats,” provide prioritised access to security agencies, including the National Cyber Security Centre, and “coordinate access to emergency services should an incident occur.”
If, for example, a data centre hosting critical NHS patients’ data is attacked, the government will now “intervene to ensure contingencies are in place to mitigate the risk of damage or to essential services, including on patients’ appointments or operations.”
The government’s announcement came after a proposed £3.75 billion investment in Europe’s largest data centre. DC01UK has submitted plans to Hertsmere Borough Council to build a facility in Hertfordshire which will allegedly create more 700 local jobs and support 13,740 data and tech jobs across the nation.
Technology Secretary Peter Kyle said: “Data centres are the engines of modern life, they power the digital economy and keep our most personal information safe.
“Bringing data centres into the Critical National Infrastructure regime will allow better coordination and cooperation with the government against cyber criminals and unexpected events.
“The huge £3.75 billion private investment announced today in Hertfordshire is a vote of confidence in those plans and a clear example of my determination to ensure technological advancements are helping to grow our economy and create wealth across the country.”
Currently, the UK is home to the highest number of data centres in Western Europe. It’s hoped that improving resilience will support economic growth.
Bruce Owen, UK managing director of digital infrastructure provider Equinix, said: “We welcome today’s announcement by the government that recognises the critical nature of data centres and digital infrastructure to the economy and society.
“Equinix is happy to have played an important role in the consultation process to bring about today’s critical national infrastructure status, which we believe will help safeguard the industry by ensuring the stability and growth of the UK and global economy and lay the groundwork for the UK’s bright digital future.”
Sylvain Cortes, VP Strategy at Hackuity, told The Stack that consumers, businesses, and the public sector “should commend the UK Government’s designation”.
“The move is long overdue and will hopefully pave the way for more countries to follow suit,” he said. “Data is the foundation of trillions of annual transactions, to say nothing of the other CNI dependent on these very data centres. Coincidentally, that makes them a prime target for the $10-trillion cybercrime industry.”
Will the CNI designation improve the nation’s security posture?
One major point to consider is that data storage doesn’t take place in Britain alone. If it faces friction when crossing borders, performance issues are bound to follow.
Toby Lewis, Global Head of Threat Analysis at Darktrace, told The Stack: “Any new rules will need to work across borders. Many data centres serve multiple customers at once meaning new restrictions could affect all users of a data centre, even those not considered part of critical infrastructure. This could slow down innovation or make things more expensive for some businesses.
“To avoid these issues, data centres might need to set up separate areas just for critical infrastructure. However, this could make it harder for important services to use cloud technology efficiently, potentially leading to higher costs. Organisations need to balance the benefits of security with added cost.
“This is another strong and timely step from the government in improving resilience across critical national infrastructure, supply chains, the public sector, and strategically important businesses. By addressing these interconnected elements of our digital landscape, we can significantly reduce weak links and create a more robust cyber defence posture for the UK.”