The U.K. recently made news in the push to protect its national critical infrastructure. Noting pervasive cyber vulnerabilities, the country granted one type of physical facility critical infrastructure status.
Which one? Read on to find out.
The U.K. grants national critical infrastructure status to its data centers
Well, a few weeks ago British Technology Minister, Peter Kyle said data centers across the U.K. will be given the Critical National Infrastructure (CNI) designation.
The U.K. also announced plans to develop an 85-acre data center in Hertfordshire, England, which would become one of the largest such facilities in Europe.
What is critical national infrastructure?
But what is critical national infrastructure in the first place? And why do data centers need to be so designated?
The U.K. classifies critical national infrastructure as national assets that are essential to the functioning of society, such as those associated with energy supply, water supply, transportation, health, and telecommunications.
The designation also includes some functions, sites, and organizations which are not critical to the maintenance of essential services, but which need protection due to the potential danger to the public (civil nuclear and chemical sites, for example).
In the U.K., there were 13 national infrastructure sectors prior to this most recent announcement:
-
- Chemicals
- Civil Nuclear
- Communications
- Defense
- Emergency Services
- Police
- Ambulance
- Fire services
- Coast guard
- Energy
- Finance
- Food
- Government
- Health
- Space
- Transport
- Water
Why data centers were designated as national critical infrastructure
Why add data centers to the already lengthy list?
For one, the U.K. has the largest number of data centers in Western Europe. The sector’s overall economic impact to national revenue is £4.6bn ($6bn) per year.
Data centers themselves contain information assets and intellectual property. As a result, they are often the primary focus of targeted attacks.
The stated objective of this particular push is to better protect U.K. data from cyber-attacks and prevent major IT blackouts. In the words of the Technology Secretary:
“Bringing data centers into the Critical National Infrastructure regime will allow better coordination and cooperation with the government against cyber criminals and unexpected events.”
How is data center security being enhanced?
From now one, U.K. data centers will receive greater government support in recovering from and anticipating critical incidents.
What’s more, a dedicated CNI data infrastructure team of senior government officials will be established to monitor and anticipate potential threats, provide prioritized access to security agencies including the National Cyber Security Centre (NCSC), and coordinate access to emergency services should an incident occur.
Other critical infrastructure regimes
The U.K., however, won’t be the first country to designate its data centers as critical national infrastructure.
Australia’s Security of Critical Infrastructure Act (SoCI) designates data storage or processing as a critical infrastructure sector, as well.
Indeed, certain data centers, should they be designated as systems of national significance, might even have to abide by that legislation’s enhanced cyber security obligations.
That obligation addresses the Government’s need to build active partnerships to ensure the flow of near real-time information needed to better understand and address threats (situational awareness).
Of course, there’s more to the enhanced cyber security obligation than that. What else is there to learn, not just for Australian entities but all critical infrastructure operators. Check out our Guide to Australia’s Critical Infrastructure Legislation to find out.