The UK government has classed UK datacentres as ‘critical national infrastructure’, which it says will make them less likely to be compromised during outages, cyber attacks, and adverse weather events. Putting datacentres on an equal footing as water, energy and emergency services systems will mean the datacentres sector will receive greater government support in recovering from and anticipating critical incidents.

CNI designation will see the setting up of a dedicated data infrastructure team of senior government officials who will monitor and anticipate potential threats, provide prioritised access to security agencies including the National Cyber Security Centre, and coordinate access to emergency services should an incident occur.

The government argues that CNI status will also deter cyber criminals from targeting datacentres that may house vital health and financial data, minimising disruption to people’s lives, the NHS and the economy. For example, in the event of an attack on a datacentre hosting critical NHS patients’ data, the government would intervene to ensure contingencies are in place to mitigate the risk of damage or to essential services, including on patients’ appointments or operations.

Peter Kyle, technology secretary, said: “Datacentres are the engines of modern life, they power the digital economy and keep our most personal information safe. Bringing data centres into the Critical National Infrastructure regime will allow better coordination and cooperation with the government against cyber criminals and unexpected events.”

The CrowdStrike incident earlier this summer, affecting 60% of GP practices with disruption to software holding patients’ appointment details, prescriptions, and health records showed the significant impact of IT and cyber threats on people’s lives.

Earlier in the summer, the government also announced its intention to introduce the Cyber Security and Resilience Bill and strengthen the country’s cyber defences by mandating that providers of essential infrastructure protect their supply chains from attacks.

Dr. Aleksandr Yampolskiy, CEO of cyber security ratings platform SecurityScorecard, commented: “We welcome datacentres being given greater protections from cyber attacks and IT outages, but more must be done to identify and address single points of failure across the UK critical infrastructure network. History will continue to repeat itself if the cyber security community does not actively monitor supply chain risk."

---