Data Centres Given Critical National Infrastructure Status In Britain

Uploaded on 2024-10-15 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

In September, the Technology Secretary Peter Kyle declared that UK data centres will now be classified as Critical National Infrastructure (UK CNI), marking the first new CNI designation since 2015.

UK CNI constitutes critical elements of infrastructure of which the loss or compromise could result in major detrimental impact on essential public services, emergency systems, national security, defence, or the functioning of the state. 
 
This new designation places data centres on par with essential services, ensuring they receive prioritised support during critical incidents such as cyber-attacks, environmental disasters, and IT blackouts.

This follows the Science and Technology Committee’s recent inquiry into the cyber resilience of the UK CNI sector, during which the importance of bolstering the digital infrastructure against potential cyber-attack was emphasised. 

Key Aspects  

Data centres are crucial to the UK’s digital economy, powering essential services like healthcare, finance, and increasingly AI applications. Investment in data centres has surged recently, particularly within the UK; for example, Chancellor Rachel Reeves confirmed that Amazon Web Services plans to invest £8 billion in the UK over the next five years to build, operate, and maintain data centres.

Important aspects and implications of their designation as UK CNI include as follows: 

  • Strengthening UK’s digital Infrastructure:  The UK Government’s growing investment in the digital sector necessitates parallel enhancements in protections to ensure its resilience and security. A notable recent development is the proposed £3.75 billion investment welcomed by the UK Government in Europe’s largest data centre in Hertfordshire, which is anticipated to create nearly 14,000 jobs across the UK. As technological advancement and development become increasingly central to government policy and integral to the daily lives of UK citizens, such as in NHS records, financial information, and personal data stored on smartphones, it is increasingly critical to ensure the digital infrastructure storing this data is secure.
  •  Recent Cybersecurity Incidents: The need for greater resilience in the UK’s Digital infrastructure can be highlighted by two significant incidents this year. The first was a ransomware attack affecting services provided by Synnovis, a pathology firm, causing severe disruptions at healthcare sites including Guy’s and St Thomas’ Hospital and King’s College Hospital which resulted in the cancellation of operations and the diversion of emergency patients.

Additionally, the faulty CrowdStrike software update that caused a global computing outage was estimated as causing approximately £7.8 billion in damages, indicating the potential financial damage arising from such incidents. The greater protection given to datacentres by the new CNI classification will reduce and mitigate the impact of such incidents. 

  •  NIS Regulations: The UK Network and Information Systems Regulations 2018 (NIS) are a crucial cyber security framework applicable to to ‘operators of essential services’ and ‘relevant digital service providers’, enhancing the security and resilience of network and information systems across sectors like energy, healthcare, and finance. The NIS2 Directive came into force across the European Union in January 2023, which is aimed at CNI sectors and expanded the original scope of the NIS Directive to include other critical sectors such as space, waste, water, food, and manufacturing.

Although the EU’s NIS 2 Directive does not apply directly to the UK, the UK government plans to align its NIS regime with the EU’s updated framework to strengthen cyber defences, particularly for digital service providers and future-proofing the regulations. Proposed reforms include expanding the scope to cover ‘managed services’ and implementing a flexible risk-based assessment regime regulated by the UK Information Commissioner. These measures aim to ensure high levels of cyber-resilience and safeguard essential services against cyber threats. 

  •  Cyber Security and Resilience Bill:  The government plans to introduce the Cyber Security and Resilience Bill to strengthen the country’s cyber defences, as announced in the King’s Speech in July. This legislation will mandate that providers of essential infrastructure (i.e., UK CNIs) protect their supply chains from cyber threats, as well as expanding the scope of the current NIS Regulations, safeguarding a wider range of digital services and supply chains than currently protected. 
  • Enhanced Government Support: The new classification means UK data centres will receive additional government support in anticipating and recovering from emergencies. This includes the creation of a dedicated CNI data infrastructure team of senior officials who will monitor potential threats and coordinate priority access to government security agencies (including the National Cyber Security Centre) and emergency services to ensure rapid response and recovery during critical incidents.

 Takeaways
The classification of data centres as Critical National Infrastructure marks a pivotal moment for the UK’s digital economy. By providing enhanced protections and support, the UK government aims to ensure the resilience and security of data centres, fostering a secure environment for investment and growth.

This move not only intends to safeguard vital data but reinforce the UK’s position as a leader in data security and technological innovation.

David Varney and Victoria McCarron are Technoloy & Data lawyers at Burges Salmon

Image: Unsplash

You Might Also Read: 

Proposed British Digital Information & Smart Data Bill:

DIRECTORY OF SUPPLIERS - Critical Infrastructure Security:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Remote Pager Attack Begins A New Era Of Warfare
Attackers Can Use RAM To Steal Data From Air-Gapped Networks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

WIRED

WIRED

WIRED is the magazine about what's next – the people, the trends and the big ideas that will change our lives. Topics covered include cyber security.

Cysec Resource Co (CRC)

Cysec Resource Co (CRC)

We offer expertise in information and cyber security, sourcing individuals and teams who provide information security expertise to the public and private sector.

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

NISC was established as a secretariat of the Cybersecurity Strategy Headquarters in collaboration with the public and private sectors to create a "free, fair and secure cyberspace" in Japan.

Paramount Computer Systems

Paramount Computer Systems

Paramount is a regional leader in the Middle East for cybersecurity solutions and consulting services.

Cyberkov

Cyberkov

Cyberkov services include Pentesting, Vulnerability Assessments, Digital Forensics, Incident Response, Source Code Analysis and Security Training.

Oneconsult

Oneconsult

Oneconsult provides cyber security services focusing on penetration tests / ethical hacking, ISO 27001 security audits and incident response & IT forensics.

Advens

Advens

Advens is a company specializing in information security management. We provide Consultancy, Security Audits and Technology Solutions.

Enigmatos

Enigmatos

Enigmatos is an Israeli based Automotive Cyber Security company. We provide solutions to the ever growing threat of vehicle hacking.

NOW Insurance

NOW Insurance

NOW Insurance provides small business owners and other professional classes with a seamless purchasing experience for general liability, professional liability, and cybersecurity insurance coverage.

ClassNK Consulting Service (NKCS)

ClassNK Consulting Service (NKCS)

ClassNK Consulting provides consulting services to the maritime industry with a focus on safety, security and compliance.

Dr Web

Dr Web

Since 1992 the Russian anti-virus Dr.Web has been helping companies to keep their digital assets protected and operate in a secure digital environment.

Cisco Systems

Cisco Systems

Cisco helps seize the opportunities of tomorrow by proving that amazing things can happen when you connect the unconnected.

RSK Cyber Security

RSK Cyber Security

RSK Cyber Security are a leading cyber security services company that uses services, consulting, and product knowledge to lower security risk across the board.

NORMA Cyber

NORMA Cyber

NORMA Cyber delivers centralised cyber security services to Norwegian shipowners and other entities within the Norwegian maritime sector.

NetBird

NetBird

NetBird combines a WireGuard-based overlay network with Zero Trust Network Access, providing a unified platform for reliable and secure connectivity.

CallCabinet

CallCabinet

CallCabinet is the premier cross-platform SaaS provider for end-to-end compliant call recording, AI-driven conversation analytics, call QA, and custom business intelligence reporting.