How to protect data centres as Critical National Infrastructure

07 October 2024

Richard Petrie, CTO, LINX (London Internet Exchange)

The recent announcement on 12th September saw the UK government officially designate data centres as critical national infrastructure (CNI), marking a significant recognition of their importance to our modern digital society.

This move highlights the evolving understanding of what constitutes essential infrastructure, and it brings to light the growing dependence on digital connectivity. As of March 2024, the UK had the third highest number of centres in the world, behind the USA and Germany, with 514. But what does this classification mean for the protection of data centres, and how can we safeguard such vital assets in a world increasingly prone to both cyber threats and environmental risks?

When protecting our digital infrastructure, the primary solutions fall to network resilience and network redundancy, both with the ultimate aim of minimising downtime. The recent CNI designation should form part of a wider digital protection strategy, creating protocols and fail-safes to reroute network traffic in the event of an outage.

Network resilience

Network resilience is a network’s ability to withstand, absorb, and bounce back from unforeseen events that could impact its performance and availability. It is a wider strategy involving redundancy, diversity, flexibility, scalability and security.

With important systems such as healthcare, transport and education reliant on digital connection, it’s vital that networks are built with resilient infrastructure and protocols in place to ensure connections always remain online. Critical industries can’t afford to have downtime.

Cyber-attacks and extreme weather pose significant risks to increasingly digitised CNI systems. As these systems become more vulnerable to cyber intrusions like hacking and ransomware, a successful attack on a data centre could disrupt vital communication networks and public services such as healthcare. Additionally, climate change exacerbates the threat of severe weather events, which can disrupt power supplies and damage infrastructure. Data centres, reliant on stable electricity and cooling, are particularly at risk from prolonged outages or flooding, potentially crippling essential services.

For critical services such as water supply, energy grids, transport and care systems, continuity is vital. These sectors depend heavily on communication networks to manage operations around the clock and respond to emergencies. For example, a hospital relying on digital records, diagnostic tools, and communication networks must have contingency plans in place to ensure that critical care can continue during a network outage or system failure.

The new designation of data centres demands strong resilience and preparedness against physical and digital threats, including robust strategies to mitigate cyberattacks and outages.

Network redundancy

Another key strategy for preventing or minimising damage is network redundancy. Network redundancy means creating backup systems that can take over if the primary system fails, i.e. in the case of a power outage caused by an extreme weather event. For data centres, this might involve setting up alternative pathways for data to travel in the event of a failure or having backup power supplies ready to kick in during an outage.

The principle is simple: if one part of the system goes down, another part takes over seamlessly. This helps prevent widespread disruption and ensures that critical services, such as emergency communications or hospital systems, remain online even in the worst-case scenario.

Redundancy isn’t just about hardware — it’s also about processes. Data centres need to have clear plans for how to respond to a failure, including how to communicate with the public and the organisations they serve. This level of preparedness is essential for ensuring that failures, when they inevitably occur, don’t escalate into full-blown crises.

“For critical services such as water supply, energy grids, transport and care systems, continuity is vital. These sectors depend heavily on communication networks to manage operations around the clock and respond to emergencies.”

 

Why do we need to protect data centres?

Traditionally, CNI included physical infrastructure like power plants and water treatment facilities. However, as society becomes increasingly digital, the definition of CNI now extends to digital and cloud-based services, particularly data centres. These centres are crucial for storing, processing, and transmitting data that supports critical services across various sectors. As data continues to scale, resilient infrastructure becomes increasingly important to ensure uninterrupted data flow and protect against downtime, which can prove costly across many sectors.

Failures in critical national infrastructure can be caused by various factors, but two major threats stand out: cyber-attacks and extreme weather events. In both cases, it’s not a matter of if but when. These threats are becoming more common, and CNI operators must be prepared to face them head-on.
The heightened protection afforded by the CNI classification, through the government’s support in the event of a threat, should result in high availability and minimal downtime, which has a positive domino effect on disaster recovery and data protection.

By integrating continuity planning with robust IT infrastructure, organisations can ensure that essential services are not interrupted. This includes having backup power supplies, redundant data storage systems, and alternative communication channels in place.

The road going forward

As data centres become more central to everyday connectivity, their importance will only continue to grow. The classification of data centres as CNI should be seen as part of a broader strategy aimed at enhancing internet redundancy and resilience across the board. It will facilitate government support and funding to increase the speed of recovery when an inevitable threat hits.

By focusing on network resilience, continuity, and proactive threat management through a wider network redundancy strategy, we can protect critical national infrastructure — and the services that depend on it — from the inevitable challenges of the future.