industry
UNLOCKED
WHAT CNI CLASSIFICATION MEANS FOR UK DATA CENTRE PROVIDERS
The UK government has officially recognised data centres as part of the Critical National Infrastructure , marking a significant milestone in the country ’ s Digital Transformation efforts .
This decision underscores the vital role data centres play in maintaining the backbone of the UK ’ s economy and national security . In parallel , the government has announced plans to introduce a new Cybersecurity and Resilience Bill , as outlined in the King ’ s Speech in July , aiming to bolster the country ’ s cyberdefences .
This legislation is expected to address growing cyber-risks and enhance the protection of critical digital assets across the UK .
In this feature , five industry experts offer their perspectives on what these developments mean for the sector ’ s future .
David Varney , Partner , Burges Salmon .
The classification of data centres as Critical National Infrastructure marks a pivotal moment for the UK ’ s digital economy . By providing enhanced protections and support , the UK government aims to ensure the resilience and security of data centres , fostering a secure environment for investment and growth . This move not only intends to safeguard vital data but reinforce the UK ’ s position as a leader in data security and technological innovation .
Earlier this month , the Technology Secretary , Peter Kyle , declared that UK data centres will now be classified as Critical National Infrastructure ( UK CNI ), marking the first new CNI designation since 2015 .
UK CNI constitutes critical elements of infrastructure of which the loss or compromise could result in major detrimental impact on essential public services , emergency systems , national security , defence or the functioning of the state .
This new designation places data centres on par with essential services , ensuring they receive prioritised support during critical incidents such as cyberattacks , environmental disasters and IT blackouts . This follows the Science and Technology Committee ’ s recent inquiry into the cyber-resilience of the UK CNI sector , during which the importance of bolstering the digital infrastructure against potential cyberattack was emphasised .
Dr Aleksandr Yampolskiy , CEO , SecurityScorecard
We welcome data centres being given greater protections from cyberattacks and IT outages , but more must be done to identify and address single points of failure across the UK critical infrastructure network .
History will continue to repeat itself if the cybersecurity community does not actively monitor supply chain risk . SecurityScorecard ’ s recent research , in collaboration with McKinsey , shows that 62 % of the global external attack surface is concentrated in the products and services of just 15 companies .
Any outage is a reminder of the fragility and systemic ‘ nth-party ’ concentration risk of the technology that runs everyday life : airlines , banks , telecoms , stock exchanges and more . Contrasting with the European Union ’ s proactive stance in cybersecurity legislation with the introduction of NIS2 and CRA directives , the UK currently lacks a cohesive legislative counterpart despite commendable efforts from the National Cyber Security Authority ( NCSA ).
Our previous report , Addressing the Trust Deficit in Critical Infrastructure , found 48 % of global critical manufacturing is at significant risk of breach demonstrating the need for a much more robust integration of cyber and infrastructure planning . SecurityScorecard takes this opportunity to urge the government to advocate for comprehensive legislative action .
For SecurityScorecard , the absence of standardised cyber-risk measurements has perpetuated a security trust deficit , with regulations and standards varying significantly across different sectors and nations . This inconsistency has led to a patchwork of security measures , leaving critical infrastructures exposed to cyberthreats .
44 WWW . INTELLIGENTCISO . COM