Should data centers be designated as critical infrastructure?
September 2024 by Kim Larsen, CISO at Keepit
Recent legislation on the designation of data centers as critical infrastructure provokes Kim Larsen, CISO at Keepit, who offers this comment:
"The initiatives we are currently seeing from legislators across the EU, UK, and the US to protect critical infrastructure are of great importance. Both NIS2 and DORA in the EU; the Cyber Security and Resilience Bill and the classification of data centers as critical infrastructure in the UK; and the White House’s recent "Roadmap to Enhancing Internet Routing Security" report are commendable efforts that play a significant role in strengthening societal resilience.
Digital infrastructure—data centers, the internet, etc.—are the cornerstones of our digital ecosystem, making them vital for maintaining essential functions that support access to healthcare, emergency services, transportation, financial services, energy, and more. It is encouraging that governments worldwide are mindful of the need to protect all components essential to sustaining critical infrastructure. This focus from global leaders aligns with the work we undertake in the security industry and with the agenda carried by CISOs within organizations: prioritizing security and ensuring a contingency plan is in place to keep the organization operating at a satisfactory level.
Of course, defending against external threats, accidents, and disasters is a reactive exercise and every incident is different to previous situations. But the most significant and crucial step in any risk management and business continuity plan, and the foundation to an effective defense, is identifying what is critical to keep things running and ensuring those elements are protected.
Ultimately, it almost always comes down to having access to your systems and data, and — alongside electricity— the fundamental requirement is a secure and readily accessible backup."