UK Labels Data Centers as Critical Infrastructure – But What Will This Mean for the Industry?

When the UK’s Technology Secretary Peter Kyle announced that data centers were to be designated ‘critical national infrastructure’ (CNI) it did not come as a complete surprise, even if it was the first such new designation in almost a decade.

While the general election had been light on policy commitments from all sides, the incoming Labour government was clear that it would be keen to encourage growth in the data center sector.

Kyle was keen to assert the benefits that the industry would enjoy as a result. “Data centers are the engines of modern life,” he said this month. “Bringing data centers into the CNI regime will allow better coordination and cooperation with the government against cyber criminals and unexpected events.”

The move coincided with the announcement of plans by Amazon to invest £8 billion ($10.5 billion) in new UK data center capacity and the go-ahead for the £3.75 billion ($5 billion) DC01UK facility in Hertfordshire.

But what does the critical infrastructure designation actually mean, and how helpful will it be for data center operators in the UK?

Critical Thinking

According to the UK government, the new designation will result in a “dedicated CNI data infrastructure team of senior government officials” who will monitor and anticipate potential threats, provide prioritized access to security agencies, including the National Cyber Security Centre (NCSC), and coordinate access to emergency services should an incident occur.

Related:What the New UK Government Means for the Country’s Data Center Sector

In the days after the CNI announcement, data center operators contacted by Data Center Knowledge welcomed the move as a positive development.

“This is not an overnight decision but the result of years of careful consideration within the Department for Science, Innovation & Technology, where a dedicated team has worked closely with operators to understand the operational and market characteristics of the sector,” Emma Fryer, director of public policy, Europe, at CyrusOne told Data Center Knowledge.

A data center being constructed in Slough near London (Image: Yondr)

The catalyst, she added, had been the disruption caused by the COVID-19 pandemic: the supply chain bottlenecks, disruption caused in operation and construction, and the need for key worker status for data center staff to support the move to working from home. Without home working, the economic fallout from COVID would have been vastly worse, Fryer argued.

“We started to appreciate that being categorized CNI might have potential benefits, as well as burdens,” she said. “This new designation gives a strong signal that data centers are of strategic importance to the UK economy. We need adequate data infrastructure capacity just as we need water and energy – data centers underpin the modern economy.”

Related:DOE Report Exposes Critical Impact of AI on Data Center Power Consumption

Will Innes, a senior digital infrastructure professional at NTT Data, agrees: “There are benefits in terms of prioritization for things like fuel and, as we saw during COVID, over matters like staffing.”

This designation also means greater scrutiny for the sector and, inevitably, some added bureaucracy to ensure compliance, believes Fryer. “For us, though, the important thing will be to maintain a candid and high-quality dialog with the government to ensure that any planned measures are appropriate,” she adds.

So, while it might entail some extra bureaucracy, the opportunity to influence policy is a worthwhile trade-off.

No Data Center is an Island

Dr Thomas King, chief technology officer at carrier-neutral internet exchange operator DE-CIX, believes the new designation may not go far enough. After all, a data center on its own is next to useless. It is connectivity that counts, he told Data Center Knowledge. If the government regards data centers as critical, Dr King says it must also pay attention to the myriad networks, submarine cable landing stations, and other vital infrastructure that underpins the digital economy.

Related:The Pros and Cons of Public Cloud Storage for Data Center Backups

“It’s in the data centers where the data and applications are located, stored, and operated… but it’s communications and interconnection that makes it happen,” King told Data Center Knowledge. “This is why interconnection is critical, in my view, to the modern world with all the digital services that we use every day.”

For example, in 2018, China Unicom’s facilities in Los Angeles were found to have been rerouting internet traffic via Hangzhou, China before forwarding the traffic to Washington, DC. Moreover, this had been running for almost three years in what was described as a Border Gateway Protocol (BGP) hijacking. It’s unclear whether it was deliberate or accidental.

The UK government said the new designation will strengthen the security of its data centers (Image: Alamy)

Nevertheless, US authorities are now, belatedly, conducting an investigation into the activities of Chinese telecoms companies in the US over concerns that their cloud and communications operations could be used to compromise US national security. Despite the incident uncovered in 2018, all the companies – all Chinese state-owned – are still involved in the routing of US internet traffic.

Securing aging web protocols like BGP should therefore be a priority, Dr King said. Like much of the underlying protocols governing the internet, it was originally intended simply to work, with security more of an afterthought. “The question now is, how do we ensure that protocols to secure internet routing get adopted?” asks King.

Read more of the latest data center news from around the world

He believes that BGPSec – an extension to BGP published in 2017 – is crucial among a range of measures to secure internet traffic, including RPKI , RO A, ROV , and ASPA .

Hence, too, designating an entire sector as critical national infrastructure is one thing, but genuinely securing it and the infrastructure it depends upon requires an understanding of the details that are no doubt way beyond any government minister or collection of civil servants.

“The internet is really a network of networks – we have about 100,000 networks run by different companies, and they all need to be interconnected,” Dr King said.

Scaling Securely

Stellium operations director Paul Mellon also points out that submarine cable landing stations are often physically poorly secured, and communications are increasingly routed via networks owned by multinational giants when even in the recent past they would have been the monopoly of national telecoms companies like BT.

Equally important for the data center sector, says Innes, is the commitment of the government to reform the UK’s restrictive planning system, which Kyle alluded to in his announcement last week. This had seen local authorities in different parts of the country refuse planning permission for major new data centers on somewhat tenuous but entirely legal grounds, just before the election.

The new government has pledged to streamline the building of critical infrastructure. And with data centers included under that line item that should make it easier for data center operators to expand in the UK – energy availability permitting, of course.

“It depends on the follow-through, but the planning system is probably the biggest constraint at the moment,” says Innes. What is also urgently needed is “investment in, or facilitating investment in, upgrading a constrained power grid infrastructure,” he adds. “This is really required to unlock data center capacity, but it’s a real bottleneck at the moment.”

On top of that, power generation itself has also become an increasingly pressing issue, but with   that could get worse before it gets better. That, however, is another issue entirely.

Shaping the Future of Digital Infrastructure

While there are still details to iron out, the UK’s decision to designate data centers as critical infrastructure is a key moment for the industry. The move opens the door for more support and protection from the government, which will be crucial in navigating challenges like security threats and regulatory changes. At the same time, operators should be prepared for added scrutiny and the potential for increased bureaucracy.

With countries like Singapore considering similar action, it will be interesting to see if more nations follow suit amid the continued surge in digital infrastructure demand and the growing importance of data center operations across the globe.