back to article UK elevates datacenters to critical national infrastructure status

From today, the UK is designating datacenters as critical national infrastructure (CNI). As a result, the sector is expected to get special government support designed to prevent negative economic impacts of IT outages like CrowdStrike's, cyberattacks, and extreme weather events. That special support will come in the form of a …

  1. elsergiovolador Silver badge

    Umbrella

    Now umbrella companies will make a killing.

    Just imagine thousands of contractors gathering around data centres holding umbrellas so these don't get wet when it is raining!

  2. Anonymous Coward
    Terminator

    Critical infrastructure and cyberattacks

    From today, the UK is designating datacenters as critical national infrastructure (CNI). As a result, the sector is expected to get special government support designed to prevent negative economic impacts of IT outages like CrowdStrike's, cyberattacks, and extreme weather events”.

    Then how about not connecting your critical infrastructure directly to the Internet. For each utility use a VPN running on embedded hardware. With end-to-end encryption, full auditing and with multiple routes through the Internet.

    1. elsergiovolador Silver badge

      Re: Critical infrastructure and cyberattacks

      Then how about not connecting your critical infrastructure directly to the Internet. For each utility use a VPN running on embedded hardware. With end-to-end encryption, full auditing and with multiple routes through the Internet.

      How low paid staff is going to know what VPN is? "Boss tried to install this VPN I saw on YouTube, but we are using something called Lanux. I don't even know where is the control panel, there is just weird text like in those hacker movies. Have we been hacked?"

  3. MrReynolds2U

    opening paragraph

    If we lose the apostrophe in "CrowdStrike's" we can use it as a noun for particular type of attack or failure.

    We could even quantify it in the Reg Standards. If we think of it as amount of infrastructure taken offline, sub-units could be some of: a new MCSE, Molly-guard failure, expired TLS cert, expired domain name, a MS Quality Update, NPM dependency malware, under-sea cable damage, BGP cock-up, EMP. Other suggestions welcome.

  4. abend0c4 Silver badge

    Special government support

    It would be nice to think that would come with special responsibilities for the providers.

    1. Like a badger

      Re: Special government support

      There will be some, in the forthcoming Cyber Security & Resilience bill. Reportedly to include mandatory incident report, specific rules relating to ransomware attacks, and fines for non-compliance with cyber security standards*. If it's anything like the Product Safety bill, it will also enable the rules to be made and changed through secondary legislation - which can save a lot of time compared to primary legislation, but at the expense of transparency and scrutiny.

      I remain to be convinced that designating bit barns as CNI will do anything for the operators of those facilities. They'll be obliged to offer access to their systems to the security services and various other regulators, be on the hook for both new penalties and a mooted cost-recovery scheme for the "benefits" of being CNI, said regulators will have the powers for pro-actively seeking out vulnerabilities**, but what exactly is the government going to do for the operators? I'm not seeing any obvious benefits.

      * Remains to be seen if the relevant security standards are up to date and relevant to the threats.

      ** Upcoming role of Cyberwitchfinder General. I shall apply, and insist that I'm allowed to wear boots and a cape around the office.

      1. elsergiovolador Silver badge

        Re: Special government support

        Perfect setup to ensure on the big ones remain on the market.

        1. Like a badger

          Re: Special government support

          How so? Existing bit barns or any size aren't going to turn the MIB away if they turn up, are they? Adding a regulator or two (eg the Welsh Ambulance Service*) to the list of people who have a theoretical right of entry isn't going to make much difference to operators fo different scale.

          Also, the clue is in the word hyperscaler, that the bit barn business isn't an SME opportunity, it relies on in-depth expertise and competence, the ability to shift loads, to plan big complex infrastructure builds, and find and spend huge amounts of money.

          * For international readers, this is a jibe at the UK government's intrusive and unjustified cyber-snooping rules.

          1. elsergiovolador Silver badge

            Re: Special government support

            isn't an SME opportunity, it relies on in-depth expertise and competence

            That's quite a contradiction here. SMEs usually have in-depth expertise and competence, but fail due to cards stacked against them.

            Then is is either starve or work for big corporations. We shouldn't be condoning such market conditions that favour the rich and ultimately suck all the resources out of the economy and reduce diversity.

            1. Roland6 Silver badge

              Re: Special government support

              >SMEs usually have in-depth expertise and competence, but fail due to cards stacked against them.

              Which is what happened a few years back with cloud.

              Remember there were specialists that were serving the public sector, just that the idiots in charge decided they were too expensive, didn't have deep enough pockets etc, and got Microsoft to implement gCloud on joe public cloud infrastructure.

    2. Falmari Silver badge
      Devil

      Re: Special government support

      @abend0c4 "It would be nice to think that would come with special responsibilities for the providers."

      Not going to happen, it seems the government don't think that would be nice for the providers. From the BBC's article on this https://www.bbc.co.uk/news/articles/c23ljy4z05mo.

      "However there will not be any new regulations, nor is additional scrutiny of data centre operators’ existing contingency arrangements planned."

  5. clyde666

    Diplomacy instead of aggressiveness

    Maybe if some of these "responsible" government types put more effort into old fashioned diplomacy instead of aggressiveness, it might reduce the cyber aggression from others.

    It won't make any juicy headlines in the Daily Express, but I'm all for anything that helps to tone back this inexorable talking ourselves into conflict.

    1. Anonymous Coward
      Anonymous Coward

      Re: Diplomacy instead of aggressiveness

      So sweet talking Pooty and Pooh is going to make them wake up tomorrow and think "I know, I'll crack down on all the mis-information, digital espionage, and cyber-attacks I've spent years ordering or condoning?

      How charmingly innocent you are.

  6. M7S
    FAIL

    “Senior Government Officials”

    These will be the ones who thought their PPE degree from Oxford/Cambridge was more useful than the PPE medics required during the pandemic

  7. druck Silver badge
    Stop

    Exempt AI

    While many data centres house functions which could be considered critical national infrastructure, any hosting AI workloads should be exempted. We don't want this useless waste of vast quantities of energy being given priority access to the grid in times of high demand.

  8. Roland6 Silver badge

    Change of use of existing datacentres...?

    If datacentres are critical national infrastructure, I wonder if this means all those businesses with datacentres - which they have been emptying by migrating systems into the cloud hyperscalers, now have to apply for government permission to close their datacentre down...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like