In the latest edition of his newsletter – Data Center Security News, Christopher Hills details how the modern data center has long been positioned as a digital fortress, engineered to withstand cyber threats through layered defenses, redundancy, and tightly controlled access. That model is no longer sufficient. Below is an excerpt from the latest edition, with a link below to the full piece.
The rapid rise of artificial intelligence has transformed data centers into critical infrastructure whose disruption carries consequences far beyond a single organization. What was once a back-end operational asset is now a foundational component of economic stability, national security, and global competition. As a result, the threat landscape is shifting. The next major data center incident is unlikely to begin with malware alone. It may begin at a substation, along a fiber route, within a cooling system, or through a trusted individual with legitimate access. The boundary of risk has expanded beyond the data hall, and security must expand with it.
Artificial intelligence workloads are driving unprecedented demand for power, water, land, and connectivity, tying data centers more tightly than ever to public infrastructure and regional systems. This dependency introduces new vulnerabilities that sit outside the traditional scope of data center security programs. The World Economic Forum has formally identified AI infrastructure as critical infrastructure, warning that disruptions to these facilities now have systemic implications across economies and societies.¹ At the same time, industry analysis from Data Center Knowledge highlights that many of the most significant risks are not inside the facility, but within the interconnected systems that support it, including utilities, transportation networks, and regional dependencies.² This represents a fundamental gap between how data centers have historically been secured and how they must be secured going forward.
The evolving threat environment is increasingly defined by physical and hybrid risks. Attackers are no longer focused solely on penetrating hardened networks; they are targeting the infrastructure that enables those networks to function. Power infrastructure provides a clear example. Research from the IEEE indicates that North American electrical grids have experienced thousands of physical security incidents in recent years, ranging from vandalism and theft to coordinated attacks on substations.³ In high-density AI environments, even localized disruptions to power can cascade into significant operational impact. At the same time, intelligence reporting from The Soufan Center points to a rise in online rhetoric and planning related to the sabotage of data centers, driven by ideological, environmental, and geopolitical motivations.⁴ These developments reflect a broader shift in adversarial thinking, where the focus is less on breaching the facility itself and more on exploiting the dependencies that sustain it.
This shift demands a redefinition of data center security. Traditional approaches centered on perimeter defenses, access control systems, and internal monitoring must evolve into a broader, integrated model that addresses the full lifecycle and ecosystem of the facility. Security must extend from the point of power generation through transmission, distribution, and facility operations, ultimately reaching the equipment itself. Power supply chains, water and cooling systems, fiber routes, and supply chain dependencies must all be treated as integral components of the security architecture. Each represents a potential point of failure, and each must be assessed and managed as part of a unified risk strategy. This “grid-to-rack” perspective recognizes that resilience is not created within the walls of the data center alone but across the entire system that enables its operation.
Read the full piece, here
For more data centre news, click here
