Cybersecurity: A Blind Spot for Data Centers?

The AI revolution depends on data centers, and new data centers continue to be built at a breakneck pace, but this FTI Consulting article says that investors in those projects should be aware of a potential data center “blind spot” – the risk of a cyber attack:

The most insidious dangers are those that strike remotely, exploiting the systems that control power, temperature, and access. In a world where data centers support critical infrastructure, an incident could affect everything from defense networks to consumer banking and many other critical applications we take for granted.

Modern data centers are marvels of automation, often run from remote control centers linked by complex networks. The classic line about future factories being staffed by a man and a dog—the man to feed the dog, the dog to keep the man from tinkering—has come true. Walk through a 4-megawatt section of a larger complex, and you might find it almost deserted. Power distribution, cooling, and security are all managed through interconnected systems. This is operational technology today, where supervisory controls run massive industrial processes. They’re also prime targets for adversaries.

History is replete with worst-case scenarios. The Stuxnet attack on Iranian nuclear facilities, the Ukrainian power grid breach, and the Triton malware incident at a Saudi petrochemical plant all targeted operational technology with devastating effects. Although there are no reported cases of such an event at a data center, a similar incident could be used to create power surges or overheating that fry GPUs—components so sensitive that they tolerate no downtime.

The threats are changing, too. As AI takes on more facility management, its algorithms become another entry point for threat actors to exploit. If corrupted, the same AI that optimizes performance could just as easily sabotage it.

The article says that current safeguards, such as periodic stress tests, are necessary but insufficient, and could give operators a false sense of security in a rapidly changing threat environment. The article offers some guidance to investors on the kind of questions they should ask to ensure that cybersecurity isn’t a blind spot in the data center project they’re considering investing in.