Critical Infrastructure Security , Operational Technology (OT)
US NTIA Probes Data Center Security Risks
Agency Publishes Notice Soliciting Comments on Potential Federal ResponseAn artificial intelligence-fueled growth in data center construction has the federal government asking what it should do to help manage data security risks.
See Also: Energy Sector Threat Brief
The National Telecommunications and Information Administration in a Tuesday notice said the government is interested in identifying opportunities "to improve data centers' market development, supply chain resilience, and data security."
Secure data centers require both IT and OT, leading the NTIA to ask whether the data center industry faces equipment supply chain shortages and what interdependencies exist in the supply chain. The federal agency also said it wants to learn more about preventing counterfeit IT and OT components from making their way into data centers and the auditing processes that exist to assess equipment.
AI itself forms a portion of the NTIA's request for comments, and the agency is probing the security considerations for data centers running or training frontier AI models and for integrating AI into its infrastructure. Nearly 5,000 data centers already cluster across the United States, and consultancy McKinsey predicted demand growing by roughly 9% year over year through the end of this decade. An ongoing shift to cloud computing combined with the advent of data-thirsty AI tools has sparked concerns that demand could outstrip supply as growth is hampered by factors such as a faltering supply chain. The NTIA in its notice also observed that data centers put new demands on the power grid and water infrastructure.
America's largest data center market is only tens of miles away from NTIA's downtown Washington, D.C., headquarters in a previously rural area of Northern Virginia now known as Data Center Alley. Windowless warehouses occupied by computers powering Amazon, Google and Microsoft consume more than 25 million square feet - and have an insatiable demand for cool water in a part of the country facing rising temperatures.
Cyberattackers could easily turn data centers' need for massive cooling systems into a vulnerability - especially after a cybersecurity company in 2019 found more than 20,000 instances of publicly exposed data center infrastructure management software giving hackers access to HVAC control systems and power distribution.
Comments on the NTIA notice are due 60 days after its official publication in the Federal Register on Wednesday.