Incidents to Critical National Infrastructure (CNI)

Planning for low frequency, high impact cyber security incidents to Critical National Infrastructure (CNI) and data centres

Dennis Martin, Cybersecurity and Crisis Management at Axians UK

In cyber security, even those of us who are seasoned in the field sometimes get a reminder of how critical our systems are. One recent example was the closure of Europe’s largest hub airport, which caused widespread disruption to hundreds of thousands of travellers, air crew, and ground staff. While this event was focused on the aviation sector, it’s a reminder of the risks faced by critical national infrastructure (CNI) across all industries, including data centres.

Data centres , much like airports, are a backbone of modern society. With countless businesses relying on them for their operations, the stakes are incredibly high when things go wrong. Recent statistics show that there are approximately 8,000 data centres in Europe alone, with the industry receiving billions in investments from major players like Microsoft, AWS, and Google, further highlighting their importance in the digital economy.

Data centres are power-hungry by nature, with a vast demand for electricity to keep servers running and ensure minimal downtime. In fact, most data centres are designed to withstand a single or even a double power failure, with backup generators, uninterruptible power supplies (UPS), and other measures in place to prevent service disruptions. According to industry experts, this is often sufficient under normal circumstances. However, accidents and unexpected events can still happen, as we’ve seen in recent incidents involving major players like Microsoft and Crowdstrike. Despite the best preparations, these high-impact, low-frequency cyber security events can cause significant disruptions.

When an incident occurs, the immediate priority is to ensure a safe power-down of the data centres, failover to secondary systems, and then a smooth restoration of power with minimal disruption to services. Each of these steps presents unique challenges, and they must be executed efficiently to prevent cascading failures that can affect customers and end users.

Alerting to power down

We must emphasise the importance of timely and accurate alerts when it’s time to power down systems. A well-structured alerting system should not only notify personnel of issues but also help automate the response to minimise human error and response time. In these critical situations, having clear, actionable alerts can make all the difference in ensuring the safety of equipment and data.

Failing over and testing before resuming service

Failover procedures are vital during power outages or any similar incident. The ability to automatically or manually switch to backup systems must be thoroughly tested before an actual incident occurs. Our experts recommend regular real-world simulations to ensure these failovers happen seamlessly and that backup systems are continuously optimised for peak performance.

The process doesn’t end when power is restored. It’s equally important to carefully monitor the system as services are brought back online. Continuous testing of critical systems to ensure they are stable and operating within normal parameters. Monitoring tools must provide real-time insights into the restoration process to ensure everything returns to optimal performance quickly.

At Axians, we take a proactive approach to help our customers plan for these low-frequency, high-impact cyber security incidents. Our recommendation is clear: audit your systems, run real-world tests, and always prepare for the unexpected. Just as airports must plan for the rare but catastrophic disruptions like those seen at London Heathrow, data centres must be ready for any incident, no matter how unlikely it may seem. The cost of failure is simply too high.

Get in touch with us to find out more about how we can help you prepare for risks to your cyber security.