The UK government has asked for help strengthen the security and resilience of UK data centers and cloud services.
The eight-week consultation, announced by data minister Julia Lopez and the Department for Digital, Culture, Media & Sport, aims to ensure the UK's data infrastructure improves its protection from cyber threats and disruption, while navigating the move to the cloud.
The consultation is part of the government’s National Data Strategy.
Tell us how to do it
"Data centers and cloud platforms are a core part of our national infrastructure," said Lopez. "They power the technology which makes our everyday lives easier and delivers essential services like banking and energy. We legislated to better protect our telecoms networks and the internet-connected devices in our homes from cyber attacks and we are now looking at new ways to boost the security of our data infrastructure to prevent sensitive data ending up in the wrong hands."
The government wants to hear what tools are used in other sectors, and the press release mentions measures such as having an incident management plan in place, notifying a regulator when an incident impacts their services, and a requirement for a person, board, or committee to be held accountable for security and resilience. Importantly, it wants to make sure that measures are extended to cover cloud use as well as in-house resources.
The existing Networks and Information Systems (NIS) Regulations 2018 covers cloud computing services, and the National Cyber Security Centre and Centre for the Protection of National Infrastructure also offer regular guidance for data centers and online assets.
As well as big national assets, the consultation also hopes to help small businesses using cloud platforms as a cheap way to operate online. The announcement notes that between 2013 and 2019, the number of businesses using the cloud more than doubled, according to research from the Office for National Statistics, so that now more than half of businesses relying on public cloud.
"As the UK’s reliance on digital services grows, shielding this infrastructure against disruption will protect the economy," says the release.
Lopez is hoping for responses from data center operators, cloud platform providers, data center customers, security and equipment suppliers, and cyber security experts, and also plans to get a picture of who is renting data center infrastructure, and what steps are being taken to address security and resilience vulnerabilities.
The call focuses both on cyber and physical attacks to data center infrastructure from malign or state actors.
It also aims to look at market concentration risks, including whether many data centers located close together can be impacted simultaneously by physical threats or hazards such as extreme weather. Another market risk is a supply chain relying too much on a small number of suppliers or service providers.
For example, it states: "Multiple sites relying on backup fuel power in an energy crisis, leading to a demand for fuel that exceeds supplier capacity in particular regions."
The answers could potentially be used to target government support from the DCMS.
Give your answers here before the end of Sunday 24 July.