NEI September 2025

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

DIGITAL & IT | RISK AND THREAT carbon AI assets Securing low-

Risks from state actors to critical assets like data centres mean wider energy infrastructure also needs to raise its security game. Civil nuclear security

regimes offer valuable insights into assessing security and producing a plan. By Steve Rumbold, Managing Director, Enterprise Security Risk Management team, Kroll

AI DEMAND AND NET-ZERO ambitions are combining to fuel increased interest in new nuclear and other forms of low-carbon electricity generation. Big tech companies are investing in small modular reactors (SMRs) and even exploring recommissioning old nuclear power stations. Large new nuclear power stations continue to be constructed. At the same time, energy networks are being targeted by

state actors as part of hybrid warfare and sub-threshold disruption campaigns that are below the threshold for an active state of war to exist, also known as “grey zone” activities. Data centres supporting AI are normally highly resilient, designed to operate for extended periods without power from the grid. However, targeted physical and cyber-physical attacks on energy infrastructure could challenge this resilience. Assessment of the most serious national-level risks offers interesting context but is limited as a reference point for private sector operators. Systemic risks are not fully understood. Innovation that produces efficiencies may also offer attractive new targets

for adversaries. Resilience regulation has evolved to acknowledge not just the physical aspects of cybersecurity but also direct sabotage, requiring operators to better understand physical risks to their assets and develop mitigation plans. Whatever national or regional rules apply, private sector organisations need a coherent approach. How should we think about high-impact, low-probability

risks from targeted threats affecting critical infrastructure services? How can we better understand systemic risk across cyber and physical domains? How do we convert postulated strategic risk into prioritised actions?

Going beyond compliance Interpretation and compliance with regulations like the EU’s Network and Information Systems Directive (NIS2) and Critical Entities Resilience Directive (due to come into effect for designated critical entities, including the energy and digital infrastructure sectors, in July 2026) is a start, but operators need to plan beyond mere compliance. Because impacts go beyond individual enterprises, public

Above: Nuclear is a good option for data centres because it supplies reliable baseload and is highly resilient and secure by design, due to stringent nuclear safety and security requirements 28 | September 2025 | www.neimagazine.com

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40 | Page 41 | Page 42 | Page 43 | Page 44 | Page 45