search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
RISK AND THREAT | DIGITAL & IT


Above: Substation fires can represent a single point source of failure for IT infrastructure Source: Doble


and private sectors must enhance their coordination to coherently knit together national-level strategic risks and operational-level risks. Over the last 20 years, security cooperation between asset operators and national technical authorities and regulators has evolved – this must now include co-operation between subject matter experts and the military. Using high-level risk registers as a starting point, then drilling down to plausible scenarios applicable to operators, can flush out actionable decisions that address risk. Modern data science can be used to elucidate complex systemic risks at scale. At an operational level, cyber risk quantification and physical risk quantification can be used to measure risk, including financial impacts, with more confidence, enabling better mitigation options.


Power hungry data centres The UN’s International Energy Agency (IEA) stated in its 2024 World Energy Outlook that “a substantial increase in electricity consumption from data centres appears inevitable.” In the UK, around 500 data centres currently consume 2.5% of all electricity. In Ireland, the figure is 21%. Those figures are projected to reach 6% and 30% respectively by 2030. In the US, the figures are estimated to grow from 4% in 2024 to between 4.6% and 9.1%. High loads are required for both cooling and computation, for example generative AI searches use 10 times more power than normal Google searches. Despite gains in efficiency over the last decade, these more active servers demand substantial cooling. And, of course, more people and technologies are using AI, so we need more data centre capacity. The IEA reported the average increase in installed servers was 4% per year from 2010 to 2020, but since 2020 this could be up to around 15% per year. However, from a security and resilience perspective, the concentration of data centres within national electricity grids poses a more relevant challenge. US data centres are highly concentrated regionally, for example in Virginia.


Low-carbon needs Data centres are under pressure to reduce carbon footprints by using low-carbon sources. Every big tech company has made a commitment to net zero ambitions. Nuclear continues to provide low-carbon “firm” load to the grid, with new nuclear projects backfilling nuclear plants that are nearing their end-of-life. In the UK nuclear new builds include Hinkley Point C and Sizewell C. Globally, there is increasing interest in SMRs to provide reliable low-carbon


generation for data centre hubs. Nuclear is a good option for data centres because it supplies reliable baseload and is highly resilient and secure by design, due to stringent nuclear safety and security requirements. Amazon Web Services chief executive Matt Garman recently cited nuclear power as a “great solution” to data centre needs and “an excellent source of zero-carbon, 24/7 power.” This seems like a sensible partnership for data centres, which are also designed to be extremely resilient (driven by high availability requirements). However, nuclear power stations take time to build, partly because of those same stringent safety and security requirements. Data and electricity interconnectors can increase overall


resilience and help keep up with demand. For offshore generation, offshore hybrid assets (OHAs) can provide more efficient connections from multiple sources. However, the benefit of connecting energy networks is balanced by the potential vulnerabilities of single-node targets for adversaries.


National-level risks, the UK example The UK government publishes a National Risk Register (NRR), which is a public-facing version of a non-public National Security Risk Assessment. Like all risk registers, especially ones that translate to a 5x5 matrix, it needs to be understood in context. As a strategic overview with very broad scope, it is not a detailed decision support tool, and – unlike its classified cousin, which is continuously updated – it has only been published publicly twice: once in 2023 and again in January 2025. Out of the 89 risks it describes, only a very few moved at all from 2023 to 2025. But it’s still good to know what types of risk government worries about and that may be a starting point for scenario planning. The register identifies a selection of big-ticket items that should at least


give pause for thought. Examples of these risk’s include: ● Failure of National Electricity Transmission System (NETS) (any cause)


● Regional Failure of Electricity Network (any cause) ● Conventional or Cyber attacks on infrastructure (including electricity, gas, civil nuclear or fuel supply)


Systemic risk and sabotage While there is a danger of assigning too much precision to strategic risks, there is also peril in not being precise enough about operational risks that can contribute to systemic failure. Low-carbon energy sources and increased interconnection are valuable ways of meeting AI power


www.neimagazine.com | September 2025 | 29


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45