search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
DIGITAL & IT | RISK AND THREAT needs with net-zero ambitions. However, these


approaches may inadvertently create vulnerabilities and offer attractive opportunities for adversaries who may be willing to use physical and cyber means to disrupt essential services. The interconnected nature of these risks is recognised by governments, exemplified by resilience- focused legislation. The private sector’s control of most aspects of critical national infrastructure in the face of state-sponsored sabotage techniques means that private- public collaboration efforts must operate on all levels, from the strategic to the tactical. Users and typical low-carbon


generation components include: ● Data Centres: Data centres are generally both highly secure and highly resilient by design. A core design principle is that grid power should not be relied upon; therefore, in theory AI applications can continue to be powered continuously if an uninterruptible power supply is in place and there is fuel and oil for the generators. And even then, multiple data connections mean that critical applications don’t rely on a single data centre. This generally makes for a low return on risk investment for adversaries for a single act of physical sabotage.


● Large new nuclear or recommissioned nuclear: From a security and resilience perspective, civil nuclear power is very mature. State-agreed design basis threat (DBT) assessments express government risk appetite and drive physical protective security measures. Security planning and operations are well resourced, normally including on-site armed response capabilities. Security and safety work hand-in-hand, and both are highly regulated. However, recommissioned nuclear power stations like Three Mile Island may have legacy issues where protective security addressing modern threats must be layered onto older infrastructure.


● Small Modular Reactors: SMRs are advanced nuclear reactors that have a power-generating capacity of up to 300 MWe per unit, about one-third of traditional nuclear power reactors. SMRs co-located within large data centre complexes are being considered for future on-site, reliable generation capability. Like their larger cousins, SMRs are also subject to national nuclear security regulations, which set a very high bar. SMR engineering advances in passive safety could reduce the potential for unacceptable radiological consequences to occur, no matter what the initiating event, whether fault or malicious action. The size and other design aspects of SMRs – for example, if they are underground or even underwater, with limited access – may also require fewer on-site security resources, easing cost burden. However, if the adversary aim is to curtail electricity generation, rather than cause a nuclear safety issue, SMRs may offer different opportunities for sabotage. The fear and anxiety in the general population associated with any attack on a civil nuclear site, and the potential curtailing of SMR programmes, could be just as damaging as actual loss of generation.


● Renewables (wind and solar): The wide area characteristic and multiplicity of individual units may seem to spread the risk of sabotage. However, many renewable units are centrally controlled by operational technology, which is vulnerable to sabotage, especially if access control to physical components is poor. Another issue is supply chain vulnerabilities. Some components of turbines are only produced by a handful of suppliers.


30 | September 2025 | www.neimagazine.com


Photovoltaic solar panels rely on inverters, the loss or malfunction of which can result in sudden loss of supply. In May 2025, Chinese-made “kill switches” were found in US solar farms, prompting immediate government response. This was not long after a massive countrywide electricity outage in Spain, likely caused by a sudden loss of solar-generated power.


● Offshore Hybrid Assets (OHAs): Efficiencies can be derived from connecting multiple offshore assets to one node (an OHA), effectively creating a network that can also act as an interconnector. However, mastering complexity and cost by creating nodes can also concentrate risk. Again, this may be controllable when faults and hazards are assessed as part of safety and reliability design, but targeted kinetic or cyberattack may result in different and unexpected outcomes.


● Battery storage: These assets are increasingly important for grid frequency stability, as fewer generation assets with rotational parts, and therefore inertia, are available. On the downside, new BESS are being built quickly and are arguably more vulnerable to sabotage than big traditional power stations.


● Transmission and Distribution: The fire at the North Hyde substation in March 2025 proved two things. First, critical national infrastructure hubs (in this case, Heathrow Airport) could be vulnerable to rare but essentially single-point failures of this scale. Second, data centres connected to the same hub managed to operate as if nothing had happened, due to their built-in power resilience. In May 2025 fires at electricity substations in Nice and Cannes, France, were understood to be started deliberately by single-issue groups, causing significant disruption. Arson is known to be a favoured tactic for hybrid warfare operators, and electricity substations are an obvious target.


● Electricity interconnectors: A more integrated energy system and less reliance on Russian gas in Europe mean that the number of electricity interconnectors is increasing, and these interconnectors are required for data centre operations and planning. They also represent targets for both maritime and land-based sabotage – all interconnectors require a converter station at each end, also controlling flow via operational technology. Redundancy and separation help, but some countries rely more on imported electricity than others, and some geographies have less concentrated undersea cables than others.


● Data interconnectors: Like their electricity cousins, data interconnectors are increasingly at risk from sabotage when run along the seabed. Separation and redundancy help, of course, but this works better as an engineering risk response than as a security strategy.


Government responses ● Defence and National Security: In the maritime


environment, there is a clear need for state intervention to protect critical infrastructure. For example, NATO’s Baltic Sentry operation was in direct response to multiple instances of subsea infrastructure damage, likely part of state-sponsored sub-threshold disruption campaigns. NATO doctrine highlights the need for increased cooperation between infrastructure operators and the military. The UK’s June 2025 Strategic Defence Review (SDR) calls this need out and signposts the need for


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45