{"id":29608,"date":"2026-05-06T15:08:06","date_gmt":"2026-05-06T15:08:06","guid":{"rendered":"https:\/\/www.europesays.com\/ai\/29608\/"},"modified":"2026-05-06T15:08:06","modified_gmt":"2026-05-06T15:08:06","slug":"congress-questions-whether-ai-data-centers-should-be-declared-critical-infrastructure","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/ai\/29608\/","title":{"rendered":"Congress Questions Whether AI Data Centers Should Be Declared Critical Infrastructure"},"content":{"rendered":"<p>Last week, the House <a title=\"Homeland Security Jobs\" class=\"aalmanual\" target=\"_self\" href=\"https:\/\/www.clearancejobs.com\/jobs\/dept-of-homeland-security\" rel=\"nofollow noopener\">Homeland Security<\/a> Subcommittee on <a title=\"Cybersecurity Jobs\" class=\"aalmanual\" target=\"_self\" href=\"https:\/\/www.clearancejobs.com\/jobs\/it-security\" rel=\"nofollow noopener\">Cybersecurity<\/a> and Infrastructure Protection heard witness testimony from industry experts on whether artificial <a title=\"Intelligence Jobs\" class=\"aalmanual\" target=\"_self\" href=\"https:\/\/www.clearancejobs.com\/jobs\/intelligence\" rel=\"nofollow noopener\">intelligence<\/a> (AI) data centers should receive a designation as a critical infrastructure sector.<\/p>\n<p>Lawmakers have noted the significance of these operations, which are increasingly playing a role in our daily lives.<\/p>\n<p>\u201cIf a major data center is attacked, disrupted, or taken offline, the consequences can reach far beyond one company or one sector,\u201d Rep. Andy Ogles, R-Tenn., said in prepared opening remarks. \u201cYet our current framework does not provide a clear, unified approach to data center security. It does not clearly answer which federal agency is responsible for understanding the risk, coordinating with industry, or leading the response when this infrastructure is targeted.\u201d<\/p>\n<p>As Cyberscoop reported, one issue is that just three main providers \u2013 Amazon Web Services, Microsoft Azure, and Google Cloud Platform \u2013 now account for 63% of data center market share in the United States.<\/p>\n<p>\u201cThere is no denying that data centers are becoming more critical to the functioning of our existing critical infrastructure, including healthcare, communications, energy, and financial services,\u201d explained Doc McConnell, head of policy and compliance at Finite State.<\/p>\n<p>He told ClearanceJobs in an email that there is likely value in closer coordination among data center owners to share risks and respond to incidents collectively.<\/p>\n<p>However, designating data centers as critical infrastructure may not solve the problem.<\/p>\n<p>\u201cThe 2024 National Security Memorandum on critical infrastructure established a shared responsibility model between the public sector and private owners and operators,\u201d suggested McConnell. \u201cBuilding that collaboration, collectively identifying risks, pooling resources to address them systematically \u2013 that\u2019s where the real value comes from.\u201d<\/p>\n<p>By Any Other Name<\/p>\n<p>One issue is that data centers aren\u2019t seen as anything more than buildings housing many servers. Data centers don\u2019t exude the same level of significance, at least not visually, as power plants, water treatment facilities, or other physical buildings we may equate with critical infrastructure.<\/p>\n<p>That has resulted in data centers being underappreciated, at least until there is an Internet outage or data can\u2019t be accessed. As we increase our reliance on AI, the significance of those buildings needs to change.<\/p>\n<p>\u201cData centers are no longer just IT facilities \u2014 they are strategic infrastructure underpinning AI, cloud services, financial systems, healthcare, communications, and national security. Treating them as critical infrastructure makes sense, but the designation itself is only the starting point,\u201d added Matt Wyckhouse. founder and CEO at Internet security provider Finite State.<\/p>\n<p>Wychokhouse told ClearanceJobs that recent conflict-linked attacks on data center infrastructure in the Middle East, including reported Iranian drone strikes on cloud facilities in the UAE and Bahrain, have already demonstrated that this is no longer a theoretical risk.<\/p>\n<p>\u201cData centers are becoming part of the modern battlespace, where cyber operations, physical attacks, supply-chain compromise, and geopolitical coercion can converge,\u201d Wyckhouse warned.<\/p>\n<p>Yet the bigger issue is that data center risk extends beyond physical security and perimeter cyber defenses.<\/p>\n<p>\u201cThese environments depend on an enormous technology supply chain: servers, networking equipment, firmware, cooling systems, access-control systems, operational technology, cloud software, and the vendors who build and maintain all of it,\u201d Wyckhouse continued. \u201cA serious compromise may not begin with a front-door attack on a hyperscaler; it may begin much earlier in the lifecycle, through a vulnerable component, manipulated firmware, insecure update mechanism, or opaque supplier relationship.\u201d<\/p>\n<p>The Factories of the AI Economy<\/p>\n<p>Just as power plants, water treatment facilities, and even the electrical grid became critical infrastructure, so did they, gradually, from a luxury to a convenience, and finally a key part of daily life. Data centers are now taking a similar course.<\/p>\n<p>\u201cData centers are already critical infrastructure in practice,\u201d said Jacob Krell, senior director for secure AI solutions and cybersecurity at Suzu Labs.<\/p>\n<p>\u201cThe policy debate is just catching up to operational reality,\u201d Krell told ClearanceJobs. \u201cThese facilities are no longer passive real estate where servers happen to sit. They have become part of the operating layer of the modern economy.\u201d<\/p>\n<p>To this end, data centers need to be seen for what they are, added Wyckhouse.<\/p>\n<p>\u201cThey are becoming the factories of the AI economy,\u201d he emphasized. \u201cIf we are going to depend on them for national-scale compute, we should secure them with the same seriousness we apply to energy, telecommunications, defense, and financial infrastructure.\u201d<\/p>\n<p>We already see what happens during an outage. It can be as crippling to modern life as a power outage, bringing some industries to a literal standstill.<\/p>\n<p>\u201cWhen a major facility or shared dependency fails, the impact does not stay neatly inside one company\u2019s environment,\u201d said Krell. \u201cIt can become a broader continuity problem very quickly. A standalone designation can help, but only if it turns vague concern into clear ownership and a response model that works when the incident has outgrown a customer support ticket.\u201d<\/p>\n<p>AI Build Out<\/p>\n<p>Krell also told ClearanceJobs that the AI build-out makes this harder to ignore. More ominously, the threat model is no longer just cyber, either. Physical disruption, geopolitical pressure, operational technology compromise, and cloud outages increasingly converge at the same layer.<\/p>\n<p>That may not be the best way to address the potential threats.<\/p>\n<p>\u201cThe recurring theme in Washington is naming something critical without building the machinery needed to protect it,\u201d said Krell. A sector label only matters if it comes with practical coordination and federal partners that operators trust during a crisis. If agencies like CISA lose capacity while data centers become more strategically important, policymakers trade substance for ceremony.\u201d<\/p>\n<p>Lawmakers need to do more than just designate a data center as critical infrastructure.<\/p>\n<p>\u201cIf policymakers move toward a standalone data center critical infrastructure sector, the focus should be on measurable assurance: knowing what technology is inside these environments, where it came from, how it was developed, whether it contains known vulnerabilities or exploitable weaknesses, and whether operators can produce defensible evidence of security and resilience,\u201d suggested Wyckhouse. \u201cWe need to move beyond voluntary checklists and toward continuous, evidence-based assurance across the full supply chain.\u201d<\/p>\n<p>Risk Management<\/p>\n<p>By contrast, John Carberry, solution sleuth at cybersecurity provider Xcape, Inc., took another approach to the matter, suggesting that \u201cThe move by Congress to designate data centers as a standalone critical infrastructure sector marks a long-overdue transition in federal risk management.\u201d<\/p>\n<p>He explained to ClearanceJobs how Internet-based services have evolved from business conveniences into safety-critical utilities. Yet, the current regulatory framework remains bifurcated between the IT and Communications sectors.<\/p>\n<p>\u201cThis oversight gap is increasingly untenable given that three hyperscalers \u2013 AWS, Azure, and Google Cloud \u2013 now control 63% of the market,\u201d said Carberry. \u201cThis concentration creates a systemic single point of failure where a coordinated cyber campaign or physical sabotage could trigger cascading collapses across healthcare, finance, and government operations.\u201d<\/p>\n<p>Instead, we need to shift data center availability from a localized operational concern to a prerequisite for national security and public safety.<\/p>\n<p>\u201cIn 2026, treating data centers as \u2018non-critical\u2019 is like calling the power grid an optional hobby for people who enjoy light bulbs,\u201d warned Crarberry.<\/p>\n<p>\u201cIf the federal government moves to make this designation, they must follow up by leading a national effort with clear outcomes, action plans, and resource commitments from both the public and private sectors,\u201d said McConnell. \u201cOtherwise, this won\u2019t lead to the strengthened security and resilience that we need.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"Last week, the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection heard witness testimony from industry experts&hellip;\n","protected":false},"author":2,"featured_media":29609,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[24,1395,19429,25,420,7829,2661,19430,16621,19431,320,7828,4528],"class_list":{"0":"post-29608","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-microsoft","8":"tag-ai","9":"tag-amazon-web-services","10":"tag-and-google-cloud-platform","11":"tag-artificial-intelligence","12":"tag-azure","13":"tag-azure-ai","14":"tag-critical-infrastructure","15":"tag-cybersecurity-and-infrastructure-protection","16":"tag-daily-brief","17":"tag-house-homeland-security-subcommittee","18":"tag-microsoft","19":"tag-microsoft-ai","20":"tag-microsoft-azure"},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/29608","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/comments?post=29608"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/29608\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media\/29609"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media?parent=29608"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/categories?post=29608"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/tags?post=29608"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}