Congress and Industry Debate Federal Protection for Data Centers as Threats Rise

The rapid expansion of data centers—and the increasing targeting of these facilities by adversaries—prompted lawmakers on Wednesday to question whether the federal government is adequately equipped to defend them.

At a hearing held by the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, industry witnesses and experts testified that a potential solution could be the creation of a standalone critical infrastructure sector specifically for data centers.

AI Boom and Rising Threats Fuel Urgency

The discussion comes as artificial intelligence drives a surge in data center construction across the United States. Meanwhile, recent attacks have underscored the vulnerabilities of these facilities. Last month, Iranian drones targeted two Amazon data centers in the U.S. in retaliation for the U.S.-Israel bombing campaign on Iran, and a third data center in Bahrain was also struck.

“If a major data center is attacked, disrupted, or taken offline, the consequences can reach far beyond one company or one sector. Yet our current framework does not provide a clear, unified approach to data center security. It does not clearly answer which federal agency is responsible for understanding the risk, coordinating with industry, or leading the response when this infrastructure is targeted.”

Rep. Andy Ogles, R-Tenn.

Market Dominance and Global Precedents

Three companies control 63% of the data center market: Amazon Web Services, Microsoft Azure, and Google Cloud Platform. The United Kingdom has already classified data centers as a standalone critical infrastructure sector.

During the hearing, Reps. Vince Fong, R-Calif., and LaMonica McIver, D-N.J., pressed witnesses on federal protections for data centers.

“Given the scrutiny that is required to make sure that those data centers are secure, there would be a benefit in having them work together as a unique coordinating council.”

Robert Mayer, senior vice president for cybersecurity and innovation at USTelecom

Proposals for a Combined Sector

Mark Montgomery of the Foundation for Defense of Democracies suggested merging data centers with cloud providers into a single critical infrastructure sector, citing overlapping ownership. The 2024 update to a White House national security memo disappointed some experts by not designating cloud computing as a critical infrastructure sector.

“Finding a way to regard them as part of our critical infrastructure and protect them accordingly is sine qua non, absolutely necessary.”

Samuel Visner, chair of the board of directors of the Space Information Sharing and Analysis Center

Alternative Perspectives on Critical Infrastructure

Not all witnesses supported a separate designation. Scott Algeier, executive director of the Information Technology Information Sharing and Analysis Center, noted that his organization had formed a “special interest group” for data center providers. He added, “The data centers are integrated already into the critical infrastructure discussions.”

The hearing highlighted the ongoing debate over how best to secure a sector that has become vital to the U.S. economy, military, and national security.