Why Data Centers Must Be Classified as Critical Infrastructure in the AI Era

Data Centers Under Siege: A New Era of Strategic Risk

Missile and drone attacks that disabled cloud data centers in the Middle East have exposed a critical vulnerability in the modern economy: an over-reliance on digital infrastructure that underpins competitive advantage, operational continuity, and national security for corporations, nations, and militaries. The resulting outages and downstream disruptions served as a stark preview of a new form of strategic and operational risk.

Data centers have long been the backbone of the digital economy. What is changing is the scale of dependence as artificial intelligence (AI) workloads dramatically increase the compute power required to run businesses, supply chains, and national security systems.

AI’s Role in Warfare and National Security

Artificial intelligence has evolved beyond business applications and now sits at the core of warfare and national security. Last month, The New York Times reported that AI is “totally integrated” into intelligence collection, strategic decision-making, and military operations. Even when AI models are not directly firing weapons, AI-enabled analysis plays a central role in how modern militaries gain visibility, uncover insights, and drive action.

This shift is critical because it redefines what should be considered critical infrastructure. If AI is a competitive advantage for companies and a battlefield advantage for warfighters, then the infrastructure that trains, hosts, and runs AI becomes a high-value target. Attacks on this digital infrastructure can inflict more than financial damage—they can slow decision-making, degrade logistics, and reduce military effectiveness without ever engaging a conventional force.

From Cyber Espionage to Physical Attacks: A Shift in Warfare Tactics

Historically, nation-state campaigns targeting data centers and service providers focused on cyber intrusions for espionage or pre-positioning. What is different now is the emergence of physical attacks on digital infrastructure during active conflict.

Russian military intelligence has been linked to campaigns aimed at digital infrastructure and managed services, often as part of a supply chain attack to compromise organizations at scale. Iran-aligned groups have repeatedly demonstrated a willingness to target private sector entities to advance geopolitical goals. In many cases, the objective was access: steal data, implant persistence, map networks, and maintain a foothold for future espionage or disruption.

What’s clearer now than ever before is that data centers and the AI workloads they support have become so vital to modern society that adversaries will seek to degrade or destroy their efficacy as a tactic of both kinetic and cyber warfare.

Real-World Disruption: The Case of Stryker’s Cyberattack

We have already seen how quickly a digital incident can escalate into real-world disruption. On March 11, reports surfaced of thousands of servers and endpoints wiped inside Stryker, a U.S.-based medical device manufacturer. A hacktivist group sympathetic to Iran, known as Handala, claimed responsibility.

The incident reportedly halted Stryker’s global production after attackers accessed its Microsoft environment and issued a wipe command via Intune. Even without a single missile, the outcome resembled strategic disruption: operations stopped, and downstream customers felt the impact.

Operational Resilience: A Board-Level Priority in the AI Era

For business leaders, the imperative is clear: treat operational resilience as a board-level priority in the AI era. In the world of corporate IT, cybersecurity traditionally prioritizes confidentiality—preventing the theft of sensitive information. Resilience, however, is a different discipline. It is the ability to sustain operations despite disruptions, ensuring that businesses, supply chains, and national security systems remain functional in the face of adversarial attacks.