Investment in AI infrastructure is booming globally as organizations look to build the strong foundations necessary for an AI-powered economy. Data centrers can handle vast volumes of data traffic with minimal latency, making them indispensable in realizing the true potential of AI. Multiple stakeholders, including tech giants, investment firms and government bodies are betting big when it comes to AI and the underlying infrastructure. For example, SK Telecom has vowed to create an “AI infrastructure superhighway, " including constructing gigawatt-scale data centers across Asia and the Pacific.
The scale of this growth is not to be underestimated. According to analysis from McKinsey, global demand for data center capacity could rise at an annual rate of between 19 and 22 percent from 2023 to 2030, meaning that to meet demand, at least twice the data center capacity built since 2000 would have to be built in less than a quarter of the time.
Founder and CEO of Post-Quantum.
Key security risks
Much like any other investment, this infrastructure will require protection from cybersecurity threats. As data centers become increasingly indispensable, they become more of a target, allowing cybercriminals to disrupt operations, access data and steal valuable outputs.
Many have already started to recognize the significant threat that cybercriminals pose to data centers. For example, the UK government announced in September that data centers powering the economy will be designated as Critical National Infrastructure (CNI) alongside energy and water systems. This designation will allow the government to support the sector in the event of critical incidents, minimizing impacts on the economy.
Threats to AI infrastructure will be amplified by the emergence of quantum computing. Quantum computers will not be superior to classical computers in every application, but they will vastly increase our ability to compute and break existing public key cryptography protocols, widening the threat vector facing data centers.
Overall, there are three main areas of risk:
- Compromising data: Much of the data used to generate results from an AI model comes from Operational Technology (OT) systems. These systems, traditionally isolated from external networks and almost like a "forgotten" sub-sector, now face heightened vulnerability to cyber threats in the form of both tampering on-site and attacks enabled through their connectivity to IT networks. Any compromise of the source data in these systems risks reducing the integrity of AI-generated outputs, as manipulated data can produce misleading results.
- Intercepting data: In transit, source data and AI outputs are vulnerable to interception and theft, enabling adversaries to access knowledge without detection. “Harvest Now, Decrypt Later” in which data is stolen for future decryption when decryption capabilities improve, poses a substantial threat. Adversaries may be able to gain the upper hand by intercepting confidential strategies, ideas and technical knowledge created by AI.
- The threat of unauthorized access: Advancements in AI allow for the creation of sophisticated and convincing deep-fakes, which can facilitate real-time impersonation. As computational power continues to increase, traditional identity and access management systems risk becoming obsolete. This presents a critical challenge for securing the valuable outputs generated by AI, as unauthorized access to these outputs can occur even within an encrypted system if attackers acquire the necessary credentials. Establishing protective measures.
To minimize these risks, data center stakeholders must take concrete steps to increase the physical and cyber security of their investments. These measures should be integrated at the earliest possible stage to ensure that AI infrastructure is secure by design.
- Zero trust architecture: Data centers should be equipped with a Zero-Trust Architecture, which will ensure that inherent trust in the network is removed, the network is assumed hostile and each request is verified based on an access policy.
- Physical security: It's important to restrict access to crucial infrastructure with systems like surveillance cameras, on-site biometric authentication, and perimeter fencing to avoid physical tampering. Being positioned in a remote and isolated location can also eliminate many physical threats.
- Crypto agility: Secure encryption protocols are vital to protecting data during transmission and the rise of quantum computing means that current cryptographic methods will be inadequate. Next-generation cryptography, employing a combination of existing algorithms and post-quantum algorithms, is essential to enhance data security while ensuring system interoperability. By designing systems that are inherently quantum-safe, flexible, and backward-compatible, organizations can protect confidential information.
- Multi-factor biometrics: Effective access management protocols are crucial to safeguarding AI-generated outputs. Implementing rigorous Multi-Factor Authentication (MFA) and, ideally, Multi-Factor Biometrics (MFB), restricts access to authorized users only. Regular employee training on secure protocols and phishing prevention can also prevent breaches - employees should be equipped to identify schemes and recognize potential signs of deep-fake threats, which can now be synthesized near real time.
Future-proofing the AI economy
As the AI economy continues to grow, it is essential for stakeholders to prioritize comprehensive security measures to safeguard critical infrastructure such as data centers. Securing AI systems protects strategic AI-generated assets, ensuring that investments yield the intended competitive advantage rather than allowing outputs to fall into the hands of adversaries, who will be able to front-run the rightful data owner without spending the same capital investment. To truly capitalize on AI’s potential, organizations must ensure that this infrastructure is secure by design and can withstand future threats, including those enabled by the development of quantum computers.
We've featured the best encryption software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
