As the blueprints for new gigawatt-scale data centers continue to take shape in order to support the artificial intelligence (AI) boom, data center technology leaders tasked with achieving operational efficiency and meeting data center sustainability reporting mandates are going to quickly realize that controls ensuring the protection of cyber-physical systems (CPS) must be in place in order to meet those goals.
Data centers face significant security and efficiency impacts from downtime in the event of a CPS-related breach or outage. Meeting uptime service-level agreements requires securing the data center's operational backbone, including power distribution, thermal management, and building systems. These are also the critical systems that ensure operational efficiency and resilience, and inform sustainability reporting. Without adequate CPS protections in place, compliance with sustainability regulations such as the EU’s Energy Efficiency Directive (EED) and the U.S.’s Ratepayer Protection Pledge is threatened.
In this blog, we’ll explain how a CPS protection strategy brings the controls and strategies to maintain operational efficiency and ensure sustainability compliance with energy, sustainability, and governance (ESG) standards is guaranteed. We’ll cover:
The costs of data center downtime and its impact on operational efficiency
3 security controls that help optimize asset efficiency
How AI energy consumption drives sustainability efforts
3 CPS Security Controls Sustainability Officers Should Know
A CPS compromise is a threat to downtime of critical building and environmental management systems, and power and cooling systems—a potentially catastrophic outcome not only for sustainability and operational efficiency, but to a data center’s bottom line. Data center downtime can cost a large facility as much as $9,000 per minute, according to research from backup company Trilio.
Sustainability teams that measure energy consumption, carbon emissions, water usage, and overall environmental impact are reliant on CPS used to measure performance in these areas. Smart internet-of-things (IoT) sensors and monitoring systems should be elevated as critical business systems that must be secure, reliable, and available. Yet many sustainability teams operate in a silo and may not be aware of the importance of CPS protection.
Sustainability teams are key stakeholders, and should be informed on CPS controls as part of a broader strategy that involves not only network security teams, but also data center facilities, building management, line-of-business leaders, and executives. Here are three controls they should be aware of.
Asset Inventory as a First Step for CPS Protection
CPS cybersecurity technology introduces a range of controls to complex physical environments. For data centers, they deliver invaluable contextual insights that IT-oriented security tools cannot match. They start by bringing visibility and asset management capabilities that sustainability tools, data center infrastructure management (DCIM) platforms, and building management systems (BMS) cannot deliver.
These invaluable systems may keep operators informed on data center process performance and the availability and reliability of critical systems, but lack the ability to assess an asset’s risk posture. Sustainability reporting efforts—much like a CPS protection program—hinge on contextual visibility information that goes beyond knowing where an asset is and how well it’s performing.
Deep asset visibility brings contextual device information down to the firmware version, information that lessens the potential impact of a risky exposure. An incomplete asset inventory could also fail to inform operators of unknown or shadow assets, which create a significant blind spot. Any vulnerabilities, weak configurations, or poor access controls would fail to be mitigated or remediated.
Moreover, without deep visibility, it’s near-impossible to have the business-critical context of an asset within the broader CPS environment, a key factor in enabling security teams to effectively assess risks and prioritize remediation efforts. This trickles down to security teams who are responsible for optimizing asset efficiency, which ensures sustainability compliance.
Network Segmentation of Operational Environments
Segmentation is a key compensating control most enterprises rely on to limit lateral movement in the event of a breach. Proper segmentation begins with a complete mapping of communication pathways between assets and eliminates the risks present in flat CPS networks. Segments are then isolated from one another and have distinct access control policies and compensating controls limiting lateral movement between assets. It also limits the risk from inbound and outbound traffic, which should be routed through security systems such as firewalls. Operational efficiency is a key outcome of proper segmentation.
Continuous CPS Monitoring and Threat Detection
The data coming from the operational technology (OT), smart internet-of-things (IoT) assets such as sensors, and DCIM platforms must be available and trustworthy, otherwise EED and other compliance initiatives fail. However, connectivity has introduced an attractive attack surface that threat actors seeking to disrupt critical services at scale could exploit. This is another link between CPS, sustainability, and operational efficiency that must be secured through continuous network monitoring and threat detection.
Many data center CPS are not secure by design. These critical systems may lack authentication, communicate over insecure legacy protocols, or contain exploitable vulnerabilities. CPS such as power distribution units (PDUs), uninterruptible power supplies (UPS), building automation systems, cooling infrastructure, environmental monitoring, and metering systems could serve to give an attacker a foothold inside a data center infrastructure. Continuous monitoring detects and alerts on malicious activities, and signals operators to lock down impacted segments before incidents cause major disruption.
AI Energy Consumption Now Driving Data Center Sustainability
Five gigawatt-scale data center campuses are expected to come online this year, introducing a scale of electricity consumption for each campus that is on par with the output of a nuclear power plant. Driving this hypergrowth among data centers globally is the training and operation of machine-learning models such as large-language models (LLMs) that are at the forefront of artificial intelligence (AI) adoption. Training these models inevitably puts a huge strain on electricity power grids worldwide, which is the catalyst for enhanced sustainability reporting.
DCIM, IoT sensors, BMS, and cooling and resource management are just some of the CPS feeding data into ESG platforms, most of which operate in the cloud where high-performance AI analyzes the inputs and maps facility data into recognized frameworks for reporting around EED compliance, for example.
While CPS security inside data centers is about the protection of physical devices and maintaining uptime, sustainability focuses on operational efficiency and resilience. Keeping attackers off the OT, IoT and CPS infrastructure prevents an attacker from impacting system uptime and reliability—outcomes that can impede not only the bottom line, but also ESG compliance, and utility negotiations with electricity and water providers.
In an era defined by compliance and expanding AI infrastructure, trustworthy sustainability depends on cybersecurity. Protecting operational efficiency is no longer optional—it is a prerequisite for demonstrating resilience, and responsible protection of critical digital infrastructure.
Talk to a Claroty expert to improve data center resilience, its importance on sustainability reporting and how the Claroty Platform can help.
