Data centers under siege: SIA seeks to close security gaps

SILVER SPRING, Md.—With data center outages making headlines and artificial intelligence (AI) fueling explosive growth, the Security Industry Association (SIA) has launched a Data Center Advisory Board to confront rising risks and redefine security standards. 

“The scope and scale of the industry have gone off the charts,” says inaugural chair Jim Black, senior director and security architect at Microsoft. “It’s time for a dedicated focus on best practices, collaboration and innovation.” 

Why now? 

Data centers have become the backbone of critical infrastructure, powering everything from financial markets to transportation systems. Outages now make headlines – grounding flights, halting stock trades, and disrupting essential services. “So many of these incidents trace back to a data center issue,” Black said. 

The risks are evolving as fast as technology. “The same tools we use to empower the world are empowering adversaries,” he said. Add to that a surge in legislative and regulatory activity around AI, biometrics and data sovereignty, and the need for a unified industry voice becomes clear. 

First-year priorities 

Black outlined the following agenda for the board: 

• Define the ecosystem: Establish common terminology and guardrails for physical, cyber and operational technology (OT) security. 

• Modernize best practices: Develop holistic standards of care for operators, integrators and solution providers. 

• Foster collaboration: Reduce fragmentation by uniting practitioners and vendors. 

• Advise SIA leadership: Provide expert input on events, webinars, technical papers and policy initiatives. 

“Our North Star is a common understanding of the ecosystem and advancing industry thought leadership,” Black said. 

Closing gaps in security standards 

When SIA announced the board’s formation in December, Black emphasized advancing modern security standards – a goal driven by glaring gaps in current guidelines. He cited the American National Standards Institute/Building Industry Consulting Service International (ANSI/BICSI) 002, which includes 45 pages of security best practices that many operators have never seen. 

“First, most providers don’t even know what the standards are,” he said.  

Cybersecurity standards developed by the National Institute of Standards and Technology (NIST) are far ahead of physical security, and OT systems – such as power and environmental monitoring - often run on outdated platforms with little integration.  

“There’s no cohesion between physical, logical, and OT security,” Black said. “Convergence has been talked about for years; actually doing it is the hardest part.” 

Collaboration and inclusivity 

The board includes nearly two dozen representatives from across the ecosystem – manufacturers, technology providers, co-location operators, hyperscalers, integrators, and end users.  

“You can’t just have a hyperscaler perspective – or just a manufacturer’s perspective,” Black said. “We need broad input to avoid bias and ensure credibility.” 

AI: A game changer 

When asked what innovation excites him most, Black didn’t hesitate. “AI,” he said. “The ability to cut out the noise and find anomalies humans cannot detect is a game changer.” 

AI can spot irregularities across thousands of devices, detect credential misuse globally, and even distinguish between a hobbyist drone and a coordinated threat. “Rather than drowning in alerts, operators can focus on actionable intelligence,” Black explained. 

Looking ahead 

Predicting the board’s success over the next three to five years is tough, Black admitted. Still, the vision is clear: publish modern best practices, foster collaboration, influence regulations and elevate awareness of data centers as critical infrastructure. 

“Go big,” Black said. “This is about creating dedicated focus for an area that’s become essential to everything.”