Data centers are a popular topic these days. Because of that, they have become prime targets for attacks — not only cyber intrusions but physical threats as well.
“Data centers may exist behind high fences and biometric scanners, but they are far from immune to real-world threats,” says national security expert, Brian Higgins, Founder of Group77.
A former chief of police and director of public safety in New Jersey, Higgins has seen how most of the conversations centered around data center security focus on the cyber aspects: firewalls, software, encryption. But physical vulnerabilities are just as – if not, more so – critical when it comes to safety.
“None of that matters if someone can simply walk through an unsecured door. Physical security isn’t separate from cyber — it’s part of the same threat landscape,” he says.
In this interview, Higgins discusses what a threat landscape is, the physical threats and vulnerabilities of data centers, and how businesses can better prepare by bridging the gap between the cyber and physical.
FacilitiesNet: Data centers are a hot topic these days, which makes them popular targets for aggressions. Can you explain what a data center's threat landscape is?
Higgins: A modern data center sits at the intersection of two threat environments that are often discussed separately: physical and cyber. Understanding the threat landscape requires looking at how those risks differ, where they overlap and why treating one without the other leaves dangerous gaps.
The physical threat landscape: Physical threats are rooted in proximity. They require someone to be near the facility or its supporting infrastructure. What makes them particularly challenging is that they often exploit operational necessities: loading docks, utility corridors, vendor access and emergency systems.
Physical threats are usually localized but high impact. A damaged transformer, severed fiber line or compromised generator can disrupt operations across regions. Recovery often depends on physical repair timelines of hours, days or even weeks.
The cyber threat landscape: Cyber threats are not bound by geography. Attackers can probe, infiltrate and exploit systems from anywhere in the world. These threats tend to be quieter, slower to detect and far more scalable.
Cyberattacks usually focus on network access, authentication systems, management consoles and customer environments, with objectives ranging from data theft to ransomware. Unlike physical attackers, cyberattacks can test defenses repeatedly and pivot across systems once inside.
Cyber threats are often distributed and persistent. An intrusion may go unnoticed for months, quietly harvesting data or mapping systems before causing visible damage.
FN: Where do data center threats converge?
Higgins: The most dangerous scenarios sit at the intersection. A physical breach may enable cyber compromise such as accessing network ports, management consoles or backup systems. Conversely, a cyber intrusion can weaken physical defenses by disabling cameras, access controls or alarm systems.
A data center’s threat landscape is no longer binary. Physical and cyber risks are distinct in execution but intertwined in impact. Treating them as separate disciplines creates blind spots that adversaries are quick to exploit.
FN: Cyberattacks are probably the most common type of violence people think of when it comes to data centers. But physical threats are just as common. What kinds of physical attacks do you see with data centers?
Higgins: As demand for cloud services, artificial intelligence (AI) processing and critical digital infrastructure surges, so does the physical risk. While cyber intrusions dominate headlines, many of the most disruptive incidents begin at the perimeter:
Perimeter breaches and trespassing: One of the most common physical threats involves unauthorized access attempts. These range from curious trespassers and activists to individuals probing defenses for future criminal activity. In some cases, intruders are not seeking immediate entry but are testing response times, camera coverage or patrol patterns.
Theft and vandalism: Copper theft remains a persistent problem, particularly at substations and backup power infrastructure connected to data centers. Vandals have also targeted exterior cabling, cooling equipment and fuel storage tanks.
Vehicle-based incidents: Vehicles have struck perimeter fencing, guardhouses and loading docks, exploiting weak stand-off distances. Even low-speed impacts can disable access control systems or delay emergency response.
Insider threats: Contractors, vendors or disgruntled employees with legitimate access have been implicated in sabotage, theft of equipment and intentional service disruptions. These incidents are often the hardest to detect because they exploit trust rather than force.
Power and utility sabotage: Attacks on electrical substations and fiber routes supporting data centers have increased in recent years. These incidents–sometimes coordinated across multiple locations — can knock facilities offline without ever breaching the main building.
Protests and civil disruption: Community opposition has occasionally spilled into protests that block access roads or attempt to occupy sites. While often nonviolent, these actions can still disrupt operations and pose safety risks.
Unlike cyber incidents, physical attacks can be immediately visible, dangerous to personnel, and costly to repair. A cut cable, damaged transformer or compromised loading dock can halt operations just as effectively as a digital breach, sometimes faster.
Alexis Sheprak is a freelance writer based in Royal Oak, Michigan.
The Looming Threat Landscape for Data Centers
