Big Tech’s rapidly-expanding server farms are becoming increasingly tempting targets for ransomware gangs. In their Gadarene rush to be first with AI-based services, companies such as Google and Microsoft are not only abandoning any previous pretences about reducing their greenhouse emissions and energy consumption, they are also inadvertently building increasingly tempting targets for organized cybercriminals and nation-state threat actors.
The online industry’s vast data centers and server farms run on similar operational technology (OT) systems to other industrial facilities. Originally designed to run offline, these systems are notoriously difficult to secure, particularly when they need to interface with newer information technology (IT) systems.
According to Eng. Amir Gil, Chief Revenue Officer at OT cybersecurity firm SIGA: “It is essential for the control room of a data center or server farm to be monitored constantly, given the level and amount of ransomware attacks and the notorious vulnerability of the operational technology (OT) that runs these kinds of facilities.”
He adds: “In August 2023, the building control systems at a data center in Eastern Australia serving Microsoft Azure were disrupted for almost three days – with a high probability of an OT cyber-attack. Five chillers stopped working simultaneously… Temperatures in the data center increased, so Microsoft had to power down a subset of selected compute and storage scale units to avoid damage to hardware. But the fact that the servers went offline resulted not only with loss of revenues but also financial and legal penalties.”
The motive behind such attacks varies and includes attempts to disrupt Western communications by a foreign power and, of course, financial gain. According to a 2023 independent survey commissioned by cybersecurity firm Claroty, 37 percent of respondents said that their organization experienced a ransomware attack within the past year that impacted both IT and OT environments — a 10% increase from the survey results two years prior – a rise Claroty says “should serve as a wake-up call for CISOs.”
Computational power needed for AI doubles every 100 days
Big Tech’s reliance on keeping its vast data centers online is currently growing at an exponential rate. According to industry estimates, the amount of computational power used for AI is doubling roughly every 100 days. A generative AI system may use 33 times more energy to complete a task than it would take with traditional software. This enormous demand for energy translates into surges in carbon emissions and water use and may place further stress on already struggling electricity grids. In 2023, even before the AI boom really began, the International Energy Agency estimated that centers already accounted for 1–1.5 percent of global electricity use and around one percent of the world’s energy-related CO₂ emissions.
According to its annual environment report, Google’s greenhouse gas emissions, for example, have soared by roughly 48 percent since 2019 as a result of “increased data center energy consumption and supply chain emissions.” As a result, Google is now calling its goal to reach net-zero emissions by 2030 “extremely ambitious,” adding that its pledge is likely to be affected by “the uncertainty around the future environmental impact of AI, which is complex and difficult to predict.”
