Join War on the Rocks and gain access to content trusted by policymakers, military leaders, and strategic thinkers worldwide.
The most decisive infrastructure of the twenty-first century isn’t an aircraft carrier floating in the Pacific or buried in a missile silo. It hums quietly inside the walls of a data center.
These sprawling facilities now anchor military power, economic clout, and geopolitical leverage. But they were never designed for an era defined by great-power competition, cyber sabotage, and the relentless demands of AI. Their enormous energy footprint and physical vulnerability leave them both indispensable and exposed.
Data centers are no longer just commercial utilities. They are strategic assets. Recognizing them as such means building doctrine, policy, and investment equal to their weight in global power.
Here, I will explore how data centers moved from commercial utilities to national security assets, why current defenses leave them exposed, and what has to change to harden them in an era of accelerating global competition.
The Digital Front Line
New operations demonstrate a new reality where adversaries view cloud infrastructure as both operational terrain to be seized and critical vulnerabilities to be exploited for maximum strategic disruption.
In April 2024, the Kyiv Independent reported that Ukrainian hackers tied to the group Blackjack and the Security Service of Ukraine took down the OwenCloud.ru datacenter, destroying 300 terabytes of data and disrupting operations across Russia’s aerospace, oil and gas, telecommunications sectors — and even its military. The attack came in response to Russian attacks on Ukrainian digital infrastructure that have been occurring since the start of the war, most notably the attack on Ukraine’s biggest mobile operator Kyivstar — underpinning the criticality of attending to threats in the cyber realm that states are waging on a constant basis.
South Korea created its Defense Integrated Data Center to centralize the management and operation of national defense computer systems. Operated directly under the Ministry of National Defense, it consolidates more than a thousand systems from the Army, Navy, Air Force, and the Ministry itself, replacing previously dispersed military computer centers with a centralized hub for more efficient management and maintenance. North Korean hackers breached the streamlined facility in 2016, pilfering approximately 235 GB of classified files.
Fiber and Fire
Aside from cyber operations, the risk of physical attacks on such sensitive and vulnerable infrastructure remains high despite the lack of precedent. It is not hard to imagine attacks similar to Ukraine’s Operation Spiderweb targeting data centers. The 2021 OVHcloud data center fire in France demonstrated what could happen should physical damage occur at a data center. The physical disaster caused by equipment failure knocked out approximately 3.6 million websites. Without redundancy strategies, a data center can present a single source of failure and an infrastructure bottleneck with a wide array of societal impacts.
As data centers expand worldwide, so too do the fiber connections that connect them, sprawling across continents and seas like vast spiderwebs. Undersea fiber-optic cables are increasingly becoming targets as geopolitical tensions increase. Cables were severed in the Baltic Sea under suspicious circumstances near Sweden in 2023 and again in 2024, allegedly by Russian and possibly Chinese ships using anchor drags. Earlier this year, Sweden responded to a cable severance between Latvia and Sweden with an investigation and vessel seizure. Also this year, Taiwan detained the vessel Hongtai, suspected of destroying cables connected to the Penghu islands among several recent incidents both on land and undersea occurring worldwide within just a few years. The sabotage of such infrastructure can cost millions per incident. A 2006 earthquake in Taiwan destroyed a significant number of undersea cables, which took 49 days to repair, slowing regional trade and cratering the revenues of service providers.
Supply Chains, AI, and the Private Industry Dilemma
These vulnerabilities are also compounded by the dominance of private industry, such as Amazon, Microsoft, Oracle, and Google, in hosting national security workloads, including the Department of Defense’s Joint Warfighting Cloud Capability. While U.S. military doctrine aspires to full-spectrum dominance – control across land, sea, air, space, and information — it does not have a fully defined operational model for infrastructure owned and operated by profit-driven entities. This gap introduces legal ambiguity, procurement complexity, and strategic exposure, as mission-critical capabilities increasingly depend on corporate service-level agreements rather than state-directed doctrine. As a result, national interests risk being subordinated to commercial uptime thresholds and cross-border compliance regimes.
The rapid evolution of AI has shifted the battleground from traditional military assets to computational infrastructure, with data centers emerging as critical national security assets. Countries are investing billions in hyperscale facilities filled with GPU clusters and AI chips, recognizing that computational capacity now translates directly into geopolitical power. The ability to scale resources and sustain continuous model training determines who leads in autonomous systems, cyber warfare, and innovation. Nations unable to secure this infrastructure risk falling behind economically and militarily, dependent on those who control superior computing power.
As U.S.-Chinese trade tensions show, technology remains both the driver and the focal point of decoupling. China’s export controls on critical minerals have disrupted supply chains for U.S. data center developers, delaying projects and raising costs. Beyond rare earths, Beijing has restricted other essential materials and processing technologies, effectively weaponizing the supply chain. These inputs are indispensable for semiconductors, cooling systems, power components, and structural infrastructure — making data centers acutely vulnerable to global shifts.
The Need for Doctrine
What’s missing is a doctrinal framework that treats data centers as operational terrain in their own right. Just as AirLand Battle began as a contested set of operational concepts that only later matured into a formal doctrine integrating air and ground forces into a unified theater concept, the United States should begin developing a “digital terrain doctrine.” This would not be a purely military effort, but a joint endeavor across the Department of Defense, civilian agencies, and private industry. Such a doctrine, refined on the military side through the Doctrine, Organization, Training, Materiel, Leadership, Personnel, Facilities process and informed by wargaming and operational testing, would blend cyber operations, infrastructure defense, cloud-based command systems, and kinetic risk considerations. Its role would be to define responsibilities and operational principles while guiding the integration of deterrence, redundancy, and strike capabilities across the digital-physical divide.
Vulnerabilities are increasingly being acknowledged at the highest levels. From the Cybersecurity and Infrastructure Security Agency’s Secure Cloud Business Applications framework to detailed evaluations by the U.S. Government Accountability Office on the state of operational technology, both government and industry are beginning to confront the reality that data centers are exposed on multiple fronts. But nobody is ready. The growing complexity and centrality of data centers in global infrastructure make them not only attractive targets but also critical pressure points in geopolitical and economic competition.
A comprehensive digital terrain doctrine should establish specific operational concepts that treat cloud infrastructure as contested battlespace. The doctrine should define distributed resilience operations, including multi-cloud redundancy requirements, automated failover protocols between commercial and government resources, and “cloud burst” capabilities to rapidly scale during emergencies. A computational deterrence framework would establish clear escalation thresholds for responding to cloud infrastructure attacks, distinguishing between routine cyber intrusions and acts warranting kinetic response, while pre-positioning defensive capabilities across allied networks. Finally, the doctrine should codify public-private integration protocols, including standardized military-commercial cloud interfaces, emergency nationalization procedures for critical resources, and supply chain security standards mandating domestic sourcing for essential infrastructure components.
The lack of clear legal and strategic frameworks governing cyber operations, including preemptive action against adversary cloud infrastructure, has created significant uncertainty, underscoring the need for such frameworks to better inform future doctrine. Current ambiguity leaves critical questions unanswered: Does a preemptive cyber strike against a Chinese hyperscale data center hosting military AI training constitute an act of war, a necessary deterrent, or a proportionate response to supply chain warfare? Without clear legal authorities and operational thresholds, such decisions default to ad hoc crisis management, inviting miscalculation and escalation. The doctrine should articulate how to operate within established legal and strategic frameworks when cloud infrastructure becomes a legitimate military target, and establish proportionality guidelines for cyber responses to non-kinetic attacks on U.S. digital infrastructure. It should also clarify how distinctions should be maintained between government-owned facilities and commercial clouds hosting adversary capabilities. This requires congressional authorization for specific categories of preemptive cyber operations, international coordination to establish norms around cloud infrastructure targeting, and clear rules of engagement that military commanders can execute without real-time legal consultation during time-sensitive crises.
This doctrine cannot remain an academic exercise. It should be rapidly implemented through joint military-industry exercises, congressional authorization of preemptive cyber authorities, and the establishment of a unified command structure that can execute coordinated responses across the digital-physical divide. Without this foundational framework, America’s growing dependence on cloud infrastructure will remain a strategic liability rather than a competitive advantage.
Strategic Implementation Framework
Data centers have evolved from back-end infrastructure into the primary battlespace of 21st-century competition, yet the United States and its allies remain in a reactionary posture. A comprehensive digital terrain doctrine would establish measurable resilience benchmarks: mandatory data sovereignty standards requiring mission-critical government workloads to remain within hardened cloud zones on U.S. soil, kinetic redundancy models that distribute computational capacity across geographically dispersed facilities immune to single-point failure, and microgrid integration to ensure sustained computational resources during national emergencies when traditional power grids face disruption. These metrics should be embedded into federal procurement policy, extended to allied infrastructure through joint cyber defense agreements, and enforced through hybrid public-private partnerships that balance commercial innovation with strategic control. Without such concrete implementation frameworks, America’s growing computational dependence will remain a strategic liability exploited by adversaries rather than the competitive advantage it should represent. The question is no longer whether data centers belong in national security planning — it’s whether we will secure them before or after the next crisis forces our hand.
Alex Rough is a cloud systems engineer and writer whose work explores the intersection of digital infrastructure, the environment, national security, and strategic competition. He has worked in the data center industry for over a decade and was featured in a BBC documentary on the environmental impact of data centers. He lives in the Washington, D.C. area.
Image: ESO via Wikimedia Commons.
