The growth of data centers — and adversaries’ targeting of them — left lawmakers at a hearing Wednesday contemplating whether the federal government has the right setup for defending them.

Some industry witnesses and experts at the hearing of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection testified that the answer might be to give data centers their own standalone designation as a critical infrastructure sector.

The question of how to secure data centers against cyber and physical attacks coincides with artificial intelligence fuelling a boom in the building of such facilities across the United States. Last month, Iranian drones targeted two Amazon data centers in response to the U.S.-Israel bombing campaign on Iran, and a third data center in Bahrain was struck as well.

“If a major data center is attacked, disrupted, or taken offline, the consequences can reach far beyond one company or one sector,” Rep. Andy Ogles, R-Tenn., said in prepared opening remarks. “Yet our current framework does not provide a clear, unified approach to data center security. It does not clearly answer which federal agency is responsible for understanding the risk, coordinating with industry, or leading the response when this infrastructure is targeted.”

Three providers account for 63 percent of the market share of data centers: Amazon Web Services, Microsoft Azure and Google Cloud Platform. 

The United Kingdom already has deemed data centers as a standalone critical infrastructure sector. Reps. Vince Fong, R-Calif., and LaMonica McIver, D-N.J., asked panel witnesses Wednesday about federal protection of them.

“Given the scrutiny that is required to make sure that those data centers are secure, there would be a benefit in having them work together as a unique coordinating council,” said Robert Mayer, senior vice president for cybersecurity and innovation at USTelecom, an industry group.

The Foundation for Defense of Democracies’ Mark Montgomery suggested a sector that combines data centers and cloud providers, given the overlap in ownership. The 2024 rewrite of a White House national security memo left some experts disappointed that it didn’t designate cloud computing as a critical infrastructure sector. 

Samuel Visner, chair of the board of directors of the Space Information Sharing and Analysis Center, said he agreed, given the role data centers are playing in the U.S. economy, military and other dependencies. “Finding a way to regard them as part of our critical infrastructure and protect them accordingly is sine qua non, absolutely necessary,” he said.

A fourth witness didn’t weigh in on the need for a separate critical infrastructure designation. But Scott Algeier, executive director of Information Technology Information Sharing and Analysis Center, said his organization had created a “special interest group” for data center providers.

“The data centers are integrated already into the critical infrastructure discussions,” he told the panel.

The post Congress, industry ponder government posture for protecting data centers appeared first on CyberScoop.

Cyberattacks reached victims faster and came from a wider range of threat groups than ever last year, CrowdStrike said in its annual global threat report released Tuesday, adding that cybercriminals and nation-states increasingly relied on predictable tactics to evade detection by exploiting trusted systems.

The average breakout time — how long it took financially-motivated attackers to move from initial intrusion to other network systems — dropped to 29 minutes in 2025, a 65% increase in speed from the year prior. “The fastest breakout time a year ago was 51 seconds. This year it’s 27 seconds,” Adam Meyers, head of counter adversary operations at CrowdStrike, told CyberScoop.

Defenders are falling behind because attackers are refining their techniques, using social engineering to access high-privilege systems faster and move through victims’ cloud infrastructure undetected.

“Threat actors are exploiting those cross-domain gaps to gain access to environments, so they’re wriggling in between the seams in cloud, identity, enterprise and unmanaged network devices,” Meyers said. 

Starting from an already disadvantaged position — made worse by faster attacks and living-off-the-land techniques — defenders face burnout, stress and other factors that can lead to mistakes, he added. 

The myriad sources of these problems are spreading, too. 

CrowdStrike tracked 281 threat groups at the end of 2025, including 24 new threats it named throughout the year. Researchers at the cybersecurity firm are also tracking 150 active malicious activity clusters and emerging threat groups.

Cybercriminals seeking a payout and nation states committing espionage or implanting footholds into critical infrastructure for prolonged access are increasingly seizing on security weaknesses in cloud-based environments to break into victim networks. 

These cloud-focused attacks have seen a reported 37% year-over-year increase, with a 266% surge in this activity from nation-state threat groups.

The vast majority of attacks detected last year, 82%, were free of malware — highlighting attackers’ enduring shift toward hands-on-keyboard operations and the abuse of legitimate tools and credentials, CrowdStrike said in the report. More than 1 in 3 incident response cases involving cloud intrusions last year were linked back to a valid or abused credential that granted attackers access, according to CrowdStrike. 

Attacks originating from or sponsored by North Korea increased 130% last year, while incidents linked to China jumped 38% during the same period.

Chinese threat groups achieved immediate system access with two-thirds of the vulnerabilities they exploited last year, and 40% of those exploits targeted edge devices.

Zero-day exploits — especially defects in edge devices such as firewalls, routers and virtual private networks — allowed nation-state and cybercrime threat groups to break into systems, execute code and escalate privileges undetected.

CrowdStrike said it observed a 42% year-over-year increase in the number of zero-day vulnerabilities exploited prior to public disclosure last year. 

Meyers said he expects that number to grow further, predicting an explosion of activity from attackers using artificial intelligence to find and exploit zero-day vulnerabilities in various products during the next three to nine months.

CrowdStrike’s annual global threat report is full of figures moving in the wrong direction, yet the most worrying finding for Meyers comes down to attacker speed.

“The speed at which we’re seeing these breakout times accelerate is one of the markers,” he said, adding that it’s only a matter of time before the fastest attacks drop down to seconds, if not milliseconds.

The post CrowdStrike says attackers are moving through networks in under 30 minutes appeared first on CyberScoop.

When a pair of high-profile internet outages took down large chunks of the internet last month, the events briefly brought hundreds of organizations to a near-halt and prevented millions of users from accessing core services for everyday business needs. 

From Starbucks to crypto exchanges to the messaging app Signal, the outages rippled across nearly every sector, shining a spotlight onto the country’s — and even the government’s — reliance on a mere handful of cloud service providers. 

In the wake of those incidents, watchdog groups are calling on federal regulators to scrutinize the role that massive cloud companies like Amazon and Microsoft play in owning and maintaining much of our collective backend IT infrastructure. 

Meanwhile, technology and cybersecurity experts point out that, because of financial and business realities, there are very few alternatives to the large companies that now dominate the market. 

The Amazon Web Services outage began Oct. 19 and lasted into Oct. 20. According to Amazon’s post-mortem, a single software bug in DynamoDB — the system that manages website addresses, along with efforts to repair it — caused all services in the Northern Virginia region that relied on the tool to go down for 15 hours.  

Just over a week later, Microsoft’s Azure cloud platform experienced an outage impacting several of its services. According to Microsoft, an “inadvertent tenant configuration change” occurred in Azure Front Door, the company’s content delivery network. 

The outages exposed just how fragile the country’s digital infrastructure is and showed the risks of letting a few companies hold so much power.  As a result, some groups are urging federal regulators to address the issue. 

Concerns over corporate consolidation abound

In a letter to the Federal Trade Commission, a coalition of advocacy groups — including Public Citizen and the Tech Oversight Project — said AWS’s hours-long outage Oct. 19 illustrated the country’s “precarious overreliance” on a small number of CSPs. 

“The cloud services market that is foundational to this digital infrastructure is dominated by just a few players, with Amazon dominating the industry. Many firms, financial institutions, telecoms,  and government bodies rely on these cloud service providers — and often solely on a single one,” the letter to FTC Chair Andrew Ferguson stated. “That precarious overreliance is compromising our nation’s security and commerce, as the October 19 global outage vividly illustrated. “

The FTC has focused on Amazon’s business practices in prior years. Earlier this year, the agency required the company to pay a $1 billion civil penalty and provide $1.5 billion in refunds to customers as part of a settlement related to its Prime subscription service.

The letter regarding Amazon Web Services, shared first with Scoop News Group, asks Ferguson to explain how the FTC is responding to the specific outage and to the larger economic and security risks. 

“We ask you to swiftly conduct a market structure review of leading cloud services providers, including but not limited to Amazon, to assess how their market dominance and use of monopoly power to stifle competition is creating systemic fragility across industries,” the letter stated.

The groups asked that the probe cover the dependencies that critical infrastructure sectors like telecommunication and government services have on any single cloud provider, along with the risks this could have on data security, privacy and consumer protection. 

Other signatories to the letter include the Center for Economic Integrity, the American Economic Liberties Project, and NextGen Competition, among others. The FTC did not respond to a request for comment. 

The reality of consolidated cloud infrastructure

The advocacy letter comes as technology and cybersecurity experts have raised similar concerns about a few companies controlling most of the internet’s infrastructure.

Meredith Whittaker, CEO of Signal, said users were surprised to learn that the encrypted messaging app ran partly on AWS infrastructure — but she believes they shouldn’t have been.

She explained in a post on Bluesky that the surprise from users “indicates that the extent of the concentration of power in the hands of a few hyperscalers is way less widely understood than I’d assumed.” 

Whittaker pointed out that the reality for Signal — and virtually every other online business — is that running these services requires extremely expensive infrastructure and specialized expertise to work as intended. Those resources are almost entirely concentrated among large corporations with the money and capacity to support and sustain such infrastructure. 

Instead of managing their own data centers, many companies and federal agencies have simply been “renting capacity” from Amazon, Microsoft and others, according to Benjamin Lee, a computer and information science professor at the University of Pennsylvania.

“All of that is very efficient. Much more efficient than what individual or private companies or smaller data centers can do,” Lee said. “With so much compute moving into the cloud, that has created, to some extent, a single point of failure.” 

Amazon’s post-mortem essentially speaks to that consolidation, detailing a dizzying array of different data center clusters, technologies, hardware, bespoke tooling and expertise across multiple internet domains that can’t be easily duplicated without tremendous resources.  

“The question isn’t ‘why does Signal use AWS?’” Whittaker wrote on Bluesky. “It’s to look at the infrastructure requirements of any global, real-time mass comms platform and ask how is it that we got to a place where there’s no realistic alternative to AWS and the other hyperscalers?”

One expert, a senior architect and cybersecurity adviser who works with hyperscalers, endorsed Whittaker’s points about the private sector’s collective reliance on Amazon, Microsoft and other hyperscale cloud companies.

However, the executive, who requested anonymity to candidly discuss their work, noted that there are few organizations capable of duplicating these backend functions at scale while remaining profitable. 

Indeed, part of the market dominance companies like AWS enjoy is also because they’re able to process massive volumes of internet and financial transactions that underpin billions of dollars of economic activity every day. 

“Sometimes when something like this happens, there’s a bunch of backseat, Monday-morning-quarterback types that are like, ‘oh, you know, if this were me and it was my data center,’” the executive said.

“First of all, stop: Your data center can have maintenance windows like 6 a.m. on Sunday morning,” they continued. “These guys can’t; they don’t have outages. They are built at a scale that is staggering.”

That argument was shared by Nicholas Weaver, a senior researcher focused on network security at the International Computer Science Institute, who said that the relative rarity of major outages like the kind experienced by AWS and Azure in recent weeks is the exception that proves the rule.

“Being down for 6 hours once every 2 years+ is damn near [perfect] reliability (99.99% uptime),” Weaver wrote about AWS. “Certainly 10x better than the edge network I use to connect to it.”

The hyperscaler adviser largely agreed with that perspective, telling Scoop News Group that AWS and Azure handle countless IT tasks for businesses, from backups to security fixes and maintenance. In return for rare outages, companies get instant access to top technology and expertise they couldn’t afford on their own.  

“Yeah, our options are limited, but on the other hand I kind of view this as: 10 years ago, I was fine running my own mail server as sort of a hobbyist,” the executive said. “You’d be an idiot to do that today, because you need such deep resources on IP reputation, on anti-DDoS [and other specialties] that you need the cloud players of the world.”

Security gaps exist

Beyond the risks of technical glitches leading to mass outages, some cybersecurity researchers worry that this same complexity could also be exploited by malicious actors to cause widespread internet disruption.

A quarterly threat report released last week by DigiCert, a company that provides validation services for digital certificates like Transport Layer Security (TLS) and Secure Socket Layer (SSL), looked at trillions of network events across their different platforms and noted that large-scale disruptive attacks targeting internet infrastructure appears to be getting more common.

Between July and August, the company faced two distributed-denial-of-service attacks with massive, “tsunami”-like scale: one flooded traffic at 2.4 terabits per second while the other topped out at 3.7 terabits per second.

Michael Smith, DigiCert’s chief technology officer for application security, said that “while most DNS activity remains healthy, operational anomalies surfaced at scale.”

“These anomalies — typically caused by misconfigured resolvers or automated scanning but sometimes a symptom of scanning or an attack — highlight how small inefficiencies can ripple globally through interconnected systems,” he added.  

Meanwhile, the U.S. continues to struggle with Chinese hackers infiltrating its critical infrastructure. Many U.S. officials and experts worry China could launch cyberattacks if the U.S. responds to a potential invasion of Taiwan. The small number of tech companies responsible for the cloud ecosystem could be a target for malicious hackers in an effort to cause prolonged widespread outages. 

How an outage could impact federal agencies 

The letter to the FTC also raised concerns about government agencies’ potential reliance on cloud service providers, particularly during outages — even as the impact of those outages on federal services remains unclear. 

AWS and Microsoft are two of the biggest cloud providers for government agencies. Both companies offer special government cloud services with extra security for sensitive data. For example, AWS has GovCloud and Microsoft has Azure Government — each with regions that are “physically isolated” from their standard commercial cloud systems to better protect government information.

The post-outage report for AWS did not mention GovCloud as one of the impacted regions and the GovCloud online health dashboard shows no disruptions on Oct. 19. An AWS spokesperson later confirmed GovCloud was not impacted. 

While GovCloud appeared shielded from impact, speculation swirled online that some federal workers’ functions may still have been affected. A source familiar with the IT government contracting space told Scoop News Group that AWS’s commercial cloud is often used and preferred by federal agencies, even when GovCloud services are offered.

“For standard, civilian government use cases and workloads, there’s frankly not a compelling reason to use GovCloud most of the time,” the source said, speaking on the condition of anonymity. “It’s more expensive and has fewer features than the commercial offering, and updates to common features happen sometimes months ahead of GovCloud.”

The four U.S. regions of the standard, commercial AWS cloud have received a Provisional Authority to Operate (P-ATO) at the moderate impact level under FedRAMP. As a result, the commercial version can be used when the work in question does not require the higher compliance levels that GovCloud offers, another source familiar with AWS platforms said. 

Like AWS, Microsoft’s Azure Government platform also uses physically isolated data centers and networks in the U.S. only. Microsoft’s preliminary outage report does not include Azure Government on the list of impacted services. When asked about both the corporate consolidation concerns and the government impacts, a Microsoft spokesperson pointed Scoop News Group to the company’s statement about the Oct. 29 outage. 

James Rodd, a senior principal cloud architect at SAIC, also speculated that there could be additional security risks since the outage occurred during a government shutdown. 

“We happen to be in a very precarious situation right now with the government shutdown, where the agencies that should be watching this are lower-staffed,” said Rodd, who served as an enterprise cloud architect at the Federal Emergency Management Agency for three years before joining SAIC. 

Amid speculation over the outages, conversations about corporate consolidation also seeped into the government tech sector. 

Timothy Edgar, who served as a national security official in the Obama administration, said the topic is often complicated and requires government oversight. There are “real advantages” to the size of companies like Amazon, including giving customers the ability to “scale up quickly” and gain access to essential cybersecurity tools.

“I wouldn’t say that the fact that there are a few big cloud providers is necessarily a bad thing, but it does create problems with having a big company when something does go wrong,” Edgar said. “Just with any big industry that’s really essential to national security, the government has an important role in holding these industries accountable.”

This story was updated Nov. 5, 2025, to include an AWS response to a request for comment, correct the timing of the Oct. 19-20 AWS outage and clarify that the 2023 FTC antitrust suit was against Amazon’s retail division.

The post With each cloud outage, calls for government action grow louder  appeared first on CyberScoop.

Beau Bullock // Overview The traditional methodology of a remote attacker who has no preconceptions of a target network used to be fairly static. With organizations moving to “the cloud”, […]

The post Storm Chasing: How We Hacked Your Cloud appeared first on Black Hills Information Security, Inc..