Securing the Next Generation of Data Centers: Integrating Cybersecurity and Operational Technology Resilience from the Ground Up

Data centers sit at the heart of the digital economy, fueling everything from cloud platforms to artificial intelligence (AI)-driven innovation. The challenge today isn't just keeping facilities running - it's ensuring they are optimized, secure, resilient and scalable.

By embedding cyber resilience into every phase of design, delivery and operation, Jacobs enables data centers to become intelligent, self-defending infrastructures that power the digital economy with confidence.

Cybersecurity is a critical element of our data centers-focused Digital Program Management Office, a key service line where we bring together security, digital engineering and advanced analytics to deliver integrated digital architectures ready for the next generation of AI and cloud workloads.

Modern data centers require orchestration between the "front-line" area that houses server racks and performs the active compute - known as white space - and the supporting area that contains electrical infrastructure and provides reliable power and cooling to the white space - known as gray space. As facilities evolve to support AI, high-performance computing and quantum workloads, these operational environments have become more complex than ever. What were once simple direct digital controls have grown into interconnected ecosystems of programmable logic controllers, Data Center Infrastructure Management (DCIM) platforms, on-site power systems and advanced building automation tools. These converging systems blur the boundaries between white space (compute and storage) and gray space (electrical infrastructure) and open new pathways for cyber threats targeting OT systems to reach IT networks and sensitive data.

Bridging IT and OT for resilient operations

Driven by global energy and water challenges, next-generation data centers are becoming holistic ecosystems where IT and OT systems operate as one. Power management, cooling and environmental monitoring - once isolated - are now embedded within shared IT architectures. Graphics Processing Units (GPUs) and computing assets rely on these interconnected systems for stability and performance.

This convergence calls for a new approach to cybersecurity - one that blends IT's agility and software-driven innovation with OT's reliability, safety and lifecycle discipline.

Jacobs' cyber and OT teams bridge these worlds through integrated design and operations. We combine secure network architectures, managed defense services and compliance capabilities to build resilience from the concept phase of the engineering lifecycle through commissioning and operations and maintenance (O&M).

Designing, securing and operating next-generation data centers

Jacobs brings an end-to-end approach that ensures security and reliability are built into every stage of the data center lifecycle.

Secure design and integration

Jacobs' secure IT/OT segmented network designs integrate Supervisory Control and Data Acquisition (SCADA) and Building Management Systems (BMS) within tailored zero-trust architectures. By applying Consequence-driven, Cyber-informed Engineering (CCE) principles and network micro-segmentation, we prevent lateral movement between OT and IT networks while enabling seamless integration of Industrial Internet of Things sensors, radio telemetry, and DCIM platforms. These capabilities provide real-time visibility into power, cooling and environmental conditions - supporting fault-tolerant scalability from edge to core.

Managed cyber resilience and continuous defense

Through our converged security operations centers, Jacobs delivers unified IT/OT visibility and 24/7 monitoring powered by advanced security information and event management threat correlation and AI-driven analytics. Proactive managed services - including patch management, vulnerability lifecycle optimization and firmware security - reduce downtime and mitigate risks such as ransomware, supply chain compromise and edge distributed denial of service attacks. By leveraging deep operational experience across IT and OT environments, Jacobs helps organizations maintain performance, continuity and trust in mission-critical operations.

Compliance, testing and specialized capabilities

Jacobs supports clients in achieving and maintaining compliance with frameworks for energy-dependent data centers. Our teams develop and validate incident response plans, conduct cyber table-top exercises and perform post-incident forensics to drive continuous readiness. We also provide penetration testing, risk assessments and threat hunting across converged infrastructures - enhancing resilience and operational confidence.

Designing security in, from day one

Cyber resilience starts at the design phase - not after the fact. Key actions include:

• Mapping system boundaries and data flows to understand dependencies.
• Identifying building automation system and electrical power monitoring system crossovers and applying Iadho National Laboratory's CCE methodology to define unacceptable consequences and system interdependencies.
• Collecting software and hardware bills of materials to enhance vulnerability management.
• Defining zones and conduits based on International Electrotechnical Commission 62443 and zero-trust principles.
• Embedding cybersecurity requirements directly into requests for proposals, bid packages and the basis of design.

Integrating these steps early ensures that security and reliability are built in - not bolted on.

Operating securely and efficiently

Once operational, data centers must balance efficiency, availability and security. Jacobs' integrated IT-OT approach helps achieve this by optimizing systems, strengthening resilience and supporting standard operating procedures.

• Continuous monitoring of Power Usage Effectiveness, Water Usage Effectiveness, temperature and power draw through DCIM platforms.
• Predictive maintenance powered by sensors and analytics to identify issues before they cause downtime.
• Cross-disciplinary training to close the IT-OT knowledge gap and enhance response capability.
• Integrated defenses that combine cybersecurity and physical safeguards to prevent cascading failures.

These capabilities are embedded within Jacobs' managed cybersecurity and OT lifecycle programs, helping organizations monitor performance, anticipate failures and stay compliant while defending against evolving threats. By uniting operational visibility with continuous defense, Jacobs enables data centers to run at peak efficiency - securely and sustainably.

Validating resilience before go-live

Operational resilience must be verified - not assumed. Jacobs integrates security validation into final acceptance testing and ongoing maintenance. We recommend annual reviews of systems, workflows and software versions to maintain protection and performance.

Validation ensures monitoring tools cover the entire environment and operations can continue even under partial instrumentation loss. Aligning cyber and operational resilience strengthens uptime and reliability in mission-critical facilities.