President Trump recently announced $500 billion worth of investment in new data centers, known as the Stargate deal. But this investment may prove useless unless the federal government works to strengthen data centers’ protection from critical threats.
Emerging technologies such as AI that require vast computational power are driving demand for new data centers. The Stargate deal reflects that demand, securing non-federal funding for 20 new data centers in Texas to power AI technology.
Data centers like these are integral to the international economy and to our nation’s security — meaning it’s crucial that data center operators be prepared to counter adverse events.
That’s not to say data center operators don’t already prepare for contingencies. But when security failures could pose such dramatic consequences for the country and the world, it’s worth taking every step possible to prevent those failures.
The threats faced by data centers include both malign cyber activity and conventional kinetic attacks against infrastructure. However, data centers are also vulnerable to geomagnetic disturbance events and electromagnetic pulse attacks.
A natural geomagnetic disturbance event is the unintentional, uncontrollable ejection of charged material from the sun. In contrast, an electromagnetic pulse attack is an intentional attack via a specialized conventional munition, high-altitude nuclear detonation, or a directed beam from a non-nuclear energy device.
Without security protections, either of these events would shut down and wipe out all electronics, power systems and information systems in its path.
Currently, there are over 5,000 data centers in the U.S., and the National Telecommunications and Information Administration estimates that demand for these centers will grow 9 percent annually through 2030. By that projection, the U.S. will have over 9,000 data centers by 2030 — all of which will be vulnerable to geomagnetic disturbances and electromagnetic pulse attacks.
To protect these data centers, Congress should consider imposing a statutory security requirement in the National Defense Authorization Act during its annual review.
In FY 2024, Congress added the Federal Data Center Enhancement Act to its NDAA. This act directed the General Services Administration to establish minimum requirements for new data centers, including mandated protections against power failures, physical intrusions, natural disasters and information security invasions.
This act also allows the administrator to impose “any other requirements” he may deem appropriate. However, this provides no guarantee that the administrator will require protection against such events.
By amending the text of this act to include “protections against electromagnetic pulse attacks and geomagnetic disturbance and specific hardening standards,” Congress can ensure that all new data centers will be equipped with the necessary protections.
The harder, costlier sell is convincing Congress to retrofit existing data centers to protect them from such attacks. But given the national security concerns involved, Congress should seriously consider providing funding for these protections.
According to congressional reports compiled from fiscal 2001 to fiscal 2020, electromagnetic pulse events pose an existential threat to critical infrastructure in the U.S. In fiscal 2020, Congress directed the Department of Homeland Security to develop technologies to enhance resilience and protect critical infrastructure from such attacks. At the same time, it directed the Federal Emergency Management Agency to coordinate response and recovery plans for such attacks.
In a 2022 report, Homeland Security laid out precisely what data centers and other critical infrastructure need to be protected.
But despite all this research, Congress has so far failed to act decisively to protect America’s data centers. It’s unclear how many existing data centers are hardened against electromagnetic pulses and geomagnetic events, but reports indicate that most are not.
The 2025 National Defense Authorization Act included several provisions related to advancing emerging technologies but failed to mention data centers.
Congress is good at fact-finding and delegating federal agencies to research and develop and compile reports. It’s time for Congress to harness its information and use the 2026 defense authorization bill to protect America’s data centers.
Annie Chestnut Tutor is a policy analyst at The Heritage Foundation’s Tech Policy Center. Wilson Beaver is a policy advisor for defense budgeting at Heritage.
