Planet Earth vs Nvidia
- Gary Hinson
- 17 hours ago
- 2 min read
“Blackwell sales are off the charts, and cloud GPUs are sold out,” said Jensen Huang, founder and CEO of NVIDIA. “Compute demand keeps accelerating and compounding across training and inference — each growing exponentially. We’ve entered the virtuous cycle of AI. The AI ecosystem is scaling fast — with more new foundation model makers, more AI startups, across more industries, and in more countries. AI is going everywhere, doing everything, all at once.”
While I'm delighted to see a company doing so well, I spot several concerns here from the ISO27k/infosec perspective:
'Accelerating' and 'compounding' to me imply risk-multipliers;
Increasing 'monoculture' risks due to dependencies on a single manufacturer with finite capacity;
Increasing dependencies on datacomms, data centres, the Internet ... with no end in sight to our reliance on DNS and other known-insecure protocols;
Technology risks, including the proliferation of particular manufacturers' products (increasingly attractive targets for hackers, competitors and spooks);
Ballooning use of cloud and, especially, AI, with all that goes with it (not just a house of cards: skyscrapers!);
Market and commercial risks, leading to tech and security fallout if the AI bubble bursts, in addition to the immediate financial/economic and social consequences (when budgets and workforces are slashed, what then?);
And more.
In particular, I'd just like to point out the ecological implications of proliferating hyperscale datacentres. Nvidia is rightly proud of the energy efficiencies it has achieved with Blackwell, and yet the same press release mentions gigawatts of additional data centre capacity on the way: where is all that energy coming from, and where does it go? It ends up in the clouds - literally - as the air conditioning units pump out the waste heat into the atmosphere. Never mind cow farts, those AI gigawatts are materially affecting the biosphere and sucking up valuable water.
Remember, last year's amendment to ISO/IEC 27001 formally clarified that, in clauses 4.1 and 4.2, the ‘relevance of climate change should be considered’. As the stock market Nvidia hubbub dissipates, take a look at "Secure the planet" for suggestions on how we information security professionals must do our bit to address climate change. I'll end with this precis of the pragmatic 6-point action plan from my paper written two years ago:
Assess risks: incorporate climate change scenarios in risk management to identify dependencies on critical infrastructure and address the continuity implications of climate-driven incidents.
Ensure integrity: help management build integrity into environmental strategies, focusing on objectives at the intersection of information risk and sustainability.
Invest strategically: prioritise corporate resilience for information, operational, smart/virtual, comms and other technologies including supply chains (reduce reliance on climate-vulnerable suppliers).
Enable remote work: facilitate secure remote/hybrid working with robust controls to support sustainability and reduce travel.
Raise awareness: integrate climate-related infomation risks into security awareness programs, leveraging green interests to champion dual messaging.
Collaborate widely: share intelligence and good practices with IT, risk, government and industry peers, collectively addressing ecosystem resilience.
I'm a firm believer that you are right and make sense. I look at what's going on and tell myself that we are accelerating toward the big crush as I call the end of the world as we know it.
Sadely, I bet that not enough organisations will look criticaly at the AI bubble forming. If they do so, then they will loose market shares for sure (clients loves too much AI) and nobody is ready to loose now for a less defeated world tomorrow.