Amazon Web Services’ European expansion has hit the buffers as the American cloud provider grapples with aging grid infrastructure and lengthy interconnect delays.

AWS has moved quickly to flood the European continent with its elastic compute fabric, but while it may take two years to bring a new datacenter online, securing power for the facilities can take up to seven years, Pamela MacDougall, who heads energy markets and regulation for AWS EMEA, said in an interview with Reuters this week.

According to the International Energy Agency (IEA), in some European datacenter meccas, like Frankfurt, London, Amsterdam, Paris, and Dublin, this wait can extend to as much as a decade.

This isn’t unique to Europe. While a 2025 IEA report showed grid connection lead times ranging from one to three years on average across the US, in datacenter hot spots like Northern Virginia, they’re also pushing [PDF] seven years.

“We’re finding more and more across Europe that certainty of the delivery date has continued to be delayed,” MacDougall told the news wire.

These delays have forced AWS to reassess its European buildout.

Power has become more of a problem for bit barn builders as the AI boom enters its fourth year. Since ChatGPT’s debut in 2022, datacenter power consumption has skyrocketed, with typical rack densities jumping from 6-12 kW to upwards of 140 kW, with 600 kW systems slated to start rolling out next year.

Along with greater power consumption, AI workloads, particularly training, can be extremely spiky, with utilization jumping from just a couple of percent to 100 percent in a fraction of a second. This leaves grid operators and utilities tasked with serving these datacenters little time to respond to surges in energy demand.

The permitting process associated with grid improvements in Europe has also proven problematic, though regulation from the European Commission has been proposed to prevent this process from exceeding two years.

Further complicating matters, energy infrastructure remains in incredibly short supply with turbine manufacturers struggling to keep up with demand.

In response, cloud providers including Amazon have begun turning to alternative energy sources to secure power for their facilities. Amazon last year purchased Talen Energy’s Cumulus datacenter campus next to a nuclear power plant, while Microsoft and Meta are also backing projects to reignite or extend the life of aging reactors.

We’ve also seen a flurry of interest in startups developing small modular reactors (SMRs). These mini nuclear power plants could be deployed alongside datacenters if they can be made commercially viable.

With even the most optimistic SMR roadmaps pushing mass production out to the 2030s, a seven-year lead time on grid connections is probably the better deal for now.

The Register reached out to Amazon for comment on how it plans to address these grid challenges; we’ll let you know if we hear anything back. ®

It’s no secret that the Trump administration has radically altered the federal government’s relationship with state election officials since being sworn into power last year.

While his first term included the creation of the Cybersecurity and Infrastructure Security Agency and the distribution of hundreds of millions in congressional funding sent to help states upgrade election security, Trump’s second term has so  far been more adversarial toward states.

As CyberScoop and others have reported, CISA has scaled back its election security support – in some cases shuttering work on topics like disinformation — while firing or sidelining election security specialists at the agency. The administration is also pursuing voter data from all 50 states, an effort that has been called “unprecedented and illegal” by one court. 

Congressional Democrats, including California Sen. Alex Padilla, have been sharply critical of the federal government’s support for elections under the second Trump administration.

Cuts to CISA’s funding and staff, combined with the absence of dedicated congressional funding for election security grants, have “created a scenario where states may feel a lot more like they’re going it alone than as opposed to working in partnership,” said Padilla. The current senator served as Secretary of State for California before being appointed in 2021 to replace Sen. Dianne Feinstein. 

Arizona Secretary of State Adrian Fontes was discussing the status of a $650,000 package moving through the Arizona legislature with an aide when CyberScoop approached him for an interview at the National Association of Secretaries of State winter conference.

Fontes said the spending package (which passed later that day) would help Arizona patch vulnerabilities and recover from last year’s cyberattack on the state’s online portal for political candidates. The attack also defaced state websites with pro-Iranian propaganda.

The $650,000 appropriation is part of a larger $3.4 million pool the legislature approved last year to strengthen cybersecurity in the state’s election system ahead of a special election in the 7^th congressional district. Because turnout in that election was low, some of the money was left unspent and would otherwise go unused. Fontes said his office made a  “very clear” case in a December letter outlining the significant investments Arizona still needs to make to secure its elections.

The money, while welcome, “is not going to go anywhere near supporting all the other programs that we need for elections to go well,” he said.

“We were saying ‘Hey, let us use [the leftover money] for elections, let us rebuild our cybersecurity infrastructure’… that’s $2.8 million dollars worth of other stuff that would help counties,” said Fontes.

Arizona is one of several states scrambling to find new ways to pay for election security as the federal government pulls back.  States are now relying on just $45 million in federal election security grant funding from the Election Assistance Commission— less than $1 million per state on average— while election-security expertise at CISA has been sharply reduced. 

Some states are turning to local sources to fill in gaps in information sharing. West Virginia Secretary of State Kris Warner told CyberScoop he had just completed his first tour of all 55 country clerks in the state.

“They all have cell phone numbers for me, for Dave [Tackett, chief information officer] and my chief of staff,” Warner said. “We’re in close contact if there’s a concern [around] the risks and points of entry that may affect all of us.”

Last year, Warner’s office helped distribute $272,000 in Help America Vote Act (HAVA) grant funding to six counties, who added another $323,000 in matching funds, to upgrade voting systems, enhancing ID printer capabilities to strengthen voter identification procedures and other tasks.

A lack of poll workers is one of the state’s biggest challenges ahead of this year’s elections. Warner’ said his office is backing several bills to address it, including one that would create a new tax credit for poll workers  and another that would let 15- or 16-year-olds  receive poll worker training.

The White House and federal officials have attempted to downplay reports of a fraying relationship. In January, acting CISA Director Madhu Gottumukkala told Congress that claims DHS or CISA have rolled back their election security practices were “not accurate,” citing ongoing support to states around cybersecurity support, physical security guidance, incident response services and threat briefings.

“We treat election security like any other infrastructure sector and our election security services remain fully in place,” he said.

That statement directly contradicts what many state and local officials have said over the past year: that communication and support from CISA and the federal government have either shrunk or are completely absent compared to previous election cycles.

According to Brenna Nelson of the National Conference of State Legislatures, CISA performed 1,300 physical security assessments, 700 cybersecurity assessments and 500 election security trainings for election jurisdictions across the country between 2017 and 2025. Support and services related to cybersecurity that election offices have used for the past seven years are “less available” now, as “the agency is not prioritizing elections in the same way it has since 2017.”

For many state officials, the change from CISA came suddenly and with no warning, giving them little time to make alternative plans. Speaking to StateScoop last year, Nevada Secretary of State Maggie Toulouse Oliver said “we didn’t even have the foreknowledge to be able to relay to our legislature that we were going to be losing out on a lot of these tools and resources.”

Tackett, said cyber hygiene scans were the only recurring services they relied on CISA for, and the office has become proficient in tapping other local or regional sources — like information sharing and analysis centers, fusion centers, local university research centers and the National Guard – for no cost services around election security.

Because of this, Tackett said the state’s relationship with CISA hasn’t been impacted as much as other states. However, he also said that when it comes to incident response and intel sharing, the relationship has “maybe diminished somewhat.”

Fontes was blunt, saying there has been “no change” in his state’s relationship with CISA since he spoke out in frustration last year, either in terms of outreach or technical assistance.

“If somebody said it’s business as usual, he’s full of s—t and lying,” he said. “That’s not true.”

CISA has flagged a critical SolarWinds Web Help Desk vulnerability as actively exploited in attacks and ordered federal agencies to patch their systems within three days.

Tracked as CVE-2025-40551, this security flaw stems from an untrusted data deserialization weakness discovered and reported by Horizon3.ai security researcher Jimi Sebree, which can allow unauthenticated attackers to gain remote command execution on unpatched devices.

“SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution which would allow an attacker to run commands on the host machine,” the company explained on January 28 when it released Web Help Desk 2026.1 to patch the vulnerability.

The same day, SolarWinds also patched a high-severity hardcoded-credentials vulnerability (CVE-2025-40537) discovered by Sebree and two authentication-bypass security flaws (CVE-2025-40552 and CVE-2025-40554) reported by watchTowr’s Piotr Bazydlo, all of them remotely exploitable.

On Tuesday, CISA added CVE-2025-40551 to its catalog of flaws exploited in the wild and gave Federal Civilian Executive Branch (FCEB) agencies three days to secure their systems, as mandated by the Binding Operational Directive (BOD) 22-01, issued in November 2021.

Although BOD 22-01 targets only federal agencies, CISA encouraged all network defenders, including those in the private sector, to patch their devices against ongoing CVE-2025-40551 attacks as soon as possible.

Admins are advised to patch their systems as soon as possible, given that hackers have frequently exploited Web Help Desk vulnerabilities in the wild. For instance, CISA tagged a Web Help Desk hardcoded credentials flaw in October 2024 as actively exploited, and SolarWinds addressed a patch bypass in September 2025 for another Web Help Desk RCE flaw flagged as exploited in attacks.

Web Help Desk is a popular help desk management software among government agencies, large corporations, healthcare organizations, and educational institutions. SolarWinds claims that more than 300,000 customers worldwide use its IT management products.

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.

Get the guide