Critical internet resources

Talks advance on Europe-Middle East electricity interconnector

Cyprus and Greece are making progress in talks about the creation of a high-speed electric cable network, known as the Great Sea Interconnector, linking Europe to the Middle East through the Mediterranean seabed. The project aims to connect transmission networks from Greece via Crete and Cyprus to Israel, with an estimated cost of €2.4 billion, of which €1.9 billion covers the Cyprus section.

Once complete, the interconnector will be the world’s longest and deepest high-voltage direct current (HVDC) cable, stretching 1,240 km and descending to 3,000 metres. The European Union has expressed its willingness to finance part of the project, which is expected to be completed by 2030. However, overlapping jurisdictional claims in the Mediterranean, involving Greece, Cyprus, and Turkey, could present future challenges.

Cyprus has sought clarity on its financial contribution and the potential impact of geopolitical risks, particularly concerning Turkey’s opposition, which could lead to delays and additional costs. Deputy government spokesperson Yiannis Antoniou said discussions have made progress, and the issue may be raised in an upcoming cabinet meeting.

The matter is also set to be discussed during a meeting between Cypriot President Nikos Christodoulides and Greek Prime Minister Kyriakos Mitsotakis in Athens later this week.

FCC pushes for new players in space economy

The chair of the Federal Communications Commission (FCC), Jessica Rosenworcel, has called for increased competition to SpaceX’s Starlink satellite internet service. Starlink currently operates nearly two-thirds of all active satellites and is responsible for a significant portion of space-based internet traffic.

Rosenworcel highlighted that monopolies do not benefit the economy, emphasising the need to bring in more companies to develop satellite constellations and drive innovation in space. She stressed that competition in communications markets typically leads to lower prices and more innovation, and the space sector should not be an exception.

The FCC has been working to support new entrants in the space economy, offering guidance on licensing processes and promoting outreach efforts. Rosenworcel aims to encourage more players to enter the market and challenge Starlink’s dominant position.

In 2022, the FCC withdrew $885.5 million in rural broadband subsidies from Starlink, citing the service’s inability to meet basic program requirements. SpaceX had originally agreed to deliver high-speed internet to over 600,000 rural homes and businesses across 35 US states.

Illegal gun parts from China seized by US authorities

US authorities have taken down over 350 websites selling gun silencers and parts from China used to convert semiautomatic pistols into fully automatic machine guns. The move follows an investigation that started in August 2023, targeting illegal sales of these dangerous devices.

Undercover operations revealed shipments from China, falsely labelled as items such as ‘necklaces’ or ‘toys’. Instead, these packages contained machine gun conversion devices, known as ‘switches’, and ‘silencers’, both banned under the National Firearms Act. Some websites even sold counterfeit goods, misusing the trademark of gun manufacturer Glock Inc.

Acting US Attorney Joshua Levy emphasised the importance of seizing these websites to halt the influx of illegal and dangerous contraband. Law enforcement has so far seized over 700 machine gun conversion devices, 87 illegal suppressors, 59 handguns, and 46 long guns.

Officials highlighted the growing problem of such devices being easily accessible, posing a serious threat to public safety. The seizures are part of a broader effort to tackle the illegal gun parts trade and protect communities.

USDA faces mounting criticism over cybersecurity vulnerabilities in the food and agriculture sector

Experts warn that the potential for disaster in the food and agriculture sector is immense. The US Department of Agriculture (USDA) is tasked with preventing such crises by securing the sector’s infrastructure from physical and cyber threats. However, in today’s increasingly digital world, the USDA is alarmingly unprepared to fulfil this role, according to policymakers, independent experts, and even the department’s reports to Congress.

That crucial responsibility is handled by a small, underfunded office within the USDA, which is already stretched thin with other duties. The department’s leadership rarely highlights the serious cyber threats facing the food and agriculture industry. This industry contributed over 5% to the US economy and provided about 10% of the nation’s jobs last year. Despite these pressing risks, it remains uncertain whether the department has made meaningful progress in addressing them.

While other agencies that protect critical infrastructure have been proactive in confronting cyber threats, the USDA needs to be faster to act, even as industry stakeholders become increasingly anxious about their digital vulnerabilities. The food and agriculture sector has largely remained under the radar regarding cybersecurity, with hackers focusing on more profitable targets for now. But this reprieve is unlikely to last indefinitely. The 2021 ransomware attack on meat-processing giant JBS, which forced the closure of plants across the country and threatened to disrupt beef prices, served as a wake-up call about the sector’s vulnerabilities.

Over the past decade, the cyber risks to food and agriculture have escalated as automation has become more widespread across the industry. Technology has become deeply embedded in modern agriculture, from tractors guided by GPS and cloud-connected devices controlling planting patterns to drones (some manufactured in China) surveying and spraying crops and automated systems managing livestock feeding. That integration extends through the entire supply chain, from food processors to distributors, making it more vulnerable to cyberattacks.

However, these technological advancements were adopted mainly before the rise in cyber threats to critical infrastructure, leading to serious concerns about the security of the US food supply. Cyberattacks on the food system could manifest in various ways, and one of the most severe concerns involves manipulating food safety data, either by concealing a food-borne illness or by falsely creating evidence of one.

Why does this matter?

The USDA still needs to provide interviews. However, a spokesperson emphasised that the department remains ‘committed to enhancing our cyber capabilities, promoting cyber awareness across the sector, and raising the industry’s cyber profile, despite the limited funding allocated by Congress for this purpose.’

The department also stays engaged with the sector through biweekly email updates, periodic meetings with industry leaders, and organised threat briefings. Additionally, when pro-Russian hacktivists targeted the sector earlier this year, Detlefsen noted that USDA quickly brought in him and his colleagues to discuss the situation. According to Scott Algeier, executive director of the Food and Agriculture ISAC, the USDA is ‘doing well’ in its role as a policy coordinator, collaborator, and convener’ while allowing the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to handle the technical aspects of cybersecurity.

White House urges better security for internet routing protocol

The White House’s cybersecurity office urged network operators to adopt available measures to secure the Border Gateway Protocol (BGP), a critical yet vulnerable technology used for routing internet traffic. The new guidance highlights that BGP lacks sufficient security and resilience features against current risks, a concern that has persisted for 25 years.

BGP is used by networks to exchange routing information, such as internet addresses, with other networks. For example, a mobile network uses BGP to connect with a cloud service or residential broadband network. Without updates, BGP is susceptible to exploits by malicious actors. Hijacking BGP can redirect users to malicious sites, exposing them to theft or data breaches, and can also facilitate DDoS attacks or disrupt telecommunications.

The Office of the National Cyber Director (ONCD) recommends that network operators adopt Resource Public Key Infrastructure (RPKI), which involves digital certificates managed by Regional Internet Registries. RPKI supports technologies like Route Origin Validation (ROV) and Route Origin Authorization (ROA) to help networks verify reachable internet addresses.

The ONCD acknowledges that securing BGP is challenging and provides detailed guidance on the protocol. It notes that federal networks in the US have not fully implemented ROAs but aim to have over 60% of advertised IP space secured by the end of the year. The ONCD will lead a new Internet Routing Security Working Group, including the Cybersecurity and Infrastructure Security Agency (CISA) and industry partners.

Russian malware Banshee compromises Mac security

A new malware named Banshee, developed by Russian hackers, is targeting macOS users by compromising browser extensions. Banshee poses a significant threat by stealing sensitive data such as passwords, cryptocurrency, and personal information. The malware affects a wide range of web browsers, including Safari, Chrome, and Firefox, and can infiltrate various crypto wallets.

Banshee is being sold on the dark web for as little as $3,000, making it an accessible tool for cybercriminals. Researchers at Elastic Security Labs identified that Banshee operates on both x86_64 and ARM64 macOS systems. Once the malware infiltrates a system, it begins harvesting data from the Mac’s Keychain, desktop, and documents, with the ability to evade detection.

Infection methods likely involve deceptive tactics, such as fake pop-ups mimicking legitimate updates or urgent notifications. Despite the growing concerns, the full extent of Banshee’s spread and impact remains unclear. Apple’s security infrastructure, while robust, has been exploited through browser extensions, underscoring the need for vigilance.

To protect against such threats, Mac users should limit browser extensions, be cautious with downloads, keep software updated, and use strong, unique passwords. These practices, while not foolproof, significantly reduce the risk of falling victim to malware like Banshee.

Critical browser flaw puts Mac and Linux users at risk

A newly identified zero-day flaw linked to the 0.0.0.0 IP address has been exploited by hackers, placing users of major web browsers on macOS and Linux at risk. This vulnerability has been observed in popular browsers like Safari, Chrome, and Firefox, which could potentially allow unauthorised access to private networks. Although Windows users are unaffected, other browsers like Microsoft Edge, Brave, and Opera, which are based on Chromium, are also vulnerable.

The cybersecurity firm Oligo has reported that this flaw enables hackers to communicate with local software on Mac or Linux systems. By using the 0.0.0.0 address instead of localhost, public websites might execute arbitrary code on a visitor’s device, bypassing long-standing security measures. Oligo researchers have estimated that around 100,000 websites could facilitate this attack, which has already been used in targeted strikes on AI workloads.

In response to the threat, Apple has promised to address the issue in the upcoming macOS 15 Sequoia beta by blocking the 0.0.0.0 address. An update to Safari’s WebKit will also block connections to this IP. Chrome is considering a similar approach to ensure that users cannot bypass its Private Network Access protection. Mozilla, however, remains cautious, with a spokesperson noting that tighter restrictions might lead to compatibility issues, and therefore, Firefox has not yet implemented any proposed restrictions.

The widespread nature of the vulnerability and the potential for serious security breaches underscore the urgent need for a solution. Users of affected browsers are encouraged to stay updated on patches and fixes as they become available, particularly from browser developers like Apple, Google, and Mozilla.

Researchers develop a method to improve reward models using LLMs for synthetic critiques

Researchers from Cohere and the University of Oxford have introduced an innovative method to enhance reward models (RMs) in reinforcement learning from human feedback (RLHF) by leveraging large language models (LLMs) for synthetic critiques. The novel approach aims to reduce the extensive time and cost associated with human annotation, which is traditionally required for training RMs to predict scores based on human preferences.

In their paper, ‘Improving Reward Models with Synthetic Critiques’, the researchers detailed how LLMs could generate critiques that evaluate the relationship between prompts and generated outputs, predicting scalar rewards. These synthetic critiques improved the performance of reward models on various benchmarks by providing additional feedback on aspects like instruction following, correctness, and style, leading to better assessment and scoring of language models.

The study highlighted that high-quality synthetic critiques significantly increased data efficiency, with one enhanced preference pair as valuable as forty non-enhanced pairs. The approach makes the training process more cost-effective and has the potential to match or surpass traditional reward models, as demonstrated by GPT-4.0’s performance in certain benchmarks.

As the field continues to explore alternatives to RLHF, including reinforcement learning from AI feedback (RLAIF), this research indicates a promising shift towards AI-based critiquing, potentially transforming how major AI players such as Google, OpenAI, and Meta align their large language models.

Reliance’s Jio platforms clears major hurdle in bid to launch satellite internet in India

Reliance Industries’ Jio Platforms, a major player in the Indian telecommunications market, has recently cleared a significant regulatory hurdle in its ambitious plan to launch satellite internet services in India. That development marks a pivotal step forward in Jio’s mission to expand its digital footprint and offer high-speed internet across the country’s vast and diverse landscape. The approval comes from the Indian National Space Promotion and Authorization Center (IN-SPACe), which is responsible for regulating and promoting private sector participation in the country’s space sector. The nod of approval is crucial for Jio Platforms as it paves the way for the deployment of low-earth orbit (LEO) satellites to provide internet services.

Jio’s satellite internet project aims to deliver high-speed broadband connectivity to remote and rural areas, where traditional fiber-optic networks are challenging to implement. That initiative aligns with the Indian government’s vision of a ‘Digital India’ aimed at bridging the digital divide and ensuring that every citizen has access to the internet. In its endeavor to roll out satellite internet, Jio Platforms is collaborating with SES, a Luxembourg-based satellite telecommunications company. The partnership is expected to leverage SES’s expertise in satellite technology and Jio’s robust terrestrial infrastructure, creating a seamless internet experience for users.

The technology underpinning this initiative involves the use of LEO satellites, which orbit closer to the Earth compared to traditional geostationary satellites. That proximity results in lower latency and faster internet speeds, making it a viable solution for real-time applications such as video conferencing, online gaming, and streaming services. The market in India presents a massive opportunity for satellite internet providers, given its large population and the significant number of underserved regions. According to industry estimates, India has over 700 million internet users, yet millions still lack reliable internet access, particularly in rural and remote areas.

Jio Platforms’ entry into the satellite internet space will position it against other global players like Elon Musk’s SpaceX and its Starlink project, as well as Amazon’s Project Kuiper. Two other companies, Inmarsat and Eutelsat‘s Bharti Enterprises-backed OneWeb, have also received approval to operate satellites over India, with OneWeb having secured all its necessary permissions late last year. IN-SPACe Chairman Pawan Goenka also noted that the agency would soon authorise private companies to operate ground stations, enabling satellite operators to download data as they pass over India. This year, India opened the gates for foreign direct investment in the sector, allowing outside companies to invest in the manufacture of components and systems or subsystems for satellites up to 100% without approval.

Why does it matter?

The Indian satellite broadband service market is expected to grow 36% annually over the next five years and reach $1.9 billion by 2030, according to consultancy Deloitte. That indicates substantial growth potential and a transformative impact on the country’s internet accessibility.

Iran allocates funds to expand state-controlled internet infrastructure

The Raisi administration in Iran has allocated millions of dollars towards bolstering the country’s internet infrastructure, focusing on tightening control over information flow and reducing the influence of external media.

This decision, part of a broader financial strategy for the Ministry of Communications and Information Technology, reflects a 25% increase from the previous year’s budget, totalling over IRR 195,830 billion (approximately $300 million). Additionally, over IRR 150,000 billion (over $220 million) in miscellaneous credits have been earmarked to expand the national information network.

The Ministry of Communications and Information Technology’s efforts aim to reduce dependency on the global internet, leading to a more isolated and state-controlled national information network.

Why does it matter?

Popular social media platforms like Instagram and Facebook are blocked in Iran, and the government appears to be tightening internet control. Cloudflare has observed a significant decrease in internet traffic from Iran over the past two years, suggesting a trend of increased control and isolation. However, widespread internet disruptions have sparked discontent, leading the Tehran Chamber of Commerce to call for policy reassessment, citing economic concerns.