Critical infrastructure

Sweden warns of growing criminal exploitation of digital payment systems

Sweden’s financial regulator, Finansinspektionen, has warned that organised criminal networks are increasingly exploiting weaknesses in payment systems and digital banking infrastructure. The assessment points to a more challenging risk environment driven by faster transactions, cross-border financial flows and increasing technological complexity.

Financial institutions across the Nordic region are expected to adopt more proactive and intelligence-led compliance approaches.

Retail banks remain primary targets because of their high transaction volumes and role in the initial placement of illicit funds. Criminals rely on shell companies and layered ownership structures to conceal beneficial ownership and bypass standard due diligence.

Regulators now expect stronger analytical capabilities and more robust identity verification processes, particularly within automated onboarding systems that may be vulnerable to fraud and mule-account creation.

Payment service providers and crypto-asset platforms are facing increased scrutiny because they enable the rapid movement of funds across jurisdictions. Authorities stress that real-time screening is now essential, as post-transaction analysis is no longer sufficient.

Crypto-related risks are amplified by mixing tools and decentralised systems, requiring strict origin-of-wealth checks and full compliance with travel rule standards.

Supervisory findings also highlight risks from professional enablers and compromised SMEs used to bypass controls. Insider involvement and distressed businesses can mask illicit activity through seemingly legitimate operations.

Finansinspektionen said stronger sanctions screening, continuous monitoring, and executive-level compliance oversight are essential to address evolving money laundering and illicit financing risks.

Why does it matter? 

The warning reflects a broader shift in financial crime, where criminal organisations increasingly exploit the speed, scale and interconnected nature of modern financial systems. As digital payments, instant transfers and crypto-assets become more widely used, traditional compliance approaches based on retrospective reviews may struggle to keep pace with rapidly moving illicit funds.

The assessment also highlights the growing convergence of financial regulation, cybersecurity and digital governance. Financial institutions are increasingly expected to deploy advanced analytics, real-time monitoring and stronger identity verification controls to detect criminal activity before transactions are completed. Similar regulatory trends are emerging across Europe and other jurisdictions as authorities seek to strengthen resilience against money laundering, fraud and sanctions evasion.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

NCSC urges action after Fortinet firewall and VPN credential leak

The UK National Cyber Security Centre has urged organisations using Fortinet services to investigate whether they have been affected by a global campaign targeting firewalls and VPN gateways.

The NCSC said Fortinet firewalls and VPN gateways have been targeted globally, with some indications of potential impact in the UK. A threat actor has leaked a database of credentials following brute-force, dictionary and credential stuffing attempts against internet-facing FortiGate and VPN portals.

UK organisations using Fortinet edge devices with SSL VPN enabled have been advised to check whether their domains may be affected and to investigate potentially malicious activity on their devices.

The NCSC said organisations should review logs for indicators of compromise, including unauthorised account creation and unexpected activity. Where evidence of compromise exists, affected devices should be isolated from the internet and internal networks.

The agency also warned that changing credentials alone may not be sufficient if attackers have gained persistence on a device. It recommends factory resetting compromised devices after collecting logs, configurations and other investigation artefacts.

Organisations are also advised to investigate other edge devices that share credentials with compromised systems and to monitor reachable devices for signs of onward compromise.

The NCSC said organisations should harden recommissioned systems by ensuring management interfaces are not exposed to the internet, updating to the latest version, removing unsupported systems, changing default or reused administrator passwords and enforcing multi-factor authentication on VPN and device management logins.

Why does it matter?

The alert highlights how stolen or reused credentials can compromise perimeter security infrastructure. Firewalls and VPN gateways are high-value targets because a successful compromise can give attackers a route into internal networks. The NCSC guidance also shows why basic cyber hygiene matters: exposed management interfaces, reused passwords, unsupported systems and missing multi-factor authentication can turn credential leaks into wider network compromise.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Finland links communications networks to security and digital growth

Finland’s Ministry of Transport and Communications has completed the first phase of the TUUTTI project, concluding that secure and reliable communications networks are essential to both national security and digital economic growth.

The report, published on 17 June 2026, provides an overview of Finland’s communications networks, markets and services, and identifies long-term decision points affecting network investment, security and future development.

The ministry said communications infrastructure underpins the functioning of society, security of supply, business investment and the growth of the data economy. It also said security and growth objectives can no longer be treated separately, because the same networks support both public resilience and digital competitiveness.

The report highlights resilience as a prerequisite for growth, warning that communications networks are increasingly linked to energy systems, cloud and computing services, supply chains, suppliers and skills. These dependencies make long-term planning and continuous monitoring essential.

The report also frames digital and technological sovereignty as a question of managing critical dependencies, rather than pursuing complete self-sufficiency. Finland aims to reduce lock-in risks, keep systems interoperable and maintain alternatives where security or economic impacts are greatest.

Future work will focus on preparedness, management of critical dependencies, joint development of networks, data and computing, investment predictability, skills and implementation capacity. Short-term measures identified in the report will be taken forward in autumn 2026.

Why does it matter?

Finland’s assessment shows how communications networks are becoming part of wider national security and economic strategy. Connectivity policy is no longer only about broadband access or market competition; it now includes resilience, supply chains, cloud and computing dependencies, interoperability and technological sovereignty. The report may also matter beyond Finland because its findings could feed into the EU advocacy, legislative preparation and standardisation work.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

European consortium launches SHIELD-6G project to develop cybersecurity capabilities for future 6G networks

A consortium of 19 organisations from across Europe has launched SHIELD-6G (Scalable, Hybrid, and Intelligent End-to-End Defense for 6G Networks), a research and innovation project aimed at developing cybersecurity technologies for future 6G communications networks.

The project is coordinated by University College Dublin and brings together universities, research institutes, telecommunications operators, technology companies, and small and medium-sized enterprises from 10 European countries, including Ireland, Spain, Finland, France, the Netherlands, Italy, Greece, Latvia, Estonia, and Türkiye.

According to the consortium, SHIELD-6G will focus on developing a cyber threat intelligence platform designed for future 6G environments. The platform is intended to support the detection, analysis, and response to cyber threats, including previously unknown vulnerabilities and attacks.

The project will explore several technology areas, including AI-based threat detection and response, federated learning for privacy-preserving data processing, digital twin technologies for security testing, and explainable AI approaches intended to improve transparency in cybersecurity operations.

Researchers will evaluate the technologies through use cases in healthcare, smart manufacturing, and maritime communications. These sectors are expected to rely increasingly on advanced connectivity and automated digital systems, creating new cybersecurity requirements.

The initiative is funded through the European Union’s Horizon Europe programme under the Smart Networks and Services Joint Undertaking (SNS JU), which supports research and innovation activities related to future communication networks and services.

According to the project description, SHIELD-6G is expected to contribute to the development of automated network security capabilities, real-time threat detection and mitigation mechanisms, and approaches to compliance and auditing. The consortium also plans to contribute to ongoing discussions on 6G standardisation.

Commenting on the launch, Madhusanka Liyanage of University College Dublin said future communication networks will require security and resilience measures capable of supporting increasingly critical digital services. He said the project aims to develop cybersecurity capabilities that can help protect those services while supporting the broader development of future connectivity infrastructure.

SHIELD-6G is one of several projects funded under the SNS JU programme that aim to advance research on 6G technologies and related cybersecurity challenges as Europe prepares for the next generation of digital communications networks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Canada enacts cybersecurity legislation to protect critical infrastructure

Canada has strengthened its national cybersecurity framework after Bill C-8, the Act Respecting Cyber Security (ARCS), received Royal Assent.

The legislation is designed to strengthen the security of critical infrastructure and telecommunications networks that support essential services across Canada.

The new law amends the Telecommunications Act by making security an explicit policy objective and granting the government additional powers to require action against threats targeting telecommunications systems.

The legislation also establishes the Critical Cyber Systems Protection Act, creating a regulatory framework for designated operators in the finance, telecommunications, energy and transportation sectors.

Under the new framework, organisations responsible for critical systems will be required to implement enhanced cybersecurity measures, report significant cyber incidents and comply with new security obligations. The government of Canada argues that the measures are necessary as cyber threats continue to increase in both frequency and sophistication.

While amendments to the Telecommunications Act take effect immediately, implementation of the Critical Cyber Systems Protection Act will occur gradually through a phased approach. Canadian officials said the legislation will help strengthen national resilience, protect sensitive information and support the uninterrupted operation of essential services.

Why does it matter?

The legislation reflects a growing international shift towards mandatory cybersecurity requirements for operators of critical infrastructure. Governments increasingly view cyber resilience as a matter of national security, particularly as cybercriminal groups and state-linked actors target sectors whose disruption could have significant economic and societal consequences.

The new framework also signals a move from voluntary cybersecurity practices towards enforceable obligations. By requiring organisations to strengthen security measures, report incidents and comply with regulatory requirements, Canada is seeking to improve visibility into cyber threats and reduce risks to essential services and national infrastructure.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EU extends Cybersecurity Reserve support to Ukraine

Ukraine can now activate emergency EU cyber support during significant or large-scale cybersecurity incidents after the Council of the European Union approved its inclusion in the EU Cybersecurity Reserve.

The Reserve, managed by the European Union Agency for Cybersecurity, provides incident response services from trusted private-sector providers to help contain and mitigate major cyber incidents.

The European Commission said the decision reflects closer EU-Ukraine cooperation and forms part of wider efforts to strengthen preparedness, rapid response and shared expertise against evolving cyber threats.

The move also aligns with the EU’s strategic digital partnership agenda and follows Moldova’s inclusion in the Cybersecurity Reserve in 2024 under the Cyber Solidarity Act.

European Commission Executive Vice-President Henna Virkkunen said Ukraine’s inclusion strengthens collective cyber defences and reaffirms European solidarity at a time of persistent cyber threats.

Why does it matter?

Ukraine’s inclusion in the Cybersecurity Reserve extends EU cyber crisis support to a country facing sustained cyber pressure linked to geopolitical conflict. The decision shows how the EU is using the Cyber Solidarity Act and related mechanisms not only for internal resilience, but also for strategic partnerships. It also strengthens the role of ENISA-coordinated incident response services and trusted private providers in Europe’s wider cyber crisis management framework.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

IMF chief calls for stronger cooperation on AI-related cybersecurity risks

International Monetary Fund (IMF) Managing Director Kristalina Georgieva has called for greater international cooperation to address cybersecurity risks associated with advanced AI systems, warning that rapidly evolving AI capabilities could pose challenges for the global financial system if misused.

Speaking to journalists in Brussels, Georgieva said new AI models are increasing the ability to identify cybersecurity vulnerabilities at a scale previously unavailable. She noted that these capabilities can support efforts to strengthen cyber defences by helping organisations detect and address weaknesses more quickly.

At the same time, Georgieva said the same capabilities could be misused by malicious actors. Referring to recent developments in advanced AI systems, she said that frontier models can be used positively to identify cybersecurity vulnerabilities but that, ‘in the wrong hands,’ those capabilities could be directed against financial infrastructure.

Her comments come amid growing discussion among policymakers, regulators, and financial institutions about the implications of increasingly capable AI systems for cybersecurity and financial stability. Earlier this year, Georgieva warned that the international monetary system was not adequately prepared to address rapidly evolving AI-related cyber risks and called for greater attention to safeguards needed to protect financial stability.

According to Georgieva, stronger cooperation will be necessary across countries and sectors to address these risks. She highlighted the importance of collaboration between advanced and developing economies, as well as between public institutions and private-sector actors responsible for critical digital infrastructure.

She also pointed to the interconnected nature of the global financial system, arguing that vulnerabilities in one jurisdiction can have wider implications. Because financial systems are closely linked across borders, weaknesses in cybersecurity protections may create risks beyond the countries where they originate.

In addition to cooperation, Georgieva stressed the importance of investing in cyber resilience. She said governments should consider cybersecurity requirements when planning public spending and ensure that sufficient resources are available to strengthen defences against evolving threats.

Her remarks align with broader concerns raised by financial authorities regarding the growing role of AI in cybersecurity. While advanced models may help identify vulnerabilities and improve defensive capabilities, they may also lower barriers for conducting sophisticated cyber operations. Financial institutions and regulators have increasingly examined how to strengthen preparedness and resilience in response to these developments.

Georgieva also referred to broader risks associated with rapid AI adoption, including the potential for market volatility driven to changing expectations for AI technologies. She described such risks as low-probability but potentially high-impact events.

The IMF has previously highlighted the economic implications of AI, including its potential effects on labour markets and productivity. Georgieva has argued that governments should prepare for significant technological change while ensuring that the benefits of AI are broadly shared.

Why does it matter?

The comments in Brussels place cybersecurity and financial resilience at the centre of ongoing discussions about AI governance. As governments, regulators, and financial institutions continue to assess the implications of increasingly capable AI systems, questions around international cooperation, preparedness, and cyber resilience are expected to remain a key focus of policy discussions.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Cyber Europe 2026 tests EU response to large-scale cyber crises

The EU Agency for Cybersecurity has led Cyber Europe 2026, a two-day exercise testing Europe’s response to large-scale cyberattacks on rail and maritime transport networks.

The exercise, held on 10 and 11 June, brought together more than 5,000 participants from national cybersecurity agencies, EU and EFTA public and private sector organisations, the EU entities and industry. It was designed to strengthen cyber preparedness and test the continuity of essential services during a major crisis affecting interconnected transport systems.

The scenario simulated coordinated attacks on critical maritime and railway infrastructure across Europe. Port logistics and navigation systems were compromised, cargo movements were halted, and safety risks emerged. Railway networks were also disrupted, with cross-border trains frozen and passengers and supplies delayed.

Participants also had to respond to ransomware attacks affecting transport authorities and ticketing services, as well as exposure of sensitive passenger and emergency information. ENISA said the scenario required information-sharing and coordination at technical, operational and political levels.

Cyber Europe 2026 also tested the EU Cybersecurity Blueprint, revised in 2025 to strengthen crisis management for large-scale incidents. For the first time, the EU Cybersecurity Reserve was tested under Cyber Europe, using a scenario that required participants to follow ENISA procedures for activating incident response support under the mechanism.

ENISA said findings from the exercise will be analysed in after-action reports to identify weaknesses and improve Europe’s preparedness and response processes.

Why does it matter?

The exercise shows how cyber incidents affecting transport infrastructure can quickly move beyond technical disruption into broader economic, safety and crisis-management risks. Ports, railways, logistics systems, ticketing platforms and navigation tools are increasingly interconnected, often combining legacy operational technology with modern digital systems. Testing EU-level coordination matters because attacks on transport networks can affect trade, military mobility, emergency response and public trust across borders.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

EU tests cyber crisis response for rail and maritime networks

The European Commission has carried out Cyber Europe 2026, a large-scale cybersecurity exercise testing how Europe would respond to attacks on rail and maritime transport networks.

Organised by the EU Agency for Cybersecurity, the exercise took place on 10 and 11 June and involved around 5,000 experts from across the EU, industry and partner countries. Participants included cybersecurity specialists from the public and private sectors, policymakers, the EU institutions and representatives from the UK, Norway, Switzerland and Ukraine.

The scenario simulated cyberattacks on Europe’s rail and maritime networks, causing severe operational disruption and escalating into a wider cybersecurity crisis. The exercise was designed to test coordination between authorities, industry and institutions during a major cross-border incident affecting critical transport infrastructure.

Cyber Europe 2026 was also the first EU-wide test of the 2025 EU Cyber Blueprint, which clarifies roles and responsibilities during a cyber crisis. The exercise also tested the Cybersecurity Reserve, created under the Cyber Solidarity Act to provide support during significant cybersecurity incidents.

The Commission said lessons from the exercise will help consolidate the Cyber Blueprint and embed cyber crisis management more firmly into the EU’s wider emergency preparedness and response frameworks.

Why does it matter?

Transport networks are critical infrastructure, and cyber incidents affecting ports, railways or logistics systems can disrupt trade, supply chains, military mobility and emergency response across borders. Cyber Europe 2026 is important because it tests not only technical response, but also EU-level coordination, crisis decision-making and support mechanisms under newer cyber resilience tools such as the Cyber Blueprint and Cybersecurity Reserve.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

CISA updates vulnerability remediation rules

The US Cybersecurity and Infrastructure Security Agency has issued a binding directive requiring federal civilian agencies to prioritise vulnerability remediation based on risk.

Binding Operational Directive 26-04 directs agencies to align their vulnerability management policies around four criteria: whether an affected asset is exposed, whether a vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalogue, whether exploitation can be automated and the likely technical impact after exploitation.

CISA said the directive consolidates and updates earlier requirements for internet-accessible systems and known exploited vulnerabilities. The agency said the approach is intended to help federal civilian agencies focus remediation on the vulnerabilities most likely to cause serious harm.

The directive comes as threat actors continue to exploit unpatched vulnerabilities, with CISA warning that AI software services could help attackers identify and exploit weaknesses more quickly. The agency said AI-enabled exploitation may further reduce the time defenders have between a patch release and attempted compromise.

The directive also requires agencies to consider whether a system may already be compromised before applying a patch. CISA said applying a patch generally does not remove an attacker who already has access to a system, making compromise checks important for risk management.

CISA will monitor agency compliance and provide implementation support. Although the directive is binding only for federal civilian agencies, CISA encouraged other organisations to adopt similar risk-based vulnerability management practices.

Why does it matter?

The directive reflects a shift in federal cybersecurity from treating vulnerability remediation as a fixed checklist to prioritising flaws based on exploitation risk, exposure, and potential impact. That matters because attackers increasingly move quickly from disclosure to exploitation, and AI tools may further shorten that window. For governments and critical organisations, vulnerability management is becoming a continuous risk-management process rather than a periodic patching exercise.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.