Critical infrastructure Archives | Page 15 of 106

Discord incident highlights growing vendor security risks

A September breach at one of Discord’s customer service vendors has exposed user data, highlighting the growing cybersecurity risks associated with third-party providers. Attackers exploited vulnerabilities in the external platform, but Discord’s core systems were not compromised.

Exposed information includes usernames, email addresses, phone numbers, and partial payment details, such as the last four digits of credit card numbers. No full card numbers, passwords, or messages were accessed, which limited the scope of the incident compared to more severe breaches.

Discord revoked the vendor’s system access, launched an investigation, and engaged law enforcement and forensic experts. Only users who contacted support were affected. Individuals impacted are being notified by email and advised to remain vigilant for potential scams.

The incident underscores the growing risk of supply chain attacks, where external service providers become weak points in otherwise well-secured organisations. As companies rely more on vendors, attackers are increasingly targeting these indirect pathways.

Cybersecurity analysts warn that third-party breaches are on the rise amid increasingly sophisticated phishing and AI-enabled scams. Strengthening vendor oversight, improving internal training, and maintaining clear communication with users are seen as essential next steps.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Kazakhstan turns to AI to fight the shadow economy

Kazakhstan’s Prime Minister Olzhas Bektenov has directed the full implementation of AI across government agencies to meet President Kassym-Jomart Tokayev’s goal of reducing the shadow economy’s share in GDP to 15 percent in 2025.

At a government session, Bektenov said progress must go beyond reports and correspondence, calling for structural reforms in taxation, digitalisation, and business regulation. He urged ministries to pursue a ‘transparent economy’ through comprehensive AI and data integration initiatives.

The State Revenue Committee of Kazakhstan will lead the digital transformation, supported by a new Data Processing Centre established by the Ministry of Artificial Intelligence and Digital Development.

Bektenov stressed that digitalisation projects such as cashless payments and the digital tenge have already proven effective in curbing unrecorded transactions and improving financial oversight.

AI will also be deployed in customs risk profiling and cargo inspection analysis to detect fraud and reduce corruption.

The Ministries of Finance, Justice, Trade, and National Economy were instructed to integrate databases under the Smart Data Finance system and to finalise an automated risk management system for company registration by 25 November.

Deputy Prime Minister Serik Zhumangarin will oversee coordination.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Power grid spending surges as US braces for data centre and AI boom

US electric utilities are set to spend nearly $208 billion on the power grid in 2025 and more than $1.1 trillion over the next five years, according to the Edison Electric Institute. The surge in investment reflects rising demand from data centres, artificial intelligence, and wider electrification across the economy.

EEI data shows that investor-owned utilities spent $765 billion on capital projects in the five years to 2024. The new spending represents a significant increase and is aimed at upgrading and expanding infrastructure to keep pace with the accelerating demand for electricity.

The growing investment comes as demand from energy-intensive technologies continues to rise. Data ce n tres and AI workloads are driving sustained growth in US power consumption, placing unprecedented pressure on existing infrastructure and prompting utilities to scale up their spending plans.

David Weeks, supply chain industry practice lead at Moody’s, warned that the escalating energy crisis could become a limiting factor across multiple industries. He said grid constraints and permitting delays must be factored into corporate supply chain strategies to avoid future disruptions.

As electrification spreads across the economy, grid reliability and capacity are becoming critical considerations for companies. The planned investment underscores the urgency of modernising the power grid to support economic growth while adapting to new technological demands.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

OpenAI unveils AgentKit for faster AI agent creation

OpenAI has launched AgentKit, a new suite of developer tools designed to simplify AI-powered agents’ creation, deployment, and optimisation. The platform unifies workflows that previously required multiple systems, offering a faster and more visual way to build intelligent applications.

AgentKit’s AI includes Agent Builder, Connector Registry, ChatKit, and advanced evaluation tools. Developers can now design multi-agent workflows on a visual canvas, manage data connections across workspaces, and integrate chat-based agents directly into apps and websites.

Early users such as Ramp and LY Corporation built working agents in just a few hours, cutting development cycles by up to 70%. Companies including Canva and HubSpot have used ChatKit to embed conversational support agents, transforming customer experience and developer engagement.

New evaluation features and reinforcement fine-tuning allow users to test, grade, and improve agents’ reasoning abilities. AgentKit is now available to developers and enterprises through OpenAI’s API and ChatGPT Enterprise, with a wider rollout expected later this year.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New report finds IT leaders unprepared for evolving cyber threats

A new global survey by 11:11 Systems highlights growing concerns among IT leaders over cyber incident recovery. More than 800 senior IT professionals across North America, Europe, and the Asia Pacific report a rising strain from evolving threats, staffing gaps, and limited clean-room infrastructure.

Over 80% of respondents experienced at least one major cyberattack in the past year, with more than half facing multiple incidents. Nearly half see recovery planning complexity as their top challenge, while over 80% say their organisations are overconfident in their recovery capabilities.

The survey also reveals that 74% believe integrating AI could increase cyberattack vulnerability. Despite this, 96% plan to invest in cyber incident recovery within the next 12 months, underlining its growing importance in budget strategies.

The financial stakes are high. Over 80% of respondents reported spending at least six figures during just one hour of downtime, with the top 5% incurring losses of over one million dollars per hour. Yet 30% of businesses do not test their recovery plans annually, despite these risks.

11:11 Systems’ CTO Justin Giardina said organisations must adopt a proactive, AI-driven approach to recovery. He emphasised the importance of advanced platforms, secure clean rooms, and tailored expertise to enhance cyber resilience and expedite recovery after incidents.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

New cyber rules tighten grip on China’s critical infrastructure

China has introduced one of the world’s strictest cybersecurity reporting laws, requiring major infrastructure providers to report serious cyber incidents within just one hour. The regulation, issued by the Cyberspace Administration of China, applies to all network operators working in the country and its territories.

Incidents must be graded by severity, with ‘key infrastructure’ breaches reported within 60 minutes, and ‘particularly serious’ cases, such as those threatening national security or social stability, within 30 minutes. Operators who delay or conceal information face harsh penalties under the new rules.

The directive defines major cyber incidents as those that cause large-scale paralysis, severe data loss, or the compromise of massive amounts of personal information. Even social organisations and individuals are encouraged to report significant security breaches.

Notably, attacks targeting online media or information sites that remain visible for over six hours or reach more than a million views will also be classified as widespread cyberattacks, reflecting Beijing’s tight grip on online information control.

These requirements go far beyond standards in the United States and the European Union. In the US, companies have 72 hours to report major incidents under the Cyber Incident Reporting for Critical Infrastructure Act, while the EU’s NIS2 Directive allows up to 72 hours for full notification and one month for a final report.

The move underscores China’s dual stance in cyberspace, reinforcing domestic defences while being accused of conducting aggressive cyber operations abroad. Western security agencies recently linked Chinese-backed hackers, such as the group Salt Typhoon, to breaches of US telecoms, the Treasury Department, and other key sectors.

A 2025 CrowdStrike report found China-related hacking activity surged by 150% last year, marking what analysts called an ‘inflexion point’ in Beijing’s global cyber ambitions.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Production restarts after cyber incident as JLR launches supplier financing

JLR has begun restarting its manufacturing operations after a cyber incident in early September disrupted production. The phased return started on 8 October at the Electric Propulsion Manufacturing Centre and the Battery Assembly Centre in the West Midlands.

Staff are also returning to stamping facilities in Castle Bromwich, Halewood, and Solihull, as well as the body shop, paint shop, and Logistics Operations Centre in Solihull. Vehicle production in Nitra, Slovakia, and the Range Rover and Range Rover Sport lines in Solihull are resuming this week, with further updates expected for other sites, including Halewood.

JLR has introduced a new financing scheme to support suppliers during the restart and ease cashflow pressures. The programme allows qualifying suppliers to receive the bulk of their payment shortly after orders are placed, with the remainder settled upon invoice.

The move accelerates payments by as much as 120 days compared with the company’s standard 60-day terms. JLR will cover the financing costs for suppliers participating during the restart phase.

The new scheme builds on earlier measures to assist suppliers following the cyberattack, such as setting up a dedicated help desk, creating a manual payment system for pending invoices, and recently restoring automated payment systems. Initially focused on suppliers critical to restarting production, the programme will expand to include some non-production suppliers as operations stabilise.

JLR also took steps to bolster liquidity in September to support the phased recovery and ensure its supply chain remains robust as full production resumes.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Brazil advances first national cybersecurity law

Brazil is preparing to pass its first national cybersecurity law, aiming to centralise oversight and strengthen protection for citizens and companies. The Cybersecurity Legal Framework would establish a new National Cybersecurity Authority to coordinate defence efforts across government and industry.

The legislation comes after a series of high-profile cyberattacks disrupted hospitals and exposed millions of personal records, highlighting gaps in Brazil’s digital defences. The authority would create nationwide standards, replacing fragmented rules currently managed by individual ministries and agencies.

Under the bill, public procurement will require compliance with official security standards, and suppliers will share responsibility for incidents. Companies meeting the rules could be listed as trusted providers, potentially boosting competitiveness in both public and private sectors.

The framework also includes incentives: financing through the National Public Security Fund and priority for locally developed technologies. While the bill still awaits approval in Congress, its adoption would make Brazil one of Latin America’s first countries with a comprehensive cybersecurity law.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Gamers report widespread disconnections across multiple services

Several major gaming and online platforms have reportedly faced simultaneous disruptions across multiple devices and regions. Platforms like Steam and Riot Games experienced connection issues, blocking access to major titles such as Counter-Strike, Dota 2, Valorant, and League of Legends.

Some users reported issues with PlayStation Network, Epic Games, Hulu, AWS, and other services.

Experts suggest the outages may be linked to a possible DDoS attack from the Aisuru botnet. While official confirmations remain limited, reports indicate unusually high traffic, with one source claiming bandwidth levels near 30 terabits per second.

Similar activity from Aisuru has been noted in incidents dating back to 2024, targeting a range of internet-connected devices.

The botnet is thought to exploit vulnerabilities in routers, cameras, and other connected devices, potentially controlling hundreds of thousands of nodes. Researchers say the attacks are widespread across countries and industries, though their full scale and purpose remain uncertain.

Further investigations are ongoing, and platforms continue to monitor and respond to potential threats. Users are advised to remain aware of service updates and exercise caution when accessing online networks during periods of unusual activity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

India’s competition watchdog urges AI self-audits to prevent market distortions

The Competition Commission of India (CCI) has urged companies to self-audit their AI systems to prevent anti-competitive practices and ensure responsible autonomy.

A call came as part of the CCI’s market study on AI, emphasising the risks of opacity and algorithmic collusion while highlighting AI’s potential to enhance innovation and productivity.

The study warned that dominant firms could exploit their control over data, infrastructure, and proprietary models to reinforce market power, creating barriers to entry. It also noted that opaque AI systems in user sectors may lead to tacit algorithmic coordination in pricing and strategy, undermining fair competition.

The regulatory approach of India, the CCI said, aims to balance technological progress with accountability through a co-regulatory framework that promotes both competition and innovation.

Additionally, the Commission plans to strengthen its technical capacity, establish a digital markets think tank and host a conference on AI and regulatory challenges.

A report recommended a six-step self-audit framework for enterprises, requiring evaluation of AI systems against competition risks, senior management oversight and clear accountability in high-risk deployments.

It also highlighted AI’s pro-competitive effects, particularly for MSMEs, which benefit from improved efficiency and greater access to digital markets.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!