Critical infrastructure Archives | Page 154 of 161

FERMA calls on European institutions to simplify cyber reporting obligations

The Federation of European Risk Management Associations (FERMA) has called on European institutions to simplify cyber reporting requirements and consider the insurance implications of cyber legislation. This appeal follows the release of the Cyber Reporting Stack report, developed in collaboration with WTW, which offers risk managers vital guidance on navigating the landscape of cyber policy and reporting obligations.

The report outlines current and forthcoming regulations, along with incident reporting requirements, featuring the General Data Protection Regulation (GDPR), Network and Information Security (NIS) 2 Directive, the Digital Operational Resilience Act (DORA), and the Cyber Resilience Act (CRA).

Charlotte Hedemark, President of FERMA, highlighted the growing burden of cyber reporting and added that FERMA believes companies need a streamlined and consistent set of requirements for reporting cyber incidents. The report recommends establishing a ‘single point of entry’ for cyber incident notifications and guides EU member states to streamline their processes and participant involvement.

Philippe Cotelle, Chair of FERMA’s Digital Committee, emphasised there currently needs to be regulations specifying the necessary risk management measures or considering their insurance implications.

Forrester: Cybercrime to cost $12 trillion in 2025

Forrester’s 2025 Predictions report outlines critical cybersecurity, risk, and privacy challenges on the horizon. Cybercrime costs are expected to cost $12 trillion by 2025, with regulators stepping up efforts to protect consumer data. Organisations are urged to adopt proactive security measures to mitigate operational impacts, particularly as AI technologies and IoT devices expand.

Another major prediction is that Western governments plan to prohibit certain third-party or open-source software due to rising concerns over software supply chain attacks, which are a leading cause of worldwide data breaches. Increased pressure from Western governments has prompted private companies to produce software bills of materials (SBOMs), enhancing transparency regarding software components.

However, these SBOMs also reveal the reliance on third-party and open-source software in government purchases. In 2025, armed with this knowledge, Forrester says that a government will impose restrictions on a specific open-source component for national security reasons. Consequently, software suppliers will need to eliminate the problematic components and find alternatives to maintain functionality.

Among the key forecasts is the EU issuing its first fine under the new EU AI Act to a general-purpose AI (GPAI) model provider. Forrester warns that companies unprepared for AI regulations will face significant third-party risks. As generative AI models become more widespread, businesses must thoroughly vet providers and gather evidence to avoid fines and investigations. Another major prediction is a large-scale Internet of Things (IoT) device breach, with malicious actors finding it easier to compromise common IoT systems. Such breaches could lead to widespread disruption, forcing organisations to engage in costly remediation efforts.

Forrester also anticipates that Chief Information Security Officers (CISOs) will reduce their focus on generative AI applications by 10%, citing a need for measurable value. Currently, 35% of global CISOs and CIOs prioritise AI to boost employee productivity, but growing disillusionment and limited budgets are expected to hinder further AI adoption. The report reveals that 18% of global AI decision-makers already see budget limitations as a major barrier, a figure projected to increase as organisations struggle to justify investment in AI initiatives.

The report also highlights a rise in cybersecurity incidents. In 2023, 28% of security decision-makers reported six or more data breaches, up 16 percentage points from 2022. Additionally, 72% of those decision-makers experienced data breach costs exceeding $1 million. Despite these alarming statistics, only 16% of global security leaders prioritised testing and refining their incident response processes in 2023, leaving many organisations unprepared for future attacks.

Human-related cybersecurity risks, such as deepfakes, insider data theft, generative AI misuse, and human error, are expected to become more complex as communication channels expand. Forrester also explores how generative AI could reshape identity and access management, addressing challenges like identity administration, audit processes, lifecycle management, and authentication. In conclusion, the report urges companies to brace for evolving threats and adopt forward-thinking strategies to protect their assets as cybersecurity landscapes shift.

Rising fears of foreign interference in US election

Concerns are rising ahead of the US presidential election, with the latest intelligence suggesting interference from foreign nations like Russia, Iran, and China. The annual threat assessment released by the Department of Homeland Security highlights the use of AI by these countries to spread misinformation and create fake websites.

Russian actors have focused on amplifying divisive narratives, particularly around immigration. Iran has adopted a more aggressive approach, posing as activists online to encourage protests related to the conflict in Gaza. China is also seen as a potential player in efforts to undermine confidence in US democratic institutions.

The upcoming election, expected to be highly contested between Kamala Harris and Donald Trump, presents further opportunities for foreign interference. Tensions within the US could be exacerbated by these external efforts, along with potential threats from domestic extremists.

Domestic violent extremism also remains a serious concern. The report warns of the risk posed by lone actors or small cells driven by grievances related to race, religion, or anti-government views. These groups may attempt violent actions to instill fear or disrupt the electoral process.

Eighteen nations endorse the statement on undersea cables security and resilience during the UN General Assembly

At the 79th annual UN General Assembly, 18 nations, including the United States, Australia, Canada, the European Union, and several Pacific nations, endorsed a joint statement addressing the security and resilience of undersea cable infrastructure. The statement highlights the indispensable role of these cables and underscores the pressing need to safeguard them against emerging threats, both natural and manufactured.

Earlier this year, undersea data cables in the Red Sea reportedly were damaged, and large parts of West and Central Africa were left without internet services in March 2024 because of failures on four of the fibre optic cables that run below the world’s ocean. The joint statement begins by acknowledging communications networks’ central role in modern society, with undersea cables being critical infrastructure for global data transmission.

The nations stress that the rapid expansion of undersea cable networks has led to greater interdependence among countries, making the protection of this infrastructure a priority. They advocate for adopting policies to ensure that the infrastructure remains efficient, secure, resilient, and redundant to mitigate risks posed by its vulnerability.

The joint statement outlines key principles for a unified global approach to securing undersea cable infrastructure, focusing on building resilient and secure systems while incorporating cybersecurity best practices. Nations highlighted the importance of promoting secure cable providers, improving government-industry coordination, providing transparent ownership, and emphasising careful planning to prevent disruptions. Additionally, they outlined the need to consider regular risk assessments and compliance with international laws.

Vietnam considers SpaceX’s $1.5 billion investment proposal

SpaceX is set to invest $1.5 billion in Vietnam, boosting Starlink’s satellite internet services in the country. The government has restarted discussions after talks paused at the end of 2023. Officials are now working closely with SpaceX to finalise plans.

The investment could improve internet access in mountainous regions and strengthen infrastructure for activities such as education and disaster response. SpaceX is particularly interested in supporting the country’s development and improving connectivity.

Disputes over strict regulations on foreign ownership of internet service firms previously stalled discussions. Vietnam limits foreign control to 50%, whereas SpaceX had sought a controlling stake, which may still pose challenges.

Vietnam is becoming an important market for major US companies like SpaceX and Apple, both looking to expand their operations. SpaceX’s Starlink service could also help this country maintain a stronger presence in the contested South China Sea.

South Korea’s semiconductor dependence on China grows

While South Korean memory giants Samsung Electronics and SK hynix experienced a significant sales increase in China during the first half of this year, the report by the Korea Eximbank Overseas Economic Research Institute indicates that South Korea’s reliance on China for critical semiconductor raw materials is also growing. Key materials such as silicon, germanium, gallium, and indium have seen notable increases in demand, with South Korea’s dependence on silicon rising from 68.8% to 75.4% in 2022.

The report emphasises an increasing reliance on rare earth elements, crucial for semiconductor abrasives, and a slight uptick in dependence on tungsten, which is vital for semiconductor wiring. This trend is occurring against the backdrop of export restrictions enacted by the Chinese government on critical minerals such as germanium and gallium, in response to US sanctions. Currently, China dominates the global supply, producing 98% of the world’s gallium and 60% of its germanium, underscoring its pivotal role in the semiconductor supply chain.

Dependence on germanium rose significantly by 17.4 percentage points to 74.3% in 2022, and reliance on gallium and indium also increased by 20.5 percentage points to 46.7%. Despite the Chinese government’s export restrictions, local production among major Chinese firms has remained stable. For example, Samsung’s NAND flash facility in Xi’an has boosted its share of the company’s total NAND capacity from 29% in 2021 to 37% in 2023, with expectations to reach 40% this year.

Nokia and Viettel Group partner for nationwide 5G deployment in Vietnam

Nokia and Viettel Group have embarked on a transformative partnership to deploy 5G infrastructure across Vietnam, marking a significant milestone in the country’s digital evolution. The landmark agreement will span 22 provinces, facilitating Viettel’s ambitious strategy to enhance its 5G capabilities and drive digital transformation nationwide.

In addition to rolling out new 5G technology, Nokia will modernise Viettel’s existing 4G infrastructure, ensuring a seamless transition and optimised performance. The deployment will begin this year and will involve installing advanced equipment across 2,500 sites, including AirScale baseband solutions and Massive MIMO radios, all powered by Nokia’s innovative and energy-efficient ReefShark System-on-Chip technology.

That collaboration aligns with the Vietnamese government’s vision of establishing 5G as a critical national infrastructure, anticipated to play a vital role in boosting the digital economy, which is projected to contribute between 20% and 30% of the nation’s GDP by 2030. Together, Nokia and Viettel Group are poised to create new opportunities for economic growth and increased productivity, fostering a robust digital service ecosystem that will benefit consumers and businesses alike.

CrowdStrike apologises for global IT outage after faulty update

A senior executive at Crow dStrike apologised to a US House of Representatives subcommittee for a software update that caused a global IT outage in July. Adam Meyers, the company’s senior vice president for counter-adversary operations, explained that a faulty content configuration update to the Falcon Sensor security software led to widespread system crashes. Meyers assured lawmakers that CrowdStrike has reviewed its systems and is improving its update procedures to prevent future issues.

The 19 July incident, though not caused by a cyberattack or AI, led to widespread disruptions across various industries, including airlines, healthcare, media, and banks. Millions of Microsoft Windows devices were impacted, with the outage causing flight cancellations and service interruptions globally. Delta Air Lines, which cancelled 7,000 flights, is pursuing legal action against CrowdStrike, although the company denies responsibility for the airline’s losses.

In the wake of the incident, CrowdStrike lowered its revenue and profit forecasts, acknowledging that the financial impact of the faulty update could affect the company for up to a year.

Iran-related hackers planted backdoors across Middle East critical infrastructure, according to Mandiant

In a report released on 19 September, Google-owned Mandiant detailed the activities of a group it identified as UNC1860. The report highlighted the group’s advanced tools and hidden backdoors, which continue to be leveraged by other Iranian hacking operations.

The report notes that an Iranian cyber unit within the Ministry of Intelligence and Security (MOIS) has emerged as a key facilitator for the nation’s hackers, offering persistent access to critical systems in the Middle East, particularly in telecommunications and government sectors.

Mandiant adds that these groups allegedly provided initial access for cyberattacks, including operations in late 2023 against Israel using BABYWIPER malware and in 2022 against Albania with ROADSWEEP. While Mandiant couldn’t verify UNC1860’s direct involvement, they identified software designed to support such handoff operations.

UNC1860’s toolkit includes a variety of utilities that enable initial access and lateral movement within networks. These tools are engineered to bypass security software and provide covert access, which could be used for espionage or network attacks.

Mandiant describes UNC1860 as a highly capable threat actor that likely supports a range of goals, from spying to direct network assaults. The firm also reported UNC1860’s collaboration with other MOIS-associated groups like APT34, known for breaching government systems in countries like Jordan, Israel, and Saudi Arabia. A recent APT34 operation was uncovered targeting Iraqi officials.

Microsoft signs deal to power data centres with nuclear energy

America’s Three Mile Island energy plant, infamous for the worst nuclear accident in US history, is preparing to reopen after Microsoft signed a 20-year deal to purchase power from the facility. The plant is scheduled to restart in 2028 following upgrades and will supply clean energy to support Microsoft’s growing data centres, especially those focused on AI. The agreement is pending regulatory approval.

Constellation Energy, the plant owner, confirmed that the reactor set to restart is separate from the unit involved in the 1979 accident, which, while not fatal, created significant public fear surrounding nuclear power. This deal represents a revival of interest in atomic energy, driven by increasing concerns about climate change and rising energy needs. The CEO of Constellation described this move as a “rebirth” of nuclear power, highlighting its potential as a dependable source of carbon-free energy.

The plant’s reopening is projected to create 3,400 jobs and add over 800 megawatts of carbon-free electricity to the grid, driving significant economic activity. Although the revival has faced some protests, it underscores a growing trend among tech companies, with Amazon also exploring nuclear energy to meet its expanding energy demands.