Critical infrastructure

TSMC profits surge despite trade concerns

Taiwan Semiconductor Manufacturing Company (TSMC) posted a significant jump in quarterly profits, driven by robust demand for AI chips. Net income rose by just over 60% year-on-year to NT$360.7bn (£9.77bn), outpacing analysts’ expectations.

Revenue also grew by 41.6% compared to the same period in 2024, although it dipped slightly from the previous quarter due to weaker smartphone sales.

The world’s largest contract chipmaker has not yet seen any major changes in customer behaviour, including from Apple and Nvidia, despite increasing uncertainty over potential US tariffs on Taiwanese semiconductors.

While concerns about trade tensions grow, particularly with former President Donald Trump suggesting the US should reclaim chip production, TSMC says it is continuing with business as usual for now.

Instead of scaling back, TSMC is expanding its investment in the US, with plans to spend up to $160bn. Analysts believe this move could help the firm argue for a more favourable position should tariff negotiations intensify.

The company’s Chief Financial Officer, Wendell Huang, acknowledged the risks posed by changing trade policies but said revenue growth is still expected in the next quarter.

Despite global pressures, TSMC remains optimistic, forecasting revenue between $28.4bn and $29.2bn. Although the company’s shares have fallen more than 20% so far this year, some analysts say the stock is now undervalued and well-positioned to rebound once market conditions stabilise.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

CISA extends MITRE’s CVE program for 11 months

The US Cybersecurity and Infrastructure Security Agency (CISA) has extended its contract with the MITRE Corporation to continue operating the Common Vulnerabilities and Exposures (CVE) program for an additional 11 months. The decision was made one day before the existing contract was set to expire.

A CISA spokesperson confirmed that the agency exercised the option period in its $57.8 million contract with MITRE to prevent a lapse in CVE services. The contract, which originally concluded on April 17, includes provisions for optional extensions through March 2026.

‘The CVE Program is invaluable to the cyber community and a priority of CISA,’ the spokesperson stated, expressing appreciation for stakeholder support.

Yosry Barsoum, vice president of MITRE and director of its Center for Securing the Homeland, said that CISA identified incremental funding to maintain operations.

He noted that MITRE remains committed to supporting both the CVE and CWE (Common Weakness Enumeration) programs, and acknowledged the widespread support from government, industry, and the broader cybersecurity community.

The extension follows public concern raised earlier this week after Barsoum issued a letter indicating that program funding was at risk of expiring without renewal.

MITRE officials noted that, in the event of a contract lapse, the CVE program website would eventually go offline and no new CVEs would be published. Historical data would remain accessible via GitHub.

Launched in 1999, the CVE program serves as a central catalogue for publicly disclosed cybersecurity vulnerabilities. It is widely used by governments, private sector organisations, and critical infrastructure operators for vulnerability identification and coordination.

Amid recent uncertainty about the program’s future, a group of CVE Board members announced the formation of a new non-profit organisation — the CVE Foundation — aimed at supporting the long-term sustainability and governance of the initiative.

In a public statement, the group noted that while US government sponsorship had enabled the program’s growth, it also introduced concerns around reliance on a single national sponsor for what is considered a global public good.

The CVE Foundation is intended to provide a neutral, independent structure to ensure continuity and community oversight.

The foundation aims to enhance global governance, eliminate single points of failure in vulnerability management, and reinforce the CVE program’s role as a trusted and collaborative resource. Further information about the foundation’s structure and plans is expected to be released in the coming days.

CISA did not comment on the creation of the CVE Foundation. A MITRE spokesperson indicated the organisation intends to work with federal agencies, the CVE Board, and the cybersecurity community on options for ongoing support.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Report highlights growing cyber risks to aviation

A recent report by the Foundation for Defense of Democracies notes that while both government agencies and private sector actors have taken steps to strengthen cybersecurity in aviation, the increasing demands on outdated systems are outpacing current mitigation efforts.

Commercial aviation is operating at near full capacity, placing strain on legacy technologies and logistical frameworks.

According to Jiwon Ma, senior policy analyst at the Foundation for Defense of Democracies’ Center on Cyber and Policy Innovation, these pressures can result in major disruptions even in the absence of cyberattacks.

Ma referenced past incidents such as the 2022 Southwest Airlines operational failure and the widespread IT outage linked to CrowdStrike in 2024.

As part of the Biden administration’s national cybersecurity strategy, the Transportation Security Administration (TSA) implemented new aviation security measures in 2023.

The Federal Aviation Administration (FAA) declined to detail its specific cybersecurity practices, but a spokesperson stated that the agency employs a comprehensive approach to protect the National Airspace System in coordination with federal and private partners.

The report emerges amid a series of cybersecurity incidents affecting aviation and related infrastructure. In July 2024, Delta Air Lines cancelled thousands of flights due to a software update failure attributed to CrowdStrike, resulting in a $500 million lawsuit against the company.

In August 2024, Seattle-Tacoma International Airport experienced disruptions linked to a Rhysida ransomware attack, which affected key services and prompted the Port of Seattle to issue data breach notifications to approximately 90,000 individuals.

Boeing has also been targeted in recent years, including a 2023 ransomware attack by LockBit that resulted in data leaks, and a 2022 cyber incident affecting its Jeppesen subsidiary, which provides flight navigation and planning tools.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Sweden unable to determine cause of Baltic Sea cable damage

The Swedish Accident Investigation Authority (SHK) has published its final report on the damage to the C-Lion 1 subsea cable in the Baltic Sea on 18 November 2024, concluding that it cannot determine whether the incident was the result of an accident or intentional sabotage.

The investigation focused on the Chinese bulk carrier Yi Peng 3, which was initially identified as having caused the damage.

While investigators from several neighbouring countries, including Sweden, were allowed to board the vessel, the SHK reported that the visit was time-constrained and that access to key evidence—such as surveillance footage and the vessel’s Voyage Data Recorder—was not granted.

Interviews with the crew were conducted in the presence of Chinese officials.

The SHK outlined two possible scenarios: one in which the anchor was deliberately released to damage seabed infrastructure, and another in which it detached due to improper security.

The report noted that certain technical details—such as the absence of damage to key anchor components—make the accidental scenario less likely, but acknowledged that neither hypothesis could be confirmed due to investigative limitations.

Under international maritime law, flag states typically lead investigations in international waters, though exceptions may apply in cases involving suspected criminal activity.

While some analysts have raised concerns about potential state-sponsored sabotage, officials from several European countries have indicated increasing confidence that the recent cable breaks were not the result of coordinated or intentional activity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AMD warns of financial hit from US AI chip export ban

AMD has warned that new US government restrictions on exporting AI chips to China and several other countries could materially affect its earnings.

The company said it may face charges of up to $800 million related to unsold inventory, purchase commitments, and reserves if it fails to secure export licences for its MI308 GPUs, now subject to strict control measures.

In a filing to the US Securities and Exchange Commission, AMD confirmed it would seek the necessary licences but admitted there is no guarantee they will be granted.

The move follows broader export restrictions aimed at protecting national security interests, with US officials arguing that unrestricted access to advanced chips would weaken the country’s strategic lead in AI, instead of preserving it.

AMD’s stock dropped around 6% following the announcement. Competitors are also feeling the impact. Nvidia expects charges of $5.5 billion from similar restrictions, and Intel’s Gaudi hardware line has reportedly been affected as well.

The US Commerce Department has defended the move as necessary to safeguard economic and national interests.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NATO allies strengthen cyber defenses against critical infrastructure threats

Between 7 and 11 April, representatives from 20 allied governments and national agencies participated in a NATO-led exercise designed to strengthen mutual support in the cyber domain.

The activity aimed to improve coordination and collective response mechanisms for cyber incidents affecting critical national infrastructure. Through simulated threat scenarios, participants practised real-time information exchange, joint decision-making, and coordinated response planning.

According to NATO, cyber activities targeting critical infrastructure, industrial control systems, and public sector services have increased in frequency.

Such activities are considered to serve various objectives, including information gathering and operational disruption.

The role of cyber operations in modern conflict gained increased attention following Russia’s actions in Ukraine in 2022, where cyber activity was observed alongside traditional military operations.

Hosted by Czechia, the exercise served to test NATO’s Virtual Cyber Incident Support Capability (VCISC), a coordination platform introduced at the 2023 Vilnius Summit.

VCISC enables nations to request and receive cyber assistance from designated counterparts across the Alliance.

The support offered includes services such as malware analysis, cyber threat intelligence, and digital forensics. However, the initiative is voluntary, with allies contributing national resources and expertise to mitigate the impact of significant cyber incidents and support recovery.

Separately, in January 2025, the US officials met with her Nordic-Baltic counterparts from Denmark, Estonia, Finland, Iceland, Latvia, Lithuania, Norway, and Sweden.

Discussions centred on enhancing regional cooperation to safeguard undersea cable infrastructure—critical to communications and energy systems. Participants noted the broadening spectrum of threats to these assets.

In parallel, NATO launched the Baltic Sentry to reinforce the protection of critical infrastructure in the Baltic Sea region. The initiative is intended to bolster NATO’s posture and improve its capacity to respond promptly to destabilising activities.

In July 2024, NATO also announced the expansion of the role of its Integrated Cyber Defence Centre (NICC).

The Centre is tasked with enhancing the protection of NATO and allied networks, as well as supporting the operational use of cyberspace. It provides commanders with insights into potential cyber threats and vulnerabilities, including those related to civilian infrastructure essential to military operations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

KiloEX loses $7.5 million in oracle hack

A hacker has exploited decentralised exchange KiloEX, draining approximately US$7.5 million by manipulating its price oracle mechanism. The breach led to an immediate suspension of the platform and sparked a cross-industry investigation involving cybersecurity firms and blockchain networks.

The vulnerability centred on KiloEX’s price feed system, which allowed the attacker to manipulate the ETH/USD feed by inputting an artificial entry price of 100 and closing it at 10,000.

According to cybersecurity firm PeckShield, this simple flaw enabled the attacker to steal millions across multiple chains, including $3.3 million from Base, $3.1 million from opBNB, and $1 million from BNB Smart Chain.

KiloEX is working with various security experts and blockchain networks such as BNB Chain and Manta Network to recover the stolen assets.

Funds are reportedly being routed through cross-chain protocols like zkBridge and Meson. Co-founder of Fuzzland, Chaofan Shou, described the breach as stemming from a ‘very simple vulnerability’ in oracle verification, where only intermediaries were validated rather than the original transaction sender.

The attack caused KiloEX’s token price to plummet by over 29% and came just one day after the platform announced a strategic partnership with DWF Labs, aimed at fuelling growth. KiloEX has promised a full incident report and a bounty programme to encourage asset recovery.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Beijing blames NSA for hacking Asian Games systems

Chinese authorities have accused three alleged US operatives of orchestrating cyberattacks on national infrastructure during the Asian Games in Harbin this February.

The individuals, identified by Harbin police as Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson, are said to have worked through the US National Security Agency (NSA).

The attacks reportedly targeted systems critical to the Games’ operations, including athlete registration, travel, and competition management, which held sensitive personal data.

Chinese state media further claimed that the cyber intrusions extended beyond the sporting event, affecting key infrastructure in Heilongjiang province. Targets allegedly included energy, transport, water, telecoms, defence research institutions, and technology giant Huawei.

Authorities said the NSA used encrypted data to compromise Microsoft Windows systems in the region, with the aim of disrupting services and undermining national security.

The Foreign Ministry of China denounced the alleged cyberattacks as ‘extremely malicious,’ urging the United States to halt what it called repeated intrusions and misinformation.

The UD Embassy in Beijing has yet to respond, and the allegations come amid ongoing tensions, with both nations frequently accusing each other of state-backed hacking.

Only last month, the US government named and charged 12 Chinese nationals in connection with cyberespionage efforts against American interests.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Nvidia brings AI supercomputer production to the US

Nvidia is shifting its AI supercomputer manufacturing operations to the United States for the first time, instead of relying on a globally dispersed supply chain.

In partnership with industry giants such as TSMC, Foxconn, and Wistron, the company is establishing large-scale facilities to produce its advanced Blackwell chips in Arizona and complete supercomputers in Texas. Production is expected to reach full scale within 12 to 15 months.

Over a million square feet of manufacturing space has been commissioned, with key roles also played by packaging and testing firms Amkor and SPIL.

The move reflects Nvidia’s ambition to create up to half a trillion dollars in AI infrastructure within the next four years, while boosting supply chain resilience and growing its US-based operations instead of expanding solely abroad.

These AI supercomputers are designed to power new, highly specialised data centres known as ‘AI factories,’ capable of handling vast AI workloads.

Nvidia’s investment is expected to support the construction of dozens of such facilities, generating hundreds of thousands of jobs and securing long-term economic value.

To enhance efficiency, Nvidia will apply its own AI, robotics, and simulation tools across these projects, using Omniverse to model factory operations virtually and Isaac GR00T to develop robots that automate production.

According to CEO Jensen Huang, bringing manufacturing home strengthens supply chains and better positions the company to meet the surging global demand for AI computing power.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Trump eyes tariffs on semiconductors in push to boost US tech manufacturing

US President Donald Trump is preparing to introduce new tariffs on semiconductor imports, aiming to shift more chip production back to the United States.

Semiconductors, or microchips, are essential components in everything from smartphones and laptops to medical devices and renewable energy systems.

Speaking aboard Air Force One, Trump said new tariff rates would be announced soon as part of a broader effort to end American reliance on foreign-made chips and strengthen national security.

The global semiconductor supply chain is heavily concentrated in Asia, with Taiwan’s TSMC producing over half of the world’s chips and supplying major companies like Apple, Microsoft, and Nvidia.

Trump’s move signals a more aggressive stance in the ongoing ‘chip wars’ with China, as his administration warns of the dangers of the US being dependent on overseas production for such a critical technology.

Although the US has already taken steps to boost domestic chip production—like the $6.6 billion awarded to TSMC to build a factory in Arizona—progress has been slow due to a shortage of skilled workers.

The plant faced delays, and TSMC ultimately flew in thousands of workers from Taiwan to meet demands, underscoring the challenge of building a self-reliant semiconductor industry on American soil.

Why does it matter?

Trump’s proposed tariffs are expected to form part of a wider investigation into the electronics supply chain, aimed at shielding the US from foreign control and ensuring long-term technological independence. As markets await the announcement, the global tech industry is bracing for potential disruptions and new tensions in the international trade landscape.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!