Critical infrastructure

Australia and Japan expand cooperation on AI, supply chains and resilience

Australia and Japan have issued a joint declaration on economic security cooperation, stating that economic and technological resilience are central to national security and setting out a broad agenda for closer bilateral coordination across supply chains, critical technologies, and Indo-Pacific connectivity.

The declaration states that economic resilience is foundational to both countries’ security and that the framework is intended to strengthen strategic autonomy, indispensability, and regional resilience.

Furthermore, the declaration commits the two governments to closer policy alignment through existing bilateral mechanisms and to consultation on economic security contingencies linked to geopolitical tensions, economic coercion, and major market disruptions.

A major focus is on supply chain security in strategically significant sectors. Australia and Japan reaffirmed their partnership on minerals, energy, food, and industrial goods, while expressing concern over economic coercion, harmful overcapacity, and export restrictions, particularly in critical minerals.

The declaration also highlights cooperation on critical minerals projects, domestic smelting and metals processing, and coordination among government-backed finance institutions to support investment and supply chain resilience.

The text also emphasises critical and emerging technologies. Australia and Japan say they will deepen cooperation on research security and integrity, while promoting trusted collaboration between governments, national laboratories, industry, and academia in areas including AI, data centres, quantum, biotechnology, space, undersea cables, and telecommunications. The declaration also links advanced technologies to defence industry cooperation and supply chain collaboration.

In the Indo-Pacific, the two countries say they will work together to foster a safe, secure, and trustworthy AI and digital ecosystem, including through the Hiroshima AI Process and cooperation on digital infrastructure such as telecommunications, undersea cables, data centres, and all-photonics networks. The declaration also commits them to stronger coordination on secure undersea cables, describing them as vital regional infrastructure.

More broadly, Australia and Japan reaffirm support for a rules-based international economic order centred on the World Trade Organization, while also backing further work through the The Comprehensive and Progressive Agreement for Trans-Pacific Partnership, the Asia-Pacific Economic Cooperation, the Quad, the Asia Zero Emission Community, and other regional initiatives.

The declaration presents economic security cooperation not only as a bilateral priority but as part of a wider effort to strengthen resilience, secure connectivity, and trusted technology governance across the Indo-Pacific.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Canada and partners welcome EU as strategic partner in telecom coalition

The Government of Canada and its international partners have announced that the European Union has joined the Global Coalition on Telecommunications as its first strategic partner, reinforcing cooperation on secure, resilient, and trusted next-generation telecom networks.

The coalition, established in 2023, brings together governments, including Canada, the United States, the United Kingdom, Japan, and Australia, to promote secure supply chains, interoperable standards, and telecommunications innovation. More recent expansion has also brought in Finland and Sweden, widening the coalition’s international reach and its work on future telecom technologies, including 6G.

The EU’s inclusion reflects a shared interest in closer policy coordination, technical standards development, and telecom innovation. As a strategic partner, the EU is expected to contribute to discussions, support coalition workstreams, and collaborate on initiatives aligned with the group’s broader objectives. Strategic partnerships are designed to allow flexible cooperation while leaving governance control with the coalition’s core members.

Canadian officials described the step as a significant milestone in efforts to strengthen secure and trusted telecommunications networks through joint policy, research, and innovation. In practical terms, the move points to a broader effort among like-minded partners to shape the future of telecom infrastructure through coordinated international action rather than fragmented national approaches. This final sentence is an inference grounded in the coalition’s stated purpose and the new strategic partner model.

Why does it matter?

The significance of the move lies in the way telecom policy is increasingly being treated as a strategic coordination issue rather than just a domestic infrastructure question. By bringing the EU into the coalition as its first strategic partner, the group is widening its capacity to shape standards, supply chain resilience, and future network technologies across a broader transatlantic and Indo-Pacific policy space. That matters because the contest over telecom systems is no longer only about connectivity, but also about security, industrial policy, and influence over the technologies that will underpin future digital economies.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Agentic AI risks outlined in joint cyber agency guidance

Six cybersecurity agencies have jointly published guidance urging organisations to adopt agentic AI services cautiously. The document warns that greater autonomy can increase cyber risk, particularly as agentic AI is introduced into critical infrastructure, defence, and other mission-critical environments.

The authors say organisations should use agentic AI primarily for low-risk and non-sensitive tasks and should not grant it broad or unrestricted access to sensitive data or critical systems. The guidance also recommends incremental deployment rather than large-scale implementation from the outset.

The document was co-authored by agencies from Australia, the United States, Canada, New Zealand, and the United Kingdom: the Australian Signals Directorate’s Australian Cyber Security Centre, the US Cybersecurity and Infrastructure Security Agency and National Security Agency, the Canadian Centre for Cyber Security, New Zealand’s National Cyber Security Centre, and the UK’s National Cyber Security Centre.

It defines agentic AI as systems composed of one or more agents that rely on AI models, such as large language models, to interpret context, make decisions, and take actions, often without continuous human intervention. The guidance says these systems often combine an LLM-based agent with tools, external data, memory, and planning functions, which expands both capability and attack surface.

The agencies say agentic AI inherits many of the vulnerabilities already associated with large language models while introducing greater complexity and new systemic risks. The document identifies five broad categories of concern: privilege risks, design and configuration risks, behaviour risks, structural risks, and accountability risks.

It warns that over-privileged agents, insecure third-party tools, goal misalignment, emergent or deceptive behaviour, and opaque decision-making chains can all increase the likelihood and impact of compromise. To reduce those risks, the guidance recommends secure design, strong identity management, defence-in-depth, comprehensive testing, threat modelling, progressive deployment, isolation, continuous monitoring, and strict privilege controls.

The agencies also stress that human approval should remain in place for high-impact actions and that agentic AI security should be treated as part of broader cybersecurity governance rather than as a separate discipline. The document concludes by calling for stronger research, collaboration, and agent-specific evaluations as the technology matures.

Why does it matter?

The guidance matters because it draws a clear line between ordinary AI adoption and agentic systems that can act with far more autonomy inside real operational environments. Once AI tools move from assisting users to making decisions, calling tools, and interacting with sensitive systems, the security challenge shifts from model safety alone to full organisational risk management. That is why the document treats agentic AI not as a niche technical issue, but as a governance and cyber resilience problem that organisations need to control before deploying at scale.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Swisscom says AI and geopolitics are reshaping the cyber threat landscape

Swisscom has published its 2026 Cybersecurity Threat Radar, warning that cyber threats have grown more complex over the past year as geopolitical tensions and disruptive technologies put added pressure on digital systems. The report presents AI, supply chain exposure, digital sovereignty, and operational technology security as four strategic risk areas for organisations.

The report highlights state-linked cyber activity, hybrid influence operations such as disinformation, and supply chain attacks as key drivers of the current threat environment. It argues that digital transformation has increased dependence on cloud services, third-party software, AI systems, and networked industrial infrastructure, making organisations more exposed to cascading failures and external dependencies.

On AI, Swisscom describes insecure AI use as a risk multiplier. While AI can improve productivity, the report warns that poor governance, weak visibility into models, and uncontrolled use of AI tools in operational environments can expand attack surfaces, affect data quality, and create new compliance challenges.

Software supply chains are also identified as a persistent vulnerability. Swisscom says a single compromised component or manipulated update process can have far-reaching consequences across interconnected systems, making software integrity, origin verification, and traceability increasingly important as mitigation measures.

The convergence of information technology and operational technology is presented as another growing area of concern. In sectors such as energy, healthcare, manufacturing, and building automation, incidents can have consequences that go well beyond financial loss, affecting critical infrastructure, production, and even human safety.

The report also places greater emphasis on digital sovereignty, arguing that organisations need clearer visibility over where data is processed, which legal regimes apply, and how dependent they are on cloud and technology providers. In that sense, Swisscom frames cybersecurity less as a narrow IT function and more as a strategic governance issue tied to resilience, control, and trust.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Ransomware accounts for 90% of cyber losses in manufacturing, claims data shows

Ransomware is responsible for 90% of total cyber-related financial losses in the manufacturing sector, despite accounting for only 12% of claim volume by number, according to an analysis of insurance claims data published by Resilience.

The findings indicate that while ransomware incidents are not the most frequently filed claim type, they produce disproportionately large financial losses when they occur. The manufacturing sector’s low tolerance for operational downtime is identified as a contributing factor to loss severity.

Additional findings from the claims dataset include:

  • 30% of manufacturing claims are linked to phishing and transfer fraud
  • 26% of total losses are associated with multi-factor authentication (MFA) misconfiguration
  • 12% of claims involved wrongful data collection

The report identifies MFA misconfiguration as a notable area of exposure, alongside procedural gaps in financial transfer controls. Recommended mitigation measures include auditing MFA deployment, implementing transfer verification procedures, and investing in ransomware containment capabilities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU and Republic of Korea launch aviation partnership on technical cooperation and cyber resilience

European and South Korean aviation authorities are conducting a three-week series of technical exchanges in Seoul, covering safety oversight, airspace management, and cybersecurity.

The European Union Aviation Safety Agency (EASA) and South Korea’s Ministry of Land, Infrastructure and Transport are participating under the EU–Republic of Korea Aviation Partnership Project, an EU-funded initiative announced by the European External Action Service (EEAS).

The programme began with a three-day session on the International Civil Aviation Organisation’s Universal Safety Oversight Audit Programme (USOAP), which assesses national aviation safety oversight systems. EASA presented findings from its most recent ICAO audit, with discussions covering oversight frameworks, organisational structures, and lessons identified.

A workshop on performance-based navigation and airspace management followed, addressing procedures to improve the predictability and efficiency of aircraft arrivals, including at airports with parallel runways.

A third workshop on aviation cybersecurity is scheduled for the coming week. It will cover security considerations across aviation systems, including aircraft certification processes and air traffic management infrastructure.

The activities are designed to facilitate technical exchange between Korean and European stakeholders across the aviation sector, according to EASA.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

AI model raises security risks, prompting release concerns, reports say

Anthropic is reported to have declined to release its latest AI model, Mythos, citing potential risks to global cybersecurity. The system is reported to be capable of identifying vulnerabilities across major operating systems and web browsers, raising concerns about possible misuse.

Reports indicate that the company is investigating claims that unauthorised actors may have accessed the model. A reported breach has intensified debate about whether technology firms can maintain control over increasingly powerful AI systems as development accelerates.

The Mythos model is described as part of a new class of AI tools capable of analysing complex digital environments and identifying weaknesses at scale. Such capabilities could support cybersecurity efforts, but may also present risks if exploited by malicious actors.

The case has contributed to discussions within the technology sector about balancing innovation with efforts to manage potential risks to digital infrastructure.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

CISA releases guidance on Zero Trust adoption in critical infrastructure systems

The Cybersecurity and Infrastructure Security Agency, alongside several US government partners, has released guidance to support the adoption of Zero Trust principles in operational technology systems. The document aims to strengthen cybersecurity across critical infrastructure.

The guide outlines practical steps to address risks linked to increasingly interconnected and remotely operated systems. It highlights vulnerabilities created by expanded attack surfaces and evolving cybersecurity threats.

Key recommendations include improving asset visibility, securing supply chains and implementing stronger identity and access controls. The guidance also addresses challenges such as legacy systems and operational constraints.

Officials say the approach will help organisations reduce risks and improve resilience without disrupting essential operations. US agencies in Washington issued the guidance.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Cyprus defence minister highlights role of AI and advanced technologies in defence

The Cyprus Defence Minister Vasilis Palmas has said that AI and advanced technologies are transforming defence, requiring stronger domestic capabilities. His remarks were recently reported by the Cyprus Mail.

He highlighted the growing roles of AI, autonomous systems, cyberdefence and space technology, stressing the need to secure supply chains and meet the National Guard’s requirements.

Palmas said participation in the European defence innovation programmes is a strategic priority, supporting local technological development and integration into wider industry networks.

The country is advancing several funded projects, strengthening research infrastructure, and preparing a national defence industry plan. The comments were made at an event in Cyprus.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Cybersecurity reform in the EU advances through Spain consultation

Spain has launched a public consultation on the proposed EU Cybersecurity Act 2, inviting input from operators, citizens, and other interested parties on the need for, objectives of, and possible alternatives to the planned reform.

The consultation covers the European Commission’s proposal COM(2026) 11 final, which would repeal and replace Regulation (EU) 2019/881. The proposal is presented as a response to changes in the cyber threat landscape and to new strategic and regulatory challenges that have emerged since the current framework entered into force in 2019.

According to the consultation text, the reform is intended to address four main structural problems: a mismatch between the EU cybersecurity framework and current operational needs, limited practical use of the European Cybersecurity Certification Framework, fragmentation across the wider EU cybersecurity acquis, and growing cybersecurity risks in ICT supply chains.

Regarding ENISA, the proposal argues that the agency’s current functions and resources are insufficient to meet the needs of member states, the EU institutions, and market actors, particularly in policy implementation, operational cooperation, and crisis response. It also says the certification framework created under the current regulation has proved too slow and too complex in practice, with limited market uptake and governance mechanisms that have not delivered at the required speed.

The text also links the proposal to the growing complexity of compliance created by instruments such as NIS2, the Cyber Resilience Act, DORA, and the CER Directive. It says the new regulation would seek greater coherence and interoperability across those frameworks while reducing administrative burdens for companies and competent authorities.

A further objective is to create, for the first time, a horizontal EU-level framework for managing ICT supply-chain cybersecurity risks, including the identification of critical ICT assets, the possible designation of high-risk suppliers, and the adoption of proportionate measures to reduce strategic dependencies.

The proposal would also strengthen ENISA’s mandate and resources, reform and expand the certification framework, and support a more centralised incident-notification model linked to the wider Digital Omnibus simplification agenda.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.