Critical infrastructure

European Commission proposes EU-wide satellite spectrum authorisation system

The European Commission has proposed a new EU-wide authorisation system for mobile satellite services operating in the harmonised 2 GHz frequency band once current licences expire in 2027. The move is intended to strengthen connectivity, resilience, competitiveness and critical communications across the bloc.

Under the proposal, an EU-level selection process would replace the framework introduced in 2008. The European Commission said a single authorisation system across Member States would improve regulatory consistency and enable satellite operators to provide cross-border services more efficiently.

The proposal would reserve one-third of the 2 GHz band for governmental uses, including critical communications, security and defence, through an EU operator associated with the Union’s IRIS² Secure Connectivity programme.

The European Commission said the new framework is intended to support secure, resilient and innovative satellite services while strengthening critical communications capabilities and reducing strategic dependencies. The proposal was presented in Brussels and aligns with broader plans for EU-level satellite spectrum management.

Why does it matter?

Satellite communications are becoming increasingly important for connectivity, emergency response, government communications and critical infrastructure resilience. A harmonised EU authorisation system could simplify cross-border operations for satellite providers while strengthening the bloc’s ability to support secure communications services.

The proposal also reflects broader European efforts to improve resilience in strategic digital and space infrastructure and reduce dependence on external providers in critical sectors.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

NATO formalises cyber partnerships with Microsoft, Palo Alto Networks and ESET

NATO has announced strategic partnerships with Microsoft, Palo Alto Networks and ESET during the International Conference on Cyber Conflict (CyCon) in Tallinn, Estonia. The non-commercial agreements are intended to facilitate information sharing, the exchange of best practices and coordination on cyber incidents of mutual concern.

The partnerships follow a commitment made at the 2023 NATO Summit in Vilnius, where member states agreed to expand structured cooperation with private-sector cyber companies. Speaking at CyCon, NATO Assistant Secretary General for Cyber and Digital Transformation Jean Charles Ellermann-Kingombe said effective cyber defence depends on both technical capabilities and shared norms, particularly as attacks on critical infrastructure become more frequent and cyber threats evolve.

The three companies bring distinct capabilities: Microsoft operates one of the largest threat intelligence networks globally; Palo Alto Networks specialises in enterprise network and cloud security; and ESET is one of the major providers of endpoint protection with significant presence in Central and Eastern Europe.

The 2026 CyCon edition, themed ‘Securing Tomorrow,’ runs 26–29 May and convenes approximately 800 participants — including policymakers, technical experts, academics, and industry representatives — from 48 countries. The conference is organised annually by NATO’s Cooperative Cyber Defence Centre of Excellence, based in Tallinn.

Why does it matter?

Governments increasingly rely on cooperation with private-sector cybersecurity companies to identify threats, protect critical infrastructure and respond to cyber incidents. The partnership reflects NATO’s recognition that much of the expertise, threat intelligence and digital infrastructure relevant to cyber defence is operated by industry.

The agreements also signal a broader effort by the alliance to strengthen cyber resilience and improve coordination as cyber threats become more sophisticated and increasingly target both civilian and military systems.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

UK and Poland deepen cyber and defence cooperation under new treaty

The United Kingdom and Poland have agreed a broad package of defence, cybersecurity and security initiatives under a new Security and Defence Partnership Treaty. The agreement strengthens cooperation on defence, sanctions, border security, technology and energy resilience.

Defence cooperation is a central element of the treaty, with both countries planning joint work on missile systems, expanded ammunition production and closer defence-industrial cooperation.

Large-scale military exercises focused on counter-drone operations, electronic warfare and missile defence are also expected to strengthen interoperability between British and Polish forces on NATO’s eastern flank.

Cybersecurity and hybrid threat response feature heavily in the agreement. Britain and Poland plan to coordinate cybersecurity efforts, sanctions enforcement and responses to foreign information manipulation and interference.

A new counter-hybrid working group will support efforts to disrupt hostile state activity, while dedicated cooperation on disinformation aims to strengthen democratic resilience and expose coordinated influence campaigns.

Additional projects include cooperation on irregular migration, maritime security, science and technology, healthcare resilience and clean energy transition. The agreement also includes cooperation on quantum technologies, digital innovation, space security and hydrogen development to strengthen economic and security resilience.

Why does it matter? 

The treaty reflects a broader trend in European security policy, where cybersecurity, technology resilience, energy security and defence are increasingly treated as interconnected challenges.

As concerns grow over hybrid threats, disinformation campaigns and critical infrastructure vulnerabilities, governments are seeking closer cooperation across both military and civilian domains.

Cooperation on missile production, sanctions enforcement, disinformation response and emerging technologies signals a long-term effort to strengthen Europe’s eastern flank while reducing dependence on fragmented supply chains and external strategic vulnerabilities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

CrowdStrike disrupts Glassworm botnet targeting software developers worldwide

CrowdStrike has announced the coordinated disruption of the Glassworm botnet, a cyber operation targeting software developers through open-source software supply chains.

Working with Google and the Shadowserver Foundation, the cybersecurity company said it simultaneously disabled four command-and-control channels used by the malware infrastructure.

According to CrowdStrike, Glassworm targeted developers through trojanised VSCode extensions, malicious npm and Python packages, and compromised GitHub repositories containing poisoned code. The campaign affected Windows, macOS, and Linux systems and targeted the theft of developer credentials and the maintenance of persistent access to development environments.

CrowdStrike said the botnet had compromised hundreds of GitHub repositories using stolen developer credentials, posing risks to downstream software supply chains. The company warned that attackers are increasingly targeting developers because compromising a single workstation, repository, or package can spread malicious code across many organisations, services, and users.

The company also highlighted the growing resilience of cybercriminal infrastructure. It said Glassworm combined blockchain technology, peer-to-peer systems, legitimate online services, and traditional servers to make takedown attempts more difficult.

The disruption cuts off the botnet’s known command-and-control channels, but CrowdStrike said organisations should continue checking for compromised developer environments, malicious packages, and exposed credentials.

Why does it matter?

The Glassworm campaign shows how developer tools and open-source ecosystems have become critical attack surfaces. Rather than attacking only large enterprises directly, threat actors can compromise repositories, extensions, libraries, or credentials used by developers and then move through the software supply chain. Such attacks can create cascading risks for cloud services, enterprise software, financial systems, public services, and other organisations that rely on shared code and development infrastructure.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

New Zealand Privacy Commissioner finds Manage My Health and Health NZ breached Privacy Act

New Zealand Privacy Commissioner Michael Webster has released the findings of Phase 1 of his inquiry into the December 2025 Manage My Health cyber incident, in which sensitive patient information was accessed, stolen, and offered for sale.

The first phase of the inquiry focused on the causes of the breach and accountability. The Commissioner found that both Manage My Health and Health NZ breached Rule 5 of the Health Information Privacy Code by failing to ensure reasonable security safeguards for patient information.

The breach affected nearly 100,000 people and caused serious anxiety and distress for many of those impacted. Around 91% of affected patients were based in Northland, with the Commissioner noting that many were likely to be Māori.

The investigation found that a single failure did not cause the breach, but it was a combination of security weaknesses. Manage My Health had gaps in technical safeguards, lacked systems to detect large-scale access to information, and raised concerns about the quality of its security design and risk management practices.

Health NZ was criticised for not doing enough to ensure that Northland hospital patients’ information would be kept safe before arranging to share it through the Manage My Health portal. The inquiry found that the project team lacked specialist privacy and security expertise, relied too heavily on information from Manage My Health, used poor-quality internal privacy risk assessments, and operated under a contract that was not fit for purpose.

The Commissioner said he intends to issue compliance notices requiring both organisations to complete the remaining necessary work and to demonstrate that their security controls are effective in preventing similar incidents. He also recommended that the Ministry of Health establish a process for verifying and ensuring that patient portals meet health-sector security standards.

A second phase of the inquiry will examine the broader impacts of the breach, including patient authorisation, information provided to patients, retention and deletion practices, breach communications, notification compliance, and whether the incident had a disproportionate impact on any group, particularly Northland Māori.

Why does it matter?

The findings show how privacy and cybersecurity failures in health portals can create large-scale risks when sensitive patient data is shared through third-party systems. The case also raises a wider governance issue for digital health: agencies cannot rely only on vendor assurances when transferring large volumes of health information. Independent security assessment, privacy-by-design, effective contracts, and ongoing monitoring are becoming essential safeguards for digital health infrastructure.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU adopts unified cyber incident reporting templates under NIS2

The NIS Cooperation Group has adopted common templates for cybersecurity incident reporting across the EU, marking a step towards more harmonised compliance requirements for companies subject to the NIS2 Directive.

The templates were adopted during the group’s 39th plenary meeting in Cyprus and are intended to provide a uniform format for reporting cyber incidents across member states. The NIS Cooperation Group brings together the EU member states, the European Commission, and the EU Agency for Cybersecurity (ENISA) as part of wider EU cybersecurity coordination efforts.

According to the Commission, the standardised templates are designed to reduce administrative burdens and simplify compliance for companies required to report cybersecurity incidents under NIS2. The move also aligns with broader EU efforts to create a single-entry point for incident reporting under the proposed Digital Omnibus initiative.

The Commission now plans to adopt the templates through an implementing act, which would make them mandatory for all member states. The EU officials say harmonised reporting fields should reduce fragmentation, simplify reporting obligations, and help strengthen cybersecurity resilience across the bloc.

Why does it matter?

Cybersecurity reporting requirements across Europe have often created complexity for companies operating in multiple jurisdictions. Common templates could reduce duplication, make reporting procedures more predictable, and improve coordination between national authorities. The move also fits into the EU’s broader push to simplify digital compliance while strengthening cyber resilience under NIS2.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

United Kingdom and Australia tighten alliance on AI security risks

The United Kingdom and Australia are deepening cooperation on AI security through a new partnership between the UK AI Security Institute and the Australian AI Safety Institute.

Under a Memorandum of Understanding, the two institutes will share information on frontier AI capabilities, collaborate on AI evaluation practices and exchange research findings. The UK government said the partnership will focus partly on how advanced AI systems could be used in cyberattacks, as well as how they can strengthen defensive capabilities.

The agreement will also support staff exchanges between the two institutes, strengthening day-to-day collaboration. UK officials said the partnership reflects the need for trusted international cooperation as AI systems evolve quickly and create new security and safety risks.

The UK’s AI Minister Kanishka Narayan is expected to sign the agreement with Australia’s Assistant Minister for Science, Technology and the Digital Economy, Andrew Charlton, during a meeting in Canberra. Narayan said no country can address fast-moving AI risks alone, particularly in cybersecurity.

The announcement follows research from the UK AI Security Institute showing that advanced AI systems are rapidly improving their ability to carry out complex cyberattacks, creating opportunities for both attackers and defenders. The UK said the institute’s frontier AI research continues to inform policymaking to protect businesses, critical infrastructure, and the public.

Why does it matter?

The partnership shows how AI security is becoming a matter of international coordination, especially as frontier models develop stronger cyber capabilities. By sharing research, evaluation methods and staff expertise, the UK and Australia are trying to reduce blind spots in oversight and develop more consistent approaches to testing fast-moving AI systems.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Apple introduces formal verification framework for post-quantum cryptography

Apple has introduced a formal verification framework for its corecrypto library as part of broader efforts related to post-quantum cryptography. The framework focuses on validating implementations of ML-KEM and ML-DSA, algorithms standardised for quantum-resistant encryption and digital signatures.

Apple said the corecrypto library supports encryption and security functions across its operating systems and device ecosystem. The company stated that the scale and security importance of the library increase the need for reliable cryptographic implementations.

Apple said it used formal verification tools, including Cryptol, SAW, and Isabelle, to validate alignment with FIPS 203 and FIPS 204 standards. According to the company, the verification process covers both C implementations and ARM64 assembly code used across Apple silicon architectures.

Apple also published verification tools and proofs alongside the updated corecrypto release for independent review. The company said the approach is intended to strengthen confidence in the correctness of its post-quantum cryptography implementations.

Why does it matter? 

The significance lies in the shift from conventional testing to mathematically proven correctness for cryptographic systems that protect billions of devices. As quantum computing threatens to weaken traditional encryption methods, ensuring that post-quantum algorithms are implemented without subtle errors becomes critical to maintaining long-term digital security.

Apple’s approach also raises the bar for how large-scale software systems can be audited and trusted, potentially influencing broader industry standards for secure system design.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Europol dismantles cybercriminal VPN linked to ransomware investigations

Europol has announced that international law enforcement agencies dismantled the cybercriminal VPN platform known as First VPN during a coordinated operation targeting ransomware infrastructure and wider cybercrime networks.

The operation, led by authorities in France and the Netherlands with support from Eurojust, targeted infrastructure allegedly used by cybercriminals to conceal ransomware attacks, fraud, data theft and other illegal online activities.

Europol described the service as deeply embedded in the cybercrime ecosystem and said it had featured in almost every major Europol-supported cybercrime investigation over the past few years. The platform was allegedly promoted as an anonymity service for criminal use, offering anonymous payments, concealed infrastructure and tools intended to help users evade law enforcement detection.

Coordinated action days took place on 19 and 20 May, during which authorities dismantled 33 servers connected to the service and shut down associated domain names. Investigators also interviewed the alleged administrator in Ukraine and carried out a residential search linked to the operation.

According to Europol, investigators gained access to the platform’s infrastructure and user database during the investigation, which began in December 2021. The agency said the data helped identify users allegedly connected to ransomware campaigns, fraud schemes and other cybercrime operations across several jurisdictions.

Intelligence generated through the operation led to 83 intelligence packages being distributed internationally, information linked to 506 users being shared with partner agencies, and 21 Europol-supported investigations advancing through newly obtained evidence.

The operation also received support from cybersecurity company Bitdefender, while a joint investigation team coordinated by Eurojust facilitated judicial cooperation and evidence sharing among participating countries.

Why does it matter?

The takedown shows how law enforcement is increasingly targeting the infrastructure that enables cybercrime, not only the attackers themselves. VPN services marketed for criminal use can help ransomware actors and fraud networks hide their identity, route attacks and evade detection. By dismantling First VPN and obtaining user data, investigators can disrupt multiple cybercrime operations at once and strengthen ongoing ransomware investigations.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Switzerland advances National Cyberstrategy implementation

Switzerland has reported progress in implementing its National Cyberstrategy, with more than 90 projects underway and new measures addressing the role of AI in cybersecurity.

The Federal Council was informed of the 2025 implementation report. The implementation report was prepared by the National Cyberstrategy Steering Committee together with the National Cyber Security Centre. The report tracks work across five objectives:

  • Empowering the public
  • Securing digital services and critical infrastructure
  • Managing cyberattacks
  • Combating cybercrime
  • Strengthening international cooperation

The report identifies AI as an important area influencing both cybersecurity risks and defensive capabilities. The report describes measures related to AI-assisted cyber threats, AI-supported cyberdefence, research projects, and public awareness activities.

The report also refers to regulatory safeguards linked to Switzerland’s ratification of the Council of Europe Convention on AI. The report frames those steps as part of a broader response to the growing importance of AI in cybersecurity.

According to the report, the National Cyber Security Centre has received 222 reports since mandatory reporting requirements for cyberattacks on critical infrastructure entered into force in April 2025. Authorities say the reports improve national cyber situational awareness and support coordinated responses to threats.

The report also highlights developments involving sector-specific cybersecurity centres, information-sharing initiatives, and vulnerability management programmes. Switzerland also continued its federal bug bounty programme and other vulnerability management initiatives.

Capacity-building programmes include the Cyber-Defence Campus Fellowship, the Cyber Startup Challenge, and the national S-U-P-E-R.ch awareness campaign. The report also notes information-sharing work through Cyber-CASE, Cyber-STRAT, and NEDIK to support faster handling of digital crimes.

International activities included participation in cyber diplomacy and capacity-building initiatives linked to Geneva Cyber Week and UN and OSCE processes.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.