Critical infrastructure

Taiwan sets rules for TSMC’s overseas ventures

Taiwan’s Economy Minister Kuo Jyh-huei announced on Thursday that Taiwan Semiconductor Manufacturing Co. (TSMC) would require government approval for any overseas joint ventures, although there are no restrictions on manufacturing advanced chips abroad, except for China. This comes amid reports that TSMC is in talks to acquire a stake in Intel, a move that could stir tensions with the US, where former President Trump has expressed concerns about Taiwan taking away American semiconductor business.

Kuo reassured reporters in Taipei that Taiwan’s semiconductor industry, particularly TSMC, remains vital to the nation’s economy, describing it as the ‘sacred mountain protecting the country.’ He also clarified that while the Taiwanese government would not interfere with TSMC’s business decisions, any large overseas investments or joint ventures must be approved by Taiwan’s economy ministry, with no changes to the rules surrounding advanced chip production outside of China.

TSMC is already investing $65 billion in new factories in Arizona, where it plans to manufacture the most advanced 2-nanometre chips, though this will not occur for a few years. The government is also preparing to engage in discussions with the Trump administration over potential tariffs on Taiwanese imports, aiming to secure the best conditions for local companies in light of the ongoing trade tensions.

For more information on these topics, visit diplomacy.edu.

China expands DeepSeek AI to household gadgets

China’s embrace of DeepSeek’s AI models has expanded beyond tech companies into everyday household appliances. The startup, based in Hangzhou, has seen a surge of support from Chinese manufacturers, with home appliance giants such as Haier, Hisense, and TCL Electronics announcing plans to incorporate DeepSeek’s AI models into their products. These appliances, already equipped with voice-activated commands, are set to become even smarter with DeepSeek’s models, which promise greater accuracy and functionality.

DeepSeek has made waves in the AI sector this year, with its large language models competing against Western systems but at a fraction of the cost. This has sparked immense pride in China, where the company is seen as a testament to the country’s growing tech capabilities in the face of US efforts to limit its advancements. The company’s founder, Liang Wenfeng, has received significant recognition from Chinese authorities, and DeepSeek is expected to soon release its next-generation R2 reasoning model.

The impact of DeepSeek’s technology is already being felt across industries. From robotics to smart appliances, its AI models offer improved precision in tasks such as obstacle avoidance in robot vacuum cleaners. These devices are expected to better understand complex commands, like ‘Gently wax the wooden floor in the master bedroom but avoid the Legos,’ making everyday life more efficient and intuitive.

For more information on these topics, visit diplomacy.edu.

China accuses Taiwan of selling semiconductor industry to the US

China accused Taiwan on Wednesday of attempting to hand over its semiconductor industry to the United States, claiming that the island’s government was using the industry to gain political support from Washington. The accusation comes amid reports that Taiwan Semiconductor Manufacturing Co. (TSMC), the world’s largest contract chipmaker, may be negotiating a stake in Intel. However, neither TSMC nor Intel has confirmed the talks and Taiwan’s government says it has not received such investment proposals from TSMC.

China’s Taiwan Affairs Office spokesperson, Zhu Fenglian, suggested without providing evidence that Taiwan’s ruling Democratic Progressive Party (DPP) was using TSMC to seek foreign support for independence, accusing the island of ‘selling out’ its companies to the US. Taiwan, however, rejected these claims, with Taiwan’s Mainland Affairs Council affirming the importance of TSMC to the island’s economy and stressing its commitment to maintaining a leading role in semiconductor technology.

The US has been critical of Taiwan’s semiconductor industry, with former President Donald Trump calling for more manufacturing to return to the United States. Despite China’s claims, Taiwan maintains that it is responsible for its foreign investment decisions. The island continues to rely on the US for military support, though the US does not formally recognise Taiwan’s government.

TSMC, which supplies major companies like Apple and Nvidia, did not comment on the reports. Taiwan’s government, however, vowed to support the company amid rising tensions surrounding its semiconductor industry.

For more information on these topics, visit diplomacy.edu.

Quantum machines secures $170 million for growth

Quantum Machines (QM), a leader in quantum computing technology, has raised $170 million in a mid-stage funding round, bringing its total funding to $280 million. The investment is seen as a significant step in accelerating QM’s role in the rapidly evolving quantum computing industry. With quantum technology on the verge of becoming a major disruptive force, this funding will help QM expand its hardware and software offerings to meet the demands of quantum system developers globally.

Quantum computing holds enormous promise for breakthroughs in fields such as medicine and chemistry, offering the ability to solve problems far beyond the capabilities of classical computers. While the technology is still developing, key milestones are being reached, including IBM and Google’s advancements in achieving over 1,000 qubits. These developments signal that practical quantum computers could soon become a reality.

QM’s growth is supported by strong backing from major investors, including PSG Equity and Intel Capital, reflecting the increasing confidence in the potential of quantum computing. As the technology matures, companies like Microsoft and Nvidia are also contributing to the ecosystem, highlighting that the quantum race is heating up. Despite regional challenges, Israeli tech startups, including QM, are continuing to attract investment, contributing to the country’s growing tech sector.

With this new funding, QM is well-positioned to drive forward its mission to innovate and lead in the quantum computing space, which many consider one of the most important technological developments of the current generation.

For more information on these topics, visit diplomacy.edu.

Meta considers $200 billion AI campus project

Meta Platforms is reportedly in talks to build a new data centre campus for its AI projects, potentially costing over $200 billion, according to sources familiar with the matter. The company is considering locations in states like Louisiana, Wyoming, and Texas, with senior executives visiting potential sites this month.

This comes as the AI sector sees a surge in investment, especially following the launch of Microsoft-backed OpenAI’s ChatGPT in 2022. Companies are eager to incorporate AI into their products, leading to significant spending on AI infrastructure.

Despite the report, a Meta spokesperson denied the claims, stating that its data centre plans and capital expenditures have already been disclosed and calling the rest ‘pure speculation’. Meta’s CEO, Mark Zuckerberg, had previously mentioned that the company plans to invest up to $65 billion this year to expand its AI infrastructure.

In comparison, Microsoft has pledged around $80 billion in data centre investments for fiscal 2025, while Amazon has indicated its 2025 spending could exceed $75 billion.

For more information on these topics, visit diplomacy.edu.

Apple to sell iPhone 16 in Indonesia after key agreements

Apple is set to begin selling its iPhone 16 in Indonesia following a new agreement with the government, which includes the establishment of a manufacturing plant and a research and development centre. The country’s industry minister, Agus Gumiwang Kartasasmita, confirmed on Wednesday that Apple would soon receive the required local content certificate to allow sales of the device. However, he did not specify when the certificate would be issued.

Indonesia had previously banned the iPhone 16 due to Apple’s failure to meet the local content requirement, which mandates that a certain percentage of parts must be sourced domestically or through local partnerships. Although Apple has no manufacturing facilities in Indonesia, it has been operating developer academies in the country since 2018. Indonesia, with its population of 280 million, is keen to attract more tech-related investment.

Analysts have warned that the local content ban could harm investor confidence and fuel concerns about protectionism, but the new agreements between Apple and the Indonesian government may help address these issues.

For more information on these topics, visit diplomacy.edu.

UK Home Office’s new vulnerability reporting policy creates legal risks for ethical researchers, experts warn

The UK Home Office has introduced a vulnerability reporting mechanism through the platform HackerOne, allowing cybersecurity researchers to report security issues in its systems. However, concerns have been raised that individuals who submit reports could still face legal risks under the UK’s Computer Misuse Act (CMA), even if they follow the department’s new guidance.

Unlike some private-sector initiatives, the Home Office program does not offer financial rewards for reporting vulnerabilities. The new guidelines prohibit researchers from disrupting systems or accessing and modifying data. However, they also caution that individuals must not ‘break any applicable law or regulations,’ a clause that some industry groups argue could discourage vulnerability disclosure due to the broad provisions of the CMA, which dates back to 1990.

The CyberUp Campaign, a coalition of industry professionals, academics, and cybersecurity experts, warns that the CMA’s definition of unauthorized access does not distinguish between malicious intent and ethical security research. While the Ministry of Defence has previously assured researchers they would not face prosecution, the Home Office provides no such assurances, leaving researchers uncertain about potential legal consequences.

A Home Office spokesperson declined to comment on the concerns.

The CyberUp Campaign acknowledged the growing adoption of vulnerability disclosure policies across the public and private sectors but highlighted the ongoing legal risks researchers face in the UK. The campaign noted that other countries, including Malta, Portugal, and Belgium, have updated their laws to provide legal protections for ethical security research, while the UK has yet to introduce similar reforms.

The Labour Party had previously proposed an amendment to the CMA that would introduce a public interest defense for cybersecurity researchers, but this was not passed. Last year, Labour’s security minister Dan Jarvis praised the contributions of cybersecurity professionals and stated that the government was considering CMA reforms, though no legislative changes have been introduced so far.

For more information on these topics, visit diplomacy.edu.

EU Commission proposes enhanced cyber crisis management framework

The EU Commission introduced a proposal aimed at strengthening the EU’s response to large-scale cyber attacks. This recommendation to the Council of Ministers seeks to update the existing EU framework for crisis management in cybersecurity and outline the roles of relevant EU actors, including civilian and military entities as well as NATO.

Specifically, the proposal aims to establish coordination points with NATO to facilitate information sharing during cyber crises, including interconnections between systems. If Member States deploy defense initiatives during a cybersecurity incident, they must inform EU-CyCLONe and the EU Cyber Commanders Conference.

The High Representative, in collaboration with the Commission and relevant entities, should facilitate information flow with strategic partners during identified incidents and enhance coordination against malicious cyber activities using the cyber diplomacy toolbox. Joint exercises should be organized to test cooperation between civilian and military components during significant incidents, including those affecting NATO allies and candidate countries.

The Commission noted that a significant cybersecurity incident could overwhelm the response capabilities of individual Member States and impact multiple EU countries, potentially leading to a crisis that disrupts the internal market and poses risks to public safety. It encourages the establishment of voluntary collaborative clusters to foster cooperation and trust in cybersecurity. Member States can create these clusters based on existing information-sharing frameworks, focusing on common threats while adhering to the mandates of participating actors.

The document emphasizes the importance of a comprehensive and integrated approach to crisis management across all sectors and levels of government. It highlights that if cybersecurity incidents are part of a broader hybrid campaign, stakeholders should collaborate to develop a unified situational awareness across sectors.

Within twelve months of adopting the cybersecurity blueprint, Member States must develop a unified taxonomy for cyber crisis management and establish guidelines for the secure handling of cybersecurity information. The proposal emphasises avoiding over-classification to promote the sharing of non-classified information through established cooperation platforms.

To enhance preparedness for crises and improve organizational efficiency, Member States and relevant entities should conduct ongoing cyber exercises based on scenarios derived from EU-coordinated risk assessments, aligning with existing crisis response mechanisms. Smaller exercises should test interactions during escalating incidents, while the Commission, EEAS, and ENISA will organize an exercise within eighteen months to evaluate the cybersecurity blueprint, involving all relevant stakeholders, including the private sector.

The proposal also recommends that Member States and critical infrastructure operators integrate at least one Union-based DNS infrastructure, such as DNS4EU, to ensure reliable services during crises. ENISA and EU-CyCLONe are tasked with creating emergency failover guidelines for transitioning to Union-based DNS in case of service failures.

While the cybersecurity blueprint does not interfere with how entities define their internal procedures, each entity should clearly define the interfaces used for working with other entities. These interfaces should be jointly agreed upon between the entities concerned and documented.

National and cross-border cyber hubs should share threat information to bolster protection against Union-specific threats, and Member States are encouraged to engage in a multistakeholder forum to identify best practices and standards for securing critical Internet infrastructure. Public and private entities should implement threat-informed detection strategies to proactively identify potential disruptions. They must share information about covert operations with partners before crises escalate and report potential cyber crises to relevant networks, while the CSIRTs Network and EU-CyCLONe establish procedures for coordinating responses to large-scale incidents.

For more information on these topics, visit diplomacy.edu.

Australia bans Kaspersky software on government systems over security risks

The Australian government has issued a directive prohibiting the use of cybersecurity software and web services from Kaspersky on government systems, citing national security considerations. Under the new policy, government agencies are required to remove existing Kaspersky products by April 2025 and refrain from installing them on government devices in the future.

According to a statement from Stephanie Foster, Secretary of the Department of Home Affairs, the decision follows a threat and risk assessment that identified security concerns related to the use of Kaspersky products and web services. The directive notes ‘unacceptable security risks arising from threats of foreign interference, espionage and sabotage’. The directive doesn’t provide details on threats and risks that have been recently identified and led to this decision.

In response to the decision, a Kaspersky spokesperson stated that the company was not given prior notice or an opportunity for engagement before the ban was issued. The company reiterated that the decision was influenced by geopolitical factors rather than technical assessments of its products. Despite the restriction on government use, Kaspersky confirmed that it will continue to provide services to other customers in Australia and remains open to discussions with authorities.

The move follows Australia’s earlier decision to prohibit the use of Chinese artificial intelligence firm DeepSeek’s technology in government systems, citing security risks.

Kaspersky has faced restrictions in multiple countries, with the US implementing a ban on its products in June 2024, followed by sanctions on several company executives. European nations, including Germany and the Netherlands, have also taken steps to limit the use of Kaspersky software in government infrastructure.

For more information on these topics, visit diplomacy.edu

Study reveals rising cyber risks for manufacturing firms due to IT/OT systems convergence

A recent report by Telstra International and Omdia reveals that converged IT and operational technology (OT) systems were targeted in 75% of cyber incidents affecting manufacturing firms over the past year. The report underscores the significant cyber risks associated with IT/OT convergence and highlights a general lack of preparedness among manufacturers to address these challenges.

Integrating IT systems with OT—programmable systems that interact with industrial equipment—can enhance efficiency in sectors such as manufacturing and energy. However, this convergence also increases the attack surface for cyber threat actors targeting critical industrial systems.

The report indicates that approximately 70% of OT systems in companies across the US, Latin America, and Europe are expected to connect to corporate IT within the next year, rising from the current 50%. Despite this trend, only 19% of surveyed firms are classified as ‘advanced’ in securing their IT/OT systems according to the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).

Moreover, just 45% of manufacturers are well-prepared for IT/OT security across key areas such as security networking, awareness, supply chain risks, and the implementation of a zero trust framework. The report also highlights a lack of clarity regarding responsibility for securing IT/OT environments, with only 20% of respondents identifying Chief Information Security Officers (CISOs) as accountable, followed by Chief Risk Officers (14%) and Chief Technology Officers (13%).

Geraldine Kor, Telstra International’s Head of Global Enterprise Business, emphasised the importance of clearly defining and integrating security responsibilities to ensure effective responses to security challenges in mission-critical systems. She noted that a strong security culture and the right personnel are essential for enhancing overall security readiness.

Overall, 80% of manufacturers reported a notable increase in cybersecurity incidents in the past year, with 31% leading to financial losses and/or operational downtime. The costs associated with incidents affecting resilience or availability ranged from $200,000 to $2 million.

For more information on these topics, visit diplomacy.edu.