Critical infrastructure

Trump Executive Order revises US cyber policy and sanctions scope

US President Donald J. Trump signed a new Executive Order (EO) aimed at amending existing federal cybersecurity policies. The EO modifies selected provisions of previous executive orders signed by former Presidents Barack Obama and Joe Biden, introducing updates to sanctions policy, digital identity initiatives, and secure technology practices.

One of the main changes involves narrowing the scope of sanctions related to malicious cyber activity. The new EO limits the applicability of such sanctions to foreign individuals or entities involved in cyberattacks against US critical infrastructure. It also states that sanctions do not apply to election-related activities, though this clarification is included in a White House fact sheet rather than the EO text itself.

The order revokes provisions from the Biden-era EO that proposed expanding the use of federal digital identity documents, including mobile driver’s licenses. According to the fact sheet, this revocation is based on concerns regarding implementation and potential for misuse. Some analysts have expressed concerns about the implications of this reversal on broader digital identity strategies.

In addition to these policy revisions, the EO outlines technical measures to strengthen cybersecurity capabilities across federal agencies. These include:

  • Developing new encryption standards to prepare for advances in quantum computing, with implementation targets set for 2030.
  • Directing the National Security Agency (NSA) and Office of Management and Budget (OMB) to issue updated federal encryption requirements.
  • Refocusing artificial intelligence (AI) and cybersecurity initiatives on identifying and mitigating vulnerabilities.
  • Assigning the National Institute of Standards and Technology (NIST) responsibility for updating and guiding secure software development practices. This includes the establishment of an industry consortium and a preliminary update to its secure software development framework.

The EO also includes provisions for improving vulnerability tracking and mitigation in AI systems, with coordination required among the Department of Defence, the Department of Homeland Security, and the Office of the Director of National Intelligence.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cybersecurity alarm after 184 million credentials exposed

A vast unprotected database containing over 184 million credentials from major platforms and sectors has highlighted severe weaknesses in data security worldwide.

The leaked credentials, harvested by infostealer malware and stored in plain text, pose significant risks to consumers and businesses, underscoring an urgent need for stronger cybersecurity and better data governance.

Cybersecurity researcher Jeremiah Fowler discovered the 47 GB database exposing emails, passwords, and authorisation URLs from tech giants like Google, Microsoft, Apple, Facebook, and Snapchat, as well as banking, healthcare, and government accounts.

The data was left accessible without any encryption or authentication, making it vulnerable to anyone with the link.

The credentials were reportedly collected by infostealer malware such as Lumma Stealer, which silently steals sensitive information from infected devices. The stolen data fuels a thriving underground economy involving identity theft, fraud, and ransomware.

The breach’s scope extends beyond tech, affecting critical infrastructure like healthcare and government services, raising concerns over personal privacy and national security. With recurring data breaches becoming the norm, industries must urgently reinforce security measures.

Chief Data Officers and IT risk leaders face mounting pressure as regulatory scrutiny intensifies. The leak highlights the need for proactive data stewardship through encryption, access controls, and real-time threat detection.

Many organisations struggle with legacy systems, decentralised data, and cloud adoption, complicating governance efforts.

Enterprise leaders must treat data as a strategic asset and liability, embedding cybersecurity into business processes and supply chains. Beyond technology, cultivating a culture of accountability and vigilance is essential to prevent costly breaches and protect brand trust.

The massive leak signals a new era in data governance where transparency and relentless improvement are critical. The message is clear: there is no room for complacency in safeguarding the digital world’s most valuable assets.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU launches global digital strategy

The European Union has launched a sweeping international digital strategy to bolster its global tech leadership and secure a human-centric digital transformation. With the digital and AI revolution reshaping economies and societies worldwide, the EU is positioning itself as a reliable partner in building resilient, open, and secure digital ecosystems.

The strategy prioritises collaboration with international partners to scale digital infrastructure, strengthen cybersecurity, and support emerging technologies like AI, quantum computing, and semiconductors while promoting democratic values and human rights in digital governance. The EU will deepen and expand its global network of Digital Partnerships and Dialogues to remain competitive and secure in a fast-changing geopolitical landscape.

These collaborations focus on research, industrial innovation, regulatory cooperation, and secure supply chains, while engaging countries across Africa, Latin America, Asia, and the EU’s own neighbourhood. The strategy also leverages trade instruments and investment frameworks such as the Global Gateway to support secure 5G and 6G networks, submarine cables, and digital public infrastructure, helping partner countries improve connectivity, resilience, and sustainability.

To enhance global digital governance, the EU is pushing for international standards that uphold privacy, security, and openness, and opposing efforts to fragment the internet. It supports inclusive multilateralism, working through institutions like the UN, G7, and OECD to shape rules for the digital age.

With initiatives ranging from AI safety cooperation and e-signature mutual recognition to safeguarding children online and combating disinformation, the EU aims to set the benchmark for ethical and secure digital transformation. At the heart of this vision is the EU Tech Business Offer—a modular, cross-border platform combining technology, capacity-building, and financing.

Through Team Europe and partnerships with industry, the EU seeks to bridge the digital divide, export trusted digital solutions, and foster an interconnected world aligned with European democratic principles. The strategy underscores that in today’s interconnected world, the EU’s prosperity and security hinge on shaping a digital future that is competitive, inclusive, and values-driven.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

M&S CEO targeted by hackers in abusive ransom email

Marks & Spencer has been directly targeted by a ransomware group calling itself DragonForce, which sent a vulgar and abusive ransom email to CEO Stuart Machin using a compromised employee email address.

The message, laced with offensive language and racist terms, demanded that Machin engage via a darknet portal to negotiate payment. It also claimed that the hackers had encrypted the company’s servers and stolen customer data, a claim M&S eventually acknowledged weeks later.

The email, dated 23 April, appears to have been sent from the account of an Indian IT worker employed by Tata Consultancy Services (TCS), a long-standing M&S tech partner.

TCS has denied involvement and stated that its systems were not the source of the breach. M&S has remained silent publicly, neither confirming the full scope of the attack nor disclosing whether a ransom was paid.

The cyber attack has caused major disruption, costing M&S an estimated £300 million and halting online orders for over six weeks.

DragonForce has also claimed responsibility for a simultaneous attack on the Co-op, which left some shelves empty for days. While nothing has yet appeared on DragonForce’s leak site, the group claims it will publish stolen information soon.

Investigators believe DragonForce operates as a ransomware-as-a-service collective, offering tools and platforms to cybercriminals in exchange for a 20% share of any ransom.

Some experts suspect the real perpetrators may be young hackers from the West, linked to a loosely organised online community called Scattered Spider. The UK’s National Crime Agency has confirmed it is focusing on the group as part of its inquiry into the recent retail hacks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

OpenAI and India plan AI infrastructure push

OpenAI is in discussions with the Indian government to collaborate on data centre infrastructure as part of its new global initiative, ‘OpenAI for Countries’.

The programme aims to help partner nations expand AI capabilities through joint investment and strategic coordination with the US. India could become one of the ten initial countries in the effort, although specific terms remain under wraps.

During a visit to Delhi, OpenAI’s chief strategy officer Jason Kwon emphasised India’s potential, citing the government’s clear focus on infrastructure and AI talent.

Similar to the UAE’s recently announced Stargate project in Abu Dhabi, India may host large-scale AI computing infrastructure while also investing in the US under the same framework.

To nurture AI skills, OpenAI and the Ministry of Electronics and IT’s IndiaAI Mission launched the ‘OpenAI Academy’. It marks OpenAI’s first international rollout of its educational platform.

The partnership will provide free access to AI tools, developer training, and events, with content in English, Hindi, and four additional regional languages. It will also support government officials and startups through dedicated learning platforms.

The collaboration includes hackathons, workshops in six cities, and up to $100,000 in API credits for selected IndiaAI fellows and startups. The aim is to accelerate innovation and help Indian developers and researchers scale AI solutions more efficiently, according to IT Minister Ashwini Vaishnaw.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

China accuses Taiwan of cyber attacks and offers a bounty

Authorities in Guangzhou have placed a secret bounty on more than 20 individuals suspected of launching cyber attacks on Chinese targets, according to state news agency Xinhua.

One named suspect, Ning Enwei, is reportedly linked to Taiwan’s government. While the size of the reward remains undisclosed, officials claim the accused hackers targeted sectors including defence, aerospace, energy, and science—alongside agencies in Hong Kong and Macau.

Xinhua stated that Taiwan’s ‘information, communication and digital army’ has coordinated with US forces to carry out cyber and cognitive warfare against China.

These accusations form part of a broader Chinese narrative suggesting Taiwan is seeking independence through foreign alliances, particularly with US intelligence agencies. State media also claimed the US has trained Taiwanese personnel and helped orchestrate cyber attacks on the mainland.

In response, a senior Taiwanese security official, speaking anonymously, dismissed the claims as fabricated. The official argued that Beijing is attempting to deflect criticism following allegations of Chinese cyber activities in Europe, especially in the Czech Republic.

‘It is typical of the Chinese Communist Party’s efforts to change the narrative,’ the official said, branding Beijing an international cyber threat instead of a victim.

Taiwan’s government has yet to issue an official statement.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Salt Typhoon and Silk Typhoon reveal weaknesses

Recent revelations about Salt Typhoon and Silk Typhoon have exposed severe weaknesses in how organisations secure their networks.

These state-affiliated hacking groups have demonstrated that modern cyber threats come from well-resourced and coordinated actors instead of isolated individuals.

Salt Typhoon, responsible for one of the largest cyber intrusions into US infrastructure, exploited cloud network vulnerabilities targeting telecom giants like AT&T and Verizon, forcing companies to reassess their reliance on traditional private circuits.

Many firms continue to believe private circuits offer better protection simply because they are off the public internet. Some even add MACsec encryption for extra defence. However, MACsec’s ‘hop-by-hop’ design introduces new risks—data is repeatedly decrypted and re-encrypted at each routing point.

Every one of these hops becomes a possible target for attackers, who can intercept, manipulate, or exfiltrate data without detection, especially when third-party infrastructure is involved.

Beyond its security limitations, MACsec presents high operational complexity and cost, making it unsuitable for today’s cloud-first environments. In contrast, solutions like Internet Protocol Security (IPSec) offer simpler, end-to-end encryption.

Although not perfect in cloud settings, IPSec can be enhanced through parallel connections or expert guidance. The Cybersecurity and Infrastructure Security Agency (CISA) urges organisations to prioritise complete encryption of all data in transit, regardless of the underlying network.

Silk Typhoon has further amplified concerns by exploiting privileged credentials and cloud APIs to infiltrate both on-premise and cloud systems. These actors use covert networks to maintain long-term access while remaining hidden.

As threats evolve, companies must adopt Zero Trust principles, strengthen identity controls, and closely monitor their cloud environments instead of relying on outdated security models.

Collaborating with cloud security experts can help shut down exposure risks and protect sensitive data from sophisticated and persistent threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

HMRC got targeted in a £47 million UK fraud

A phishing scheme run by organised crime groups cost the UK government £47 million, according to officials from His Majesty’s Revenue and Customs.

Criminals posed as taxpayers to claim payments using fake or hijacked credentials. Rather than a cyberattack, the operation relied on impersonation and did not involve the theft of taxpayer data.

Angela MacDonald, HMRC’s deputy chief executive, confirmed to Parliament’s Treasury Committee that the fraud took place in 2024. The stolen funds were taken through three separate payments, though HMRC managed to block an additional £1.9 million attempt.

Officials began a cross-border criminal investigation soon after discovering the scam, which has led to arrests.

Around 100,000 PAYE accounts — typically used by employers for employee tax and national insurance payments — were either created fraudulently or accessed illegally.

Banks were also targeted through the use of HMRC-linked identity information. Customers first flagged the issue when they noticed unusual activity.

HMRC has shut down the fake accounts and removed false data as part of its response. John-Paul Marks, HMRC’s chief executive, assured the committee that the incident is now under control and contained. ‘That is a lot of money and unacceptable,’ MacDonald told MPs.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Meta inks 20-year nuclear deal to power AI expansion

Meta has entered a landmark 20-year agreement with Constellation to purchase 1.1 gigawatts of nuclear power from the Clinton Clean Energy Center in Illinois, starting in 2027.

The deal is designed to support the company’s rapidly growing AI infrastructure and data centres as energy demands surge across the tech industry.

Once facing closure due to financial losses, the Clinton plant’s future is secure — without relying on Illinois’ Zero Emission Credit programme. The agreement will keep over 1,100 local jobs, boost grid capacity by 30 megawatts, and generate an estimated $13.5 million in annual tax revenue.

Illinois lawmakers have praised the deal for its economic and environmental benefits, with Republican Regan Deering calling it ‘a forward-thinking investment.’

The partnership is part of Meta’s broader strategy to build a nuclear-powered AI ecosystem. With clean energy targets of 1 to 4 gigawatts, Meta has been negotiating with multiple nuclear providers and says further agreements are in the final stages.

According to the International Atomic Energy Agency, global data centre energy use is set to more than double by 2030 — potentially outstripping Japan’s entire electricity consumption. Meta alone plans to invest $65 billion in AI infrastructure in 2025.

The Clinton plant deal also serves as a hedge against the environmental impact of fossil fuels. A 2024 study by the Brattle Group estimated that closing the facility would have led to an additional 34 million metric tons of carbon emissions over two decades. It would also have dealt an annual $765 million blow to Illinois’ GDP.

Constellation, the plant’s operator, said consistent, carbon-free baseload power is essential for the AI-driven future. With its reliability and scale, nuclear energy is increasingly seen as critical to supporting always-on AI systems.

Meanwhile, Meta continues advancing its AI vision. The company plans to fully automate ad creation by late 2026, generating images, videos, and text tailored to user location and timing.

This automation effort has already boosted ad performance, with Q1 2025 results showing a 30% rise in AI-generated ad use, a 10% increase in average ad prices, and $42.31 billion in revenue — a 16% year-over-year jump.

However, the push for AI-generated content has unsettled the advertising industry. Firms like Omnicom Group have seen share prices dip over fears disrupting to traditional creative and production models.

Zuckerberg’s long-term AI vision includes automating marketing and enhancing user experience through AI companions and virtual therapists — part of Meta’s goal to integrate machine learning into everyday life while ensuring its platforms run on clean, scalable energy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyber attack hits Lee Enterprises staff data

Thousands of current and former employees at Lee Enterprises have had their data exposed following a cyberattack earlier this year.

Hackers accessed to the company’s systems in early February, compromising sensitive information such as names and Social Security numbers before the breach was contained the same day.

Although the media firm, which operates over 70 newspapers across 26 US states, swiftly secured its networks, a three-month investigation involving external cybersecurity experts revealed that attackers accessed databases containing employee details.

The breach potentially affects around 40,000 individuals — far more than the company’s 4,500 current staff — indicating that past employees were also impacted.

The stolen data could be used for identity theft, fraud or phishing attempts. Criminals may even impersonate affected employees to infiltrate deeper into company systems and extract more valuable information.

Lee Enterprises has notified those impacted and filed relevant disclosures with authorities, including the Maine Attorney General’s Office.

Headquartered in Iowa, Lee Enterprises draws over 200 million monthly online page views and generated over $611 million in revenue in 2024. The incident underscores the ongoing vulnerability of media organisations to cyber threats, especially when personal employee data is involved.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!