Critical infrastructure

China tightens control over rare earth exports

China has enacted new regulations asserting state ownership over rare earth materials, critical for semiconductor production, with a rule effective from October 1. Additionally, on December 3, the Ministry of Commerce announced a ban on the export of dual-use items such as gallium, germanium, and antimony to the US. These moves are expected to impact industries reliant on these materials, especially solar cell production and semiconductor manufacturing.

As the world’s largest supplier of rare earths, China has long dominated the market due to its lax environmental regulations, which allow for large-scale extraction and refining. However, with many countries looking to reduce their dependency on China, the long-term effectiveness of these export restrictions may diminish. Nations like the US and Australia are expanding their rare earth production lines, and efforts to recycle rare earth materials are also gaining traction.

Despite these efforts, challenges remain in replicating China’s refining capabilities, as many countries are limited by technical and environmental obstacles. Notably, the US has partnered with Australia’s Lynas Corporation to build a rare earth extraction facility, aiming to strengthen its supply chain.

The future of the rare earth market may shift toward the development of substitute materials, although creating viable replacements is a time-consuming process. In this ongoing battle, China has already secured patents for some high-performance materials that could serve as alternatives, indicating that the competition could soon turn to technological innovation and patent rights.

Tech giants join forces for US defence contracts, FT says

Data analytics firm Palantir Technologies and defence tech company Anduril Industries are leading efforts to form a consortium of technology companies to bid jointly for US government contracts, according to a report from the Financial Times. The group is expected to include SpaceX, OpenAI, Scale AI, autonomous shipbuilder Saronic, and other key players, with formal agreements anticipated as early as January.

The consortium aims to reshape the defence contracting landscape by combining cutting-edge technologies from some of Silicon Valley’s most innovative firms. A member involved in the initiative described it as a move toward creating “a new generation of defence contractors.” This collective effort seeks to enhance the efficiency of supplying advanced defence systems, leveraging technologies like AI, autonomous vehicles, and other innovations.

The initiative aligns with President-elect Donald Trump’s push for greater government efficiency, spearheaded in part by Elon Musk, who has been outspoken about reforming Pentagon spending priorities. Musk and others have criticised traditional defence programs, such as Lockheed Martin’s F-35 fighter jet, advocating instead for the development of cost-effective, AI-driven drones, missiles, and submarines.

With these partnerships, the consortium hopes to challenge the dominance of established defence contractors like Boeing, Northrop Grumman, and Lockheed Martin, offering a modernised approach to defence technology and procurement in the US.

New Zealand debuts nationwide satellite texting

One NZ has become the first telecommunications company globally to offer a nationwide satellite text messaging service, thanks to a partnership with SpaceX’s Starlink. This service enables customers with eligible phones and plans to send and receive text messages in areas beyond traditional cell tower coverage, provided they have a clear line of sight to the sky.

Initially, the service supports four specific phone models, with plans to expand compatibility to more devices next year. During the rollout phase, text message delivery times are expected to be within three minutes, though some may take up to ten minutes or longer. The service is available at no extra cost to existing customers on paid monthly plans, with future enhancements potentially including voice calling and data services.

This initiative follows successful tests of Starlink’s satellite text service during hurricane relief efforts in the United States. One NZ’s collaboration with Starlink marks a significant advancement in ensuring connectivity across New Zealand‘s diverse landscapes, particularly in the 40% of the country not covered by cell towers.

US CISA unveils draft update to National Cyber Incident Response Plan

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a draft update to the National Cyber Incident Response Plan (NCIRP) for public feedback, reflecting changes in cybersecurity, law, policy, and operational processes since the plan’s 2016 release. Developed in collaboration with the Joint Cyber Defense Collaborative (JCDC) and the Office of the National Cyber Director (ONCD), the update aims to improve national preparedness for the growing complexity of cyber threats.

Key updates include clarifying how non-federal stakeholders, such as private sector entities, can participate in cyber incident response efforts, enhancing usability by aligning the plan with the incident response lifecycle, and incorporating the latest legal and policy changes. The NCIRP will now undergo regular updates to stay relevant as threats and technologies evolve.

The NCIRP coordinates efforts across federal agencies, state and local governments, the private sector, and international partners as a strategic framework. It outlines four critical lines of effort (LOEs): Asset Response, Threat Response, Intelligence Support, and Affected Entity Response, ensuring cohesive and coordinated actions during a cyber incident.

The plan also defines two key phases—Detection and Response—focusing on identifying significant incidents and then containing, eradicating, and recovering from them. Coordination between government agencies, private sector entities, and other stakeholders is vital to managing the response and minimising the impact on national security, the economy, and public health.

Collaboration and continuous improvement are central to the NCIRP’s success. The JCDC, Cyber Unified Coordination Group (Cyber UCG), and Cyber Response Group (CRG) ensure all stakeholders are aligned in their efforts, with the CRG overseeing policy coordination and broader strategic responses.

The NCIRP will be regularly reviewed and updated based on feedback and post-incident assessments, allowing it to adapt to new threats and technological changes. CISA is committed to strengthening the nation’s ability to respond to cyber incidents, emphasising the need for an agile, effective framework to keep pace with evolving cyber risks.

Russia strikes Ukraine’s registries with a massive cyberattack, according to the deputy PM

Ukraine‘s Deputy Prime Minister Olha Stefanishyna announced that Russia launched a large-scale cyberattack on Thursday, temporarily crippling the country’s state registries. These registries contain essential citizen data, including information on births, deaths, marriages, and property ownership. The attack forced a suspension of services managed by the Ministry of Justice.

Stefanishyna described the incident as a deliberate attempt by Russia to disrupt Ukraine’s critical infrastructure. While restoration efforts are expected to take about two weeks, some services will resume on Friday. Other state functions appear to be unaffected.

This is the latest in a series of cyberattacks during the ongoing war, including a December 2023 assault on Ukrainian telecom provider Kyivstar and previous attacks on Russian ministries. Ukrainian authorities plan to conduct a thorough investigation to bolster defences against future cyber threats.

Netherlands expands investment law to include AI and biotech

The Dutch government announced plans to expand its investment screening law to include emerging technologies like biotech, AI, and nanotechnology. The move aims to protect national security amid growing global tensions, with threats such as cyberattacks and espionage becoming more prevalent. Economy Minister Dirk Beljaarts emphasised the importance of safeguarding Dutch businesses, innovations, and the economy.

In addition to biotech and AI, the updated law will cover sensor and navigation technology, advanced materials, and nuclear technologies used in medicine. The government expects these changes to take effect by the second half of 2025.

Introduced in 2023, the investment screening law allows the Dutch government to block foreign takeovers of critical infrastructure or technology that could threaten national security. This comes after the Netherlands imposed restrictions on semiconductor exports to China under US pressure.

Geneva Dialogue session ‘Critical infrastructure protection: Who is responsible?’ during the WEF 2025

On 21 January from 16:00 to 18:00 pm CET the Geneva Dialogue on Responsible Behaviour in Cyberspace will host the session at the Geneva Day at the House of Switzerland in Davos. The session will be organised in an interactive format, including a scenario-based discussion, and will explore the roles and responsibilities of non-state actors, such as the private sector, technical community, and civil society in implementing agreed cyber norms related to critical infrastructure protection.

The Geneva Dialogue on Responsible Behaviour in Cyberspace is an international process initiated by the Swiss Federal Department of Foreign Affairs (FDFA), and implemented by DiploFoundation with support of the Republic and State of Geneva, Center for Digital Trust (C4DT) – EPFL, Swisscom and UBS. The initiative maps roles and responsibilities of relevant actors for implementing the agreed cyber norms, contributing to cyber-stability and security. The outcomes of the Geneva Dialogue are published in the Geneva Manual – a comprehensive guidance on non-state actors’ implementation of existing norms. The first chapter, announced in 2023, focuses on the implementation of the norms related to supply chain security and responsible reporting of ICT vulnerabilities. The session will contribute to finalisation of the next chapter of the Manual with the focus on critical infrastructure protection related norms and confidence-building measures (CBMs).

Starlink inactive in India, Musk confirms

Elon Musk confirmed that Starlink satellite internet is inactive in India, following recent seizures of Starlink devices by Indian authorities. Musk stated on X that Starlink beams were “never on” in the country, addressing concerns raised after a device was confiscated during an armed conflict operation in Manipur and another during a major drug bust at sea.

In Manipur, where ethnic conflict has continued since last year, the Indian Army seized a Starlink dish believed to be used by militants. Officials suspect it was smuggled from Myanmar, where rebel groups reportedly use Starlink despite the company’s lack of operations there.

Earlier this month, Indian police intercepted a Starlink device linked to smugglers transporting $4.2 billion worth of methamphetamine. Authorities believe the internet device was used for navigation, prompting a legal request to Starlink for purchase details.

Starlink is currently seeking approval to operate in India and is working to resolve security concerns as part of the licensing process.

TP-Link faces US ban amid cybersecurity concerns, WSJ reports

US authorities are weighing a potential ban on TP-Link Technology Co., a Chinese router manufacturer, over national security concerns, following reports linking its home internet routers to cyberattacks. According to the Wall Street Journal, the US government is investigating whether TP-Link routers could be used in cyber operations targeting the US, citing concerns raised by lawmakers and intelligence agencies.

In August, two US lawmakers urged the Biden administration to examine TP-Link and its affiliates for possible links to cyberattacks, highlighting fears that the company’s routers could be exploited in future cyber operations. The Commerce, Defence, and Justice departments have launched separate investigations into the company, with reports indicating that a ban on the sale of TP-Link routers in the US could come as early as next year. As part of the investigations, the Commerce Department has reportedly subpoenaed the company.

TP-Link has been under scrutiny since the US Cybersecurity and Infrastructure Agency (CISA) flagged vulnerabilities in the company’s routers, that could potentially allow remote code execution. This comes amid heightened concerns that Chinese-made routers could be used by Beijing to infiltrate and spy on American networks. The US government, along with its allies and Microsoft, has also uncovered a Chinese government-linked hacking campaign, Volt Typhoon, which targeted critical US infrastructure by taking control of private routers.

The Commerce, Defence, and Justice departments, as well as TP-Link, did not immediately respond to requests for comment.

Meta data breach leads to huge EU fine

Meta has been fined €251 million by the European Union’s privacy regulator over a 2018 security breach that affected 29 million users worldwide. The breach involved the ‘View As’ feature, which cyber attackers exploited to access sensitive personal data such as names, contact details, and even information about users’ children.

The Irish Data Protection Commission, Meta’s lead EU regulator, highlighted the severity of the violation, which exposed users to potential misuse of their private information. Meta resolved the issue shortly after its discovery and notified affected users and authorities. Of the 29 million accounts compromised, approximately 3 million belonged to users in the EU and European Economic Area.

This latest fine brings Meta’s total penalties under the EU’s General Data Protection Regulation to nearly €3 billion. A Meta spokesperson stated that the company plans to appeal the decision and emphasised the measures it has implemented to strengthen user data protection. This case underscores the ongoing regulatory scrutiny faced by major technology firms in Europe.