Critical infrastructure

Protecting critical infrastructure in a fragile cyberspace

Securing Critical Infrastructure in Cyber: Who and How?‘ is the name of one of the main panels at IGF 2024 in Riyadh, where participants discussed the complexities of identifying, securing, and cooperating to protect critical systems from cyber threats. The session, part of the Geneva Dialogue project, focused on safeguarding critical infrastructure from cyber threats and implementing international cyber norms.

The dialogue highlighted the elusive nature of defining critical infrastructure, as interpretations vary widely across nations. ‘Understanding critical infrastructure begins with impact analysis, but what happens if these systems fail?’ noted Nicolas Grunder from ABB, underscoring the need for clarity. Regional interdependencies further complicate matters, as cascading failures in energy, transportation, or cloud services can cripple interconnected sectors, a scenario brought to life through a fictional cyberattack simulation on a cloud provider.

Baseline cybersecurity measures emerged as a priority, focusing on asset inventories, supply chain security, and resilience planning. Kazuo Noguchi of Hitachi America emphasised the mantra of ‘backup, backup, backup’, advocating for distributed systems across regions to mitigate single points of failure. Practical measures like incident response plans, vulnerability management, and operator awareness training were cited as essential components of any security framework.

The role of international cyber norms and confidence-building measures (CBMs) sparked debate. While voluntary, norms such as avoiding attacks on critical infrastructure during peacetime provide a foundation for responsible state behaviour. Yet, as Kaleem Usmani of CERT Mauritius pointed out, ‘Norms reduce risks and foster cooperation, but accountability remains a challenge.’ Regional collaboration, such as harmonised security certifications, was proposed as a pragmatic solution to bridge gaps in global standards.

Amid growing geopolitical complexities, participants called for greater transparency and cooperation. Bushra AlBlooshi from the Dubai Electronic Security Center showcased Dubai’s approach, where interdependencies between sectors like power and transportation are mapped to preempt disruptions. However, securing systems reliant on foreign service providers adds another layer of vulnerability, prompting calls for international agreements to establish untouchable ‘red lines’ for critical infrastructure in peace and war.

US grants $406 million to boost GlobalWafers production

The US Commerce Department has finalised $406 million in grants to Taiwan’s GlobalWafers to boost silicon wafer production in Texas and Missouri. These funds will support the first large-scale US production of 300-mm wafers, critical components in advanced semiconductors. This initiative is part of the Biden administration’s effort to strengthen the domestic supply chain for chips.

The grant will aid GlobalWafers’ nearly $4 billion investment in building new manufacturing facilities, creating 1,700 construction jobs and 880 permanent manufacturing positions. The company plans to produce wafers for cutting-edge, mature-node, and memory chips in Sherman, Texas, and wafers for defence and aerospace chips in St. Peters, Missouri.

GlobalWafers’ CEO Doris Hsu expressed enthusiasm about collaborating with US-based customers for years to come. Currently, over 80% of the global 300-mm silicon wafer market is controlled by just five companies, with most production concentrated in East Asia.

This funding is part of the $52.7 billion CHIPS and Science Act, aimed at expanding domestic semiconductor manufacturing. Recent grants include $6.165 billion for Micron Technology and significant subsidies for Intel, TSMC, and GlobalFoundries.

US firm buys Israeli spyware company

Florida-based AE Industrial Partners has acquired Israeli spyware company Paragon for an estimated $500 million, with reports suggesting the deal could reach up to $900 million. Paragon, a competitor to NSO Group, is known for providing cybersecurity tools to government agencies that it claims meet “enlightened democracy” standards. The acquisition was completed on 13 December and reportedly approved by both US and Israeli officials.

Paragon, founded in 2019 by former Israeli intelligence officers and backed by ex-Prime Minister Ehud Barak, is merging with Virginia-based cybersecurity firm Red Lattice. This move aims to strengthen the firm’s presence in the global surveillance market. The US subsidiary of Paragon recently signed a one-year contract with US Immigration and Customs Enforcement, reflecting its growing footprint in government cybersecurity services.

The acquisition comes amid tightened scrutiny of spyware technologies after allegations of abuse involving competitors like NSO Group. In 2021, the US added NSO to its trade blacklist, citing its misuse in targeting activists and journalists. Paragon, however, positions itself as a provider of ethically guided surveillance tools, limiting its activities to messaging apps and governmental communications.

Rhode Island suffers major data breach

Rhode Island officials have confirmed a major data breach in the state’s social services system, potentially exposing the personal and financial details of hundreds of thousands of residents. The hackers, believed to be an international cybercriminal group, accessed sensitive information through RIBridges, the state’s portal for government assistance programmes, including Social Security numbers and banking details.

The breach, which was detected earlier this month, affects users of the Supplemental Nutrition Assistance Program, Temporary Assistance for Needy Families, and healthcare services accessed through HealthSource RI since 2016. The attackers have demanded an undisclosed ransom, threatening to release the stolen data if unpaid. Deloitte, the system’s vendor, confirmed the breach on Friday, prompting the state to shut down the portal temporarily.

Residents impacted by the breach will be notified via letters detailing steps to secure their personal information and protect their bank accounts. For now, new applicants for state benefits must use paper applications as authorities work to secure the compromised system. Governor Dan McKee described the incident as extortion, calling for swift remediation and protection for affected citisens.

Parliamentarians urged to bridge the global digital divide

At the ‘IGF Parliamentary Track – Session 1’ session in Riyadh, parliamentarians, diplomats, and digital experts gathered to address persistent gaps in global digital governance. The session spotlighted two critical UN-led initiatives: the World Summit on the Information Society (WSIS) and the Global Digital Compact (GDC), underscoring their complementary roles in bridging the digital divide and addressing emerging digital challenges like AI and data governance.

Ambassador Muhammadou M.O. Kah, Chair of the Commission for Science and Technology for Development, stressed the urgency of digital inclusion. ‘Digital technologies are transforming our world at a remarkable pace, but we must confront the persistent divide,’ he said, remembering that twenty years after WSIS first set out a vision for an inclusive digital society, one-third of the world’s population remains unconnected, with inequalities deepening between urban and rural areas, genders, and socioeconomic groups.

The Global Digital Compact, introduced as a ‘refresh’ of WSIS priorities, emerged as a key focus of the discussion. From the UN Tech Envoy’s Office, Isabel de Sola presented the GDC’s five pillars: affordable internet access, tackling misinformation, data governance, fostering inclusive digital economies, and ensuring safe AI implementation. De Sola emphasised, ‘We need a holistic approach. Data governance, AI, and connectivity are deeply interconnected and must work in tandem to serve society fairly.’

Sorina Teleanu, the session’s moderator and Head of knowledge at Diplo, highlighted the need for urgent action, stating: ‘We have the Global Digital Compact, but what’s next? It’s about implementation—how we take global commitments and turn them into real, practical solutions at national and local levels,’ she urged parliamentarians to exercise their oversight role and push for meaningful progress.

The session exposed a growing disconnect between governments and parliaments on digital policy. Several parliamentarians voiced concerns about exclusion from international processes that shape national legislation and budgets. ‘We cannot act effectively if we are not included or informed,’ a delegate from South Africa noted, calling for better integration of lawmakers into global frameworks like the GDC and WSIS.

To close these gaps, speakers proposed practical solutions, including capacity-building programs, toolkits for mapping GDC priorities locally, and stronger regional parliamentary networks. ‘Parliamentarians are closest to the people’ Ambassador Kah reminded attendees, ‘they play a crucial role in translating global commitments into meaningful local action’

The discussion ended with a renewed call for collaboration: greater inclusion of lawmakers, better alignment of international frameworks with local needs, and stronger efforts to bridge the digital divide. As the world approaches WSIS’ 20-year review in 2025, the path forward requires a unified, inclusive effort to ensure digital advancements reach all corners of society.

All transcripts from the Internet Governance Forum sessions can be found on dig.watch.

Digital futures at a crossroads: aligning WSIS and the Global Digital Compact

The path toward a cohesive digital future was the central theme at the ‘From WSIS to GDC: Harmonising Strategies Towards Coordination‘ session held at the Internet Governance Forum (IGF) 2024 in Riyadh. Experts, policymakers, and civil society representatives converged to address how the World Summit on the Information Society (WSIS) framework and the Global Digital Compact (GDC) can work in unison. At the heart of the debate lay two critical imperatives: coordination and avoiding fragmentation.

Panelists, including Jorge Cancio of the Swiss Government and David Fairchild of Canada, underscored the IGF’s central role as a multistakeholder platform for dialogue. However, concerns about its diminishing mandate and inadequate funding surfaced repeatedly. Fairchild warned of ‘a centralisation of digital governance processes,’ hinting at geopolitical forces that could undermine inclusive, global cooperation. Cancio urged an updated ‘Swiss Army knife’ approach to WSIS, where existing mechanisms, like the IGF, are strengthened rather than duplicated.

The session also highlighted emerging challenges since WSIS’s 2005 inception. Amrita Choudhury from MAG and Anita Gurumurthy of IT for Change emphasised that AI, data governance, and widening digital divides demand urgent attention. Gurumurthy lamented that ‘neo-illiberalism,’ characterised by corporate greed and authoritarian politics, threatens the vision of a people-centred information society. Meanwhile, Gitanjali Sah of ITU reaffirmed WSIS’s achievements, pointing to successes like digital inclusion through telecentres and distance learning.

Amid these reflections, the IGF emerged as an essential event for harmonising WSIS and GDC goals. Panellists, including Nigel Cassimire from the Caribbean Telecommunications Union, proposed that the IGF develop performance targets to implement GDC commitments effectively. Yet, as Jason Pielemeier of the Global Network Initiative cautioned, the IGF faces threats of co-optation in settings hostile to open dialogue, which ‘weakens its strength.’

Despite these tensions, hope remained for creative solutions and renewed international solidarity. The session concluded with a call to refocus on WSIS’s original principles—ensuring no one is left behind in the digital future. As Anita Gurumurthy aptly summarised: ‘We reject bad politics and poor economics. What we need is a solidarity vision of interdependence and mutual reciprocity.’

All transcripts from the Internet Governance Forum sessions can be found on dig.watch.

Trump administration plans stronger response to cyber attacks

The incoming Trump administration is set to explore ways to impose higher costs on adversaries and private actors behind cyber attacks, according to Representative Mike Waltz, the pick for national security adviser. Waltz’s statement follows US allegations that a widespread Chinese cyberespionage operation, known as Salt Typhoon, targeted senior American officials and stole significant amounts of metadata.

The White House has revealed that at least eight telecommunications and infrastructure firms in the US were compromised during this campaign. While Waltz did not specify potential actions against Salt Typhoon, he emphasised the need to go beyond defensive measures and start taking offensive actions to deter cyber threats.

Waltz also highlighted the role of the US tech industry in strengthening national defence and exposing vulnerabilities in adversaries. Meanwhile, Chinese officials continue to deny involvement, dismissing the accusations as disinformation and asserting that Beijing opposes cyber attacks in all forms.

Chipmaker Nvidia reaffirms commitment to China

Nvidia has refuted social media claims suggesting it plans to limit chip supplies to China, categorically stating that these rumours are false. In a post on a popular Chinese platform, the company reaffirmed its dedication to providing top-quality products and services to Chinese customers, highlighting the importance of the region to its business.

The denial comes at a time of heightened scrutiny over global semiconductor trade, with geopolitical tensions influencing market dynamics. Nvidia’s statement emphasises its continued focus on meeting the needs of its Chinese clientele, despite speculation circulating online.

This clarification is expected to reassure stakeholders in one of Nvidia’s most significant markets, where demand for advanced chips continues to grow, particularly in artificial intelligence and high-performance computing sectors. The company’s swift dismissal of the claims underscores its commitment to maintaining strong ties with China.

AI driving solutions backed by Hyundai and Samsung

Canadian startup Tenstorrent and South Korea’s BOS Semiconductors unveiled advanced AI chips designed for infotainment and autonomous driving systems. Growing demand for high-performance chips aligns with vehicles increasingly functioning as ‘computers on wheels’.

The AI chips are the first in the industry to feature ‘automotive chiplet AI accelerator’ technology, enabling modular customisation. Chiplets function like LEGO blocks, allowing manufacturers to tailor systems while cutting costs. BOS plans to debut its ‘Eagle-N’ chips at the Consumer Electronics Show in January, with production targeted for late 2026.

BOS Semiconductors is negotiating supply agreements with German automakers and aims to challenge established players like Qualcomm. The chips will utilise Samsung’s 5nm manufacturing process, showcasing advancements in efficiency and performance.

Tenstorrent, led by former Apple and Tesla chip designer Jim Keller, has secured backing from Hyundai Motor Group, Samsung, and Jeff Bezos’ family office. BOS founder Park Jae-hong, formerly of Samsung Electronics, emphasised the potential of this innovative technology to transform the automotive industry.

United Nations takes steps to safeguard submarine cables

The United Nations has established a dedicated body to safeguard submarine cables, which transmit over 99% of global data, including emails, video streams, and government communications. The initiative aims to address the vulnerability of this critical infrastructure to natural disasters, accidents, and suspected acts of sabotage. Around 200 cable failures are reported annually, with incidents such as a 2022 tsunami cutting off the Pacific island of Tonga for a month.

The new body, comprising 40 experts from public and private sectors, will focus on ensuring cables are built and maintained with greater resilience. While its mandate does not extend to investigating potential sabotage, it seeks to expedite repairs and minimise disruptions. ITU Deputy Secretary-General Tomas Lamanauskas emphasised the importance of this effort, citing the impact cable failures have on economies and societies worldwide.

As cable disruptions become increasingly common, experts believe the UN’s efforts will help stabilise a crucial global network. A follow-up summit in Nigeria is planned for February, continuing discussions on enhancing undersea cable resilience and safeguarding international data flow.