The London Internet Exchange (LINX) will expand its presence in Africa, announcing plans to open new internet exchange points (IXPs) in Ghana and Kenya by early 2025. This move aims to strengthen connectivity in both West and East Africa, where demand for internet services continues to grow rapidly.
In Ghana, LINX Accra will launch in phases with data centres from Onix and PAIX, enabling a robust and interconnected system. This setup will allow networks to connect at LINX Accra through a single cross-connect, enhancing redundancy and interconnectivity. The phased rollout is expected to significantly support Ghana’s local internet service providers and infrastructure.
In Kenya, LINX Mombasa will be the first IXP at the iColo MBA2 facility in partnership with local data centre provider iColo, a subsidiary of Digital Realty. Built to mirror LINX’s existing IXP in Nairobi, the Mombasa site will provide high-speed services through 100G ports and strengthen interconnection across the East African region.
Both Ghana and Kenya, strategically positioned on Africa’s coastlines, benefit from numerous submarine cable landing points. LINX believes these new IXPs will establish Ghana and Kenya as key internet traffic hubs in Africa, boosting local ISP growth and supporting international connectivity.
The incoming European Commissioner for Tech Sovereignty, Security, and Democracy, Henna Virkkunen, expressed dissatisfaction with the limited action taken by EU member states to exclude high-risk telecom suppliers, such as China’s Huawei and ZTE, from critical infrastructure. During her confirmation hearing in the European Parliament, Virkkunen noted that although the European Commission adopted 5G security measures in 2020, fewer than half of the EU member states have implemented restrictions on these suppliers. She indicated that this issue will be addressed in the planned revision of the Cyber Security Act next year and stressed the need for more serious action from national governments.
Virkkunen also pointed out that while the EU had adopted the 5G Cybersecurity Toolbox to protect telecom networks, only 11 of the 27 member states have fully implemented measures, including bans and restrictions on high-risk vendors. In addition to her efforts to strengthen cybersecurity, Virkkunen plans to propose a Digital Networks Act in 2025 to overhaul telecom regulations and boost investment and connectivity. On the topic of US Big Tech compliance with EU rules, she reaffirmed the importance of cooperation but emphasised that all companies must adhere to EU regulations, including those set out in the Digital Services Act.
Germany is strengthening its cyber defences as elections approach, with Interior Minister Nancy Faeser highlighting the need for robust protections against cyber-attacks and disinformation. Faeser warned of potential threats from Russia and other foreign actors, stressing that democracy must also be safeguarded in the digital realm.
The annual report from the Federal Office for Information Security pointed to Germany’s vulnerability to hybrid threats, which include hacking, manipulation, and disinformation. Faeser confirmed plans to bolster cybersecurity, aiming to counteract any attempts at digital interference that could destabilise the election process.
Germany’s snap elections are set for early next year, following the collapse of Chancellor Olaf Scholz’s coalition government amid economic concerns and rising populism. While recent elections saw no major cybersecurity incidents, authorities continue to monitor for risks.
With the political landscape in flux, security agencies remain vigilant. Enhanced measures are in place to detect and address cyber threats as the nation prepares for a potentially turbulent electoral period.
The US Transportation Security Administration (TSA) has proposed a new cybersecurity rule designed to strengthen the resilience of surface transportation infrastructure. Specifically, the rule mandates high-risk operators, including those in the pipeline, railroad, and bus sectors, to implement comprehensive Cyber Risk Management (CRM) programs to manage and mitigate cybersecurity risks.
In addition to this, operators will be required to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA) and physical security concerns to TSA. Furthermore, the rule stipulates that operators must develop and maintain detailed cybersecurity plans, including a Cybersecurity Assessment Plan (CAP) for annual evaluations and a Cybersecurity Operational Implementation Plan (COIP) to guide improvements.
These plans must incorporate governance structures, designate cybersecurity coordinators, and undergo regular audits to assess their effectiveness. Moreover, the rule promotes a defence-in-depth approach to cybersecurity by including system monitoring, patch management, and incident response planning, all of which aim to reduce the impact of cyberattacks.
Additionally, TSA seeks public feedback on the rule’s potential compliance burdens, economic impacts, and ways to streamline the process, particularly for smaller entities. TSA’s initiative reflects a broader commitment to enhancing the cybersecurity posture of surface transportation systems while ensuring regulatory consistency across federal, state, and local levels.
Why does it matter?
The agency is seeking input on reducing redundancies and improving alignment with existing regulations, particularly in cybersecurity training and personnel vetting for high-risk industries. By gathering feedback, TSA aims to refine the rule and ensure it effectively addresses the evolving cyber threats facing the nation’s critical transportation infrastructure.
The UK government has ordered China-registered Future Technology Devices International Holding Ltd to sell the majority stake—80.2%—in Scottish chipmaker FTDI, citing national security concerns. The government voiced concerns that UK-developed semiconductor technology and intellectual property could be misused if controlled by foreign interests that have been considered potentially harmful.
This directive requires FTDI’s Chinese parent company to follow a set procedure and timeline to complete the sale. The move highlights the UK’s efforts to protect sensitive technology sectors and its vigilance over foreign investments that may impact national security.
Increasingly, governments worldwide are scrutinising tech-related investments, especially in semiconductor industries, due to the strategic importance of chip technologies in national defence, infrastructure, and critical sectors.
A Chinese state-sponsored hacking group, Volt Typhoon, reportedly breached Singapore Telecommunications (SingTel) in June as part of a broader cyber campaign targeting telecom companies and critical infrastructure globally.
SingTel confirmed that malware was detected during the breach but assured there was no data exfiltrated or service disruption. The company took immediate action, reporting the incident to authorities, though it could not confirm if the breach was the same event mentioned in media reports.
Chinese officials have denied involvement in the attack, with a spokesperson asserting that China opposes all forms of cyberattacks. Volt Typhoon, previously linked to cyberattacks on critical US infrastructure, is believed to have used this incident as a test for potential future attacks on US telecom firms. The breach highlights the growing concerns over Chinese cyber activities targeting global critical infrastructure.
The head of US cybersecurity, Jen Easterly, announced Monday that, despite an increase in disinformation targeting the 2024 presidential election, there has been no evidence of interference capable of affecting the election outcome. Easterly noted the unprecedented levels of false information spreading across online platforms, much of which has been attributed to foreign actors aiming to sow division among voters.
US authorities have pointed to Russia as one of the primary sources of election-related disinformation, including a widely circulated fake video in Georgia showing an immigrant falsely claiming to have voted multiple times. Officials say that similar tactics are expected to continue beyond Election Day, targeting trust in the electoral process through to January.
Easterly assured voters that election security is stronger than ever, thanks to enhanced protective measures and improved preparedness across voting jurisdictions. Her message emphasised the government’s ongoing commitment to maintaining safe, secure, and reliable elections for all Americans.
The 34th International Conference of the Red Cross and Red Crescent has adopted a new resolution to protect civilians and essential infrastructure from the potential risks posed by ICT activities during armed conflict. Recognising the increased likelihood of information and communication technologies (ICTs) being used in future conflicts, the resolution addresses the need to safeguard civilian lives and critical systems from the unintended human costs of these operations.
The resolution highlights concerns over the malicious use of ICT capabilities by parties in conflict, noting that such activities could impact protected persons and objects, including essential infrastructure like power, water, and healthcare systems. It underscores that these civilian objects are crucial for survival and should remain unaffected during hostilities. The resolution further emphasises the importance of preventing these activities from crossing international borders, which could inadvertently impact civilians in other regions.
Acknowledging the limited resources and capacities of some states and humanitarian organisations, the resolution also draws attention to the vulnerability this may create. Without adequate defences, states and components of the Red Cross and Red Crescent Movement could face greater risks from cyber incursions during the conflict.
Another focus of the resolution is the potential for civilians to become involved in cyber activities related to conflict, either by conducting or supporting operations. It points to the need for greater awareness of the risks and legal implications, as civilians may need to fully understand the consequences of their involvement in ICT-related activities in conflict situations.
The resolution also calls for further study and dialogue on how international humanitarian law (IHL) applies to ICT activities in warfare. It acknowledges that while IHL traditionally protects civilians and critical infrastructure during conflict, the unique characteristics of cyberspace may require additional interpretation and understanding.
By adopting this resolution, the Red Cross aims to ensure that, as the nature of conflict changes, a strong international framework remains to protect civilians and essential infrastructure from the emerging threats posed by cyber activities in armed conflict.
Google researchers announced a breakthrough in cybersecurity, revealing they have discovered the first vulnerability using a large language model. This vulnerability, identified as an exploitable memory-safety issue in SQLite—a widely used open-source database engine—marks a significant milestone, as it is believed to be the first public instance of an AI tool uncovering a previously unknown flaw in real-world software.
The vulnerability was reported to SQLite developers in early October, who promptly addressed the issue on the same day it was identified. Notably, the bug was discovered before being included in an official release, ensuring that SQLite users were unaffected. Google emphasised this development as a demonstration of AI’s significant potential for enhancing cybersecurity defences.
The initiative is part of a collaborative project called Big Sleep, which involves Google Project Zero and Google DeepMind, stemming from previous efforts focused on AI-assisted vulnerability research.
Many companies, including Google, typically employ a technique known as ‘fuzzing,’ where software is tested by inputting random or invalid data to uncover vulnerabilities. However, Google noted that fuzzing often needs to improve in identifying hard-to-find bugs. The researchers expressed optimism that AI could help bridge this gap. ‘We see this as a promising avenue to achieve a defensive advantage,’ they stated.
The identified vulnerability was particularly intriguing because it was missed by existing testing frameworks, including OSS-Fuzz and SQLite’s internal systems. One of the key motivations behind the Big Sleep project is the ongoing challenge of vulnerability variants, with more than 40% of zero-day vulnerabilities identified in 2022 being variants of previously reported issues.
The US Federal Communications Commission (FCC) is set to review its oversight of global undersea communications cables, marking the first major revision of its rules since 2001. Undersea cables, which carry over 95% of the world’s internet traffic, are seen as increasingly vulnerable to cyber threats and foreign interference, particularly from China and Russia. On 21 November, FCC Chair Jessica Rosenworcel plans to address how the commission’s regulations could adapt to the evolving economic and security challenges facing these crucial cables.
A bipartisan group of senators recently urged the Biden administration to prioritise securing the United States’ undersea infrastructure, highlighting concerns about possible sabotage and the growing involvement of Chinese firms in cable laying and maintenance. Washington has already restricted China from participating in key subsea cable contracts, citing espionage risks, and prevented direct connections between US territory and mainland China or Hong Kong.
In recent years, the US has blocked or canceled multiple subsea cable projects linked to China, emphasising the need to protect internet traffic from potential rerouting and mismanagement. The upcoming FCC review underscores the agency’s commitment to ensuring the resilience of global data flows, with potential policy shifts expected to impact both domestic and international internet security.
