Critical infrastructure

China amends law to tackle data fraud

Top legislative body in China has approved changes to its statistics law to combat data fraud. The move addresses growing concerns over the reliability of economic figures in the world’s second-largest economy. Amended regulations aim to prevent statistical manipulation and penalise officials involved in falsifying economic reports.

Authorities have acknowledged persistent problems with statistical fraud, which has led to public mistrust in economic data. The issue has become a major focus for lawmakers, as many believe it harms the accuracy of important economic indicators.

External analysts have long questioned the authenticity of Chinese data, particularly as the country grapples with an economic slowdown. The new law is part of ongoing efforts to restore confidence by cracking down on fraudulent reporting.

Government in China has vowed to investigate and penalise officials involved in data manipulation, seeking to improve transparency and the overall quality of economic statistics.

Surge in cyberattacks targets US utilities

Cyberattacks targeting US utilities surged nearly 70% this year, according to data from Check Point Research. The energy sector is particularly vulnerable, with outdated software systems making utilities easier targets. Despite the spike in incidents, none of the attacks have yet caused severe damage, but experts warn that a coordinated effort could be disastrous, affecting essential services and resulting in major financial losses.

Check Point data showed an average of 1,162 cyberattacks through August, compared to 689 in 2023. These figures highlight the increasing risks as the US power grid rapidly expands to meet higher energy demand, particularly from new sectors such as AI data centres. Experts say the grid’s rapid growth creates more potential entry points for attackers.

Outdated Internet of Things (IoT) and Incident Command Systems (ICS) used by many utilities are not as secure as other industries’ advanced software, putting critical infrastructure at heightened risk. Regulations like NERC’s Critical Infrastructure Protection provide only a basic level of security, which some experts argue is insufficient given the growing threats.

The financial impact of cyber breaches in the energy sector has been significant. In 2022, IBM reported the average cost of a data breach in the sector reached $4.72 million. With the 2024 US election approaching, cybersecurity experts expect an even greater surge in cyberattacks on essential infrastructure.

Data centres now deemed critical national infrastructure in the UK

Great Britain has recently designated its data centres as critical national infrastructure,’ a move designed to bolster their protection against cyber threats. This new classification aligns data centres with other essential services, such as water and energy, highlighting their importance in maintaining the country’s communications and economy.

The announcement comes amidst significant investment in the sector. This includes a £3.75 billion plan by DC01UK to build Europe’s largest data centre in Hertfordshire and an £8 billion commitment by Amazon Web Services for UK operations over the next five years. These investments underscore the increasing importance of securing digital infrastructure.

UK technology minister Peter Kyle emphasised that the new designation would improve collaboration between the government and data centre operators. This collaboration aims to prevent disruptions and protect against cybercriminals. This move follows recent incidents such as the CrowdStrike outage in July, which revealed vulnerabilities in digital infrastructure and underscored the need for increased security.

Microsoft hosts a cybersecurity summit after global IT outage

Microsoft is set to host a cybersecurity summit on Tuesday, following a significant global IT outage in July caused by a faulty software update from security firm CrowdStrike. The outage, which affected nearly 8.5 million Windows devices and disrupted industries like airlines, banks, and healthcare, highlighted vulnerabilities in the cybersecurity landscape.

The summit, held at Microsoft’s Redmond headquarters, will bring together government representatives to discuss ways to strengthen cybersecurity systems. The July incident raised concerns about organisations’ ability to handle system failures and the risks of relying heavily on a single vendor for security solutions.

One of the most impacted companies, Delta Air Lines, reported mass flight cancellations due to the outage, resulting in losses of at least $500 million. The airline is now pursuing legal action against both CrowdStrike and Microsoft.

Japan and Australia launch Pacific Digital Development Initiative

Japan and Australia have recently strengthened their collaboration to enhance economic security for Pacific Island nations, responding to China’s growing influence in the region. The initiative was formalised during a ‘two-plus-two’ meeting of foreign and defence ministers, where both countries committed to establishing the Japan-Australia Pacific Digital Development Initiative.

That framework aims to support the development of telecommunications infrastructure, including installing submarine cables, which are crucial for secure communication. By investing in these projects, Japan and Australia aim to reduce the reliance of Pacific Island nations on Chinese technology, which poses potential security risks due to vulnerabilities in data extraction and disruption.

Additionally, Japan and Australia are upgrading their Economic Security Dialogue and enhancing military collaboration as part of their broader security initiative. The Economic Security Dialogue will explore practical cooperation against economic coercion from China, focusing on enhancing the financial resilience of Pacific Island nations. The two countries are also dispatching a liaison officer from Japan’s Self-Defense Forces to Australia’s Joint Operations Command to improve operational coordination and strengthen their collective defence posture.

Furthermore, both nations have reaffirmed their strong opposition to unilateral attempts to alter the status quo in the East and South China Seas, emphasising their commitment to regional stability and international law.

NTIA launches inquiry to support US data centres’ growth

The US National Telecommunications and Information Administration (NTIA) has launched an inquiry to address the challenges surrounding US data centres’ growth, resilience, and security. This initiative is crucial in light of the increasing demand for computing power driven by advancements in AI and other emerging technologies. Currently, the US has over 5,000 data centres, with demand projected to grow by approximately 9% annually through 2030, highlighting their role as foundational elements of a secure technology ecosystem.

To effectively tackle these challenges, the NTIA has issued a Request for Comment (RFC) to solicit stakeholders’ input on various data centre growth issues. Key focus areas include supply chain resilience, access to trusted equipment, energy demands, and the need for a specialised workforce. The RFC also explores the implications of data centre modernisation on society and the necessary data security practices for facilities hosting AI models. Insights from this inquiry will help develop comprehensive policy recommendations supporting sustainable and resilient data centre growth.

The inquiry is being conducted in coordination with the Department of Energy (DOE), highlighting the importance of addressing energy challenges associated with data centres. The collaboration aims to ensure the US can meet the energy demands of expanding data centre infrastructure while promoting clean energy solutions. The feedback received from the RFC will inform a report that outlines actionable recommendations for the US government, ultimately fostering a robust data centre ecosystem capable of supporting future technological advancements.

USDA faces mounting criticism over cybersecurity vulnerabilities in the food and agriculture sector

Experts warn that the potential for disaster in the food and agriculture sector is immense. The US Department of Agriculture (USDA) is tasked with preventing such crises by securing the sector’s infrastructure from physical and cyber threats. However, in today’s increasingly digital world, the USDA is alarmingly unprepared to fulfil this role, according to policymakers, independent experts, and even the department’s reports to Congress.

That crucial responsibility is handled by a small, underfunded office within the USDA, which is already stretched thin with other duties. The department’s leadership rarely highlights the serious cyber threats facing the food and agriculture industry. This industry contributed over 5% to the US economy and provided about 10% of the nation’s jobs last year. Despite these pressing risks, it remains uncertain whether the department has made meaningful progress in addressing them.

While other agencies that protect critical infrastructure have been proactive in confronting cyber threats, the USDA needs to be faster to act, even as industry stakeholders become increasingly anxious about their digital vulnerabilities. The food and agriculture sector has largely remained under the radar regarding cybersecurity, with hackers focusing on more profitable targets for now. But this reprieve is unlikely to last indefinitely. The 2021 ransomware attack on meat-processing giant JBS, which forced the closure of plants across the country and threatened to disrupt beef prices, served as a wake-up call about the sector’s vulnerabilities.

Over the past decade, the cyber risks to food and agriculture have escalated as automation has become more widespread across the industry. Technology has become deeply embedded in modern agriculture, from tractors guided by GPS and cloud-connected devices controlling planting patterns to drones (some manufactured in China) surveying and spraying crops and automated systems managing livestock feeding. That integration extends through the entire supply chain, from food processors to distributors, making it more vulnerable to cyberattacks.

However, these technological advancements were adopted mainly before the rise in cyber threats to critical infrastructure, leading to serious concerns about the security of the US food supply. Cyberattacks on the food system could manifest in various ways, and one of the most severe concerns involves manipulating food safety data, either by concealing a food-borne illness or by falsely creating evidence of one.

Why does this matter?

The USDA still needs to provide interviews. However, a spokesperson emphasised that the department remains ‘committed to enhancing our cyber capabilities, promoting cyber awareness across the sector, and raising the industry’s cyber profile, despite the limited funding allocated by Congress for this purpose.’

The department also stays engaged with the sector through biweekly email updates, periodic meetings with industry leaders, and organised threat briefings. Additionally, when pro-Russian hacktivists targeted the sector earlier this year, Detlefsen noted that USDA quickly brought in him and his colleagues to discuss the situation. According to Scott Algeier, executive director of the Food and Agriculture ISAC, the USDA is ‘doing well’ in its role as a policy coordinator, collaborator, and convener’ while allowing the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to handle the technical aspects of cybersecurity.

Latvian cybersecurity officials warn of cyberattacks linked to Russia and Belarus

Latvian cybersecurity officials report that politically motivated hackers linked to Russia and Belarus are launching a new wave of cyberattacks against the Latvian government and critical infrastructure websites. The attacks aim to disrupt access rather than steal sensitive data, according to Baiba Kaskina, head of the Latvian Computer Emergency Response Team (CERT). Varis Teivans, deputy manager of Latvian CERT, highlighted this trend two years ago in an interview with Recorded Future News.

In August, the frequency of attacks surged again, likely in response to Latvia’s new aid package to Ukraine, which includes drones and air defense systems. Vineta Sprugaine, a representative of the Latvian State Radio and Television Center, noted that such attacks often coincide with political decisions or holidays.

Most of these incidents involve distributed denial-of-service (DDoS) attacks, which temporarily slow down targeted websites. Kaskina described the attacks as “very large” in volume and “well customized” to their targets.

Russia-linked hacktivist groups, including NoName057(16) and Anonymous Guys, have claimed responsibility for the recent cyberattacks on Latvian websites, asserting they are retaliating against Latvia for supporting Ukraine. NoName057(16) declared on Telegram, “We continue to punish Russophobic Latvia for aiding the criminal Kyiv regime.”

Baiba Kaskina acknowledged that while Latvia is ‘well prepared’ for these attacks, the constantly evolving tactics of the hackers make them challenging to combat. She described the attacks on Latvia and other Baltic states as part of a ‘hybrid war’ aimed at creating societal panic and eroding trust in government institutions.

White House urges better security for internet routing protocol

The White House’s cybersecurity office urged network operators to adopt available measures to secure the Border Gateway Protocol (BGP), a critical yet vulnerable technology used for routing internet traffic. The new guidance highlights that BGP lacks sufficient security and resilience features against current risks, a concern that has persisted for 25 years.

BGP is used by networks to exchange routing information, such as internet addresses, with other networks. For example, a mobile network uses BGP to connect with a cloud service or residential broadband network. Without updates, BGP is susceptible to exploits by malicious actors. Hijacking BGP can redirect users to malicious sites, exposing them to theft or data breaches, and can also facilitate DDoS attacks or disrupt telecommunications.

The Office of the National Cyber Director (ONCD) recommends that network operators adopt Resource Public Key Infrastructure (RPKI), which involves digital certificates managed by Regional Internet Registries. RPKI supports technologies like Route Origin Validation (ROV) and Route Origin Authorization (ROA) to help networks verify reachable internet addresses.

The ONCD acknowledges that securing BGP is challenging and provides detailed guidance on the protocol. It notes that federal networks in the US have not fully implemented ROAs but aim to have over 60% of advertised IP space secured by the end of the year. The ONCD will lead a new Internet Routing Security Working Group, including the Cybersecurity and Infrastructure Security Agency (CISA) and industry partners.

India keeps tight restriction on Chinese telecom firms

The Indian government maintains strict restrictions on Chinese telecom equipment manufacturers like ZTE and Huawei, citing security concerns. Despite ZTE’s recent proposal to partner with Celkon Resolute to manufacture routers in Andhra Pradesh, the government’s stance remains unchanged. This is due to the National Security Directive, which prohibits using equipment from ‘non-trusted sources’ in India’s telecom networks, effectively barring these companies from participating in the 5G rollout and limiting their involvement in existing networks.

The ‘trusted sources’ policy enforced by the National Cyber Security Coordinator (NCSC) is central to the issue. ZTE and Huawei still need to meet the stringent compliance requirements, which include detailed disclosures about their operations and products. As a result, they remain excluded from India’s telecom projects. The Department of Telecommunications (DoT) has also asked operators to assess and report the use of non-trusted equipment in their networks, further limiting these companies’ prospects.

Although ZTE can manufacture consumer Wi-Fi equipment in India, these products can only be used in telecom networks with NCSC approval. The ZTE-Celkon partnership has stalled due to a lack of progress and clarity from the government. Despite some recent relaxations for Chinese companies in other sectors, the telecom equipment industry remains tightly regulated, with little chance of relief for ZTE and Huawei amid ongoing geopolitical tensions and cybersecurity concerns.