Critical infrastructure

European Commission targets end-to-end encryption and proposes expanding Europol’s powers into an EU-level FBI equivalent

The European Commission announced ProtectEU, a new internal security strategy that sets out the broad priorities it intends to pursue in the coming years in response to evolving security challenges. While the document outlines strategic objectives, it does not include specific legislative proposals.

The Commission highlighted the need to revisit the European Union’s approach to internal security, citing what it described as ‘a changed security environment and an evolving geopolitical landscape.’ Among the identified challenges are hybrid threats from state and non-state actors, organised crime, and increasing levels of online criminal activity.

One of the key elements of the strategy is the proposed strengthening of Europol’s operational role. The Commission suggests developing Europol into a truly operational police agency to reinforce support to member states, with the capacity to assist in cross-border, large-scale, and complex investigations that present serious risks to the Union’s internal security.

That would bring Europol closer in function to agencies such as the US Federal Bureau of Investigation. The strategy also notes the Commission’s intention to develop roadmaps on ‘lawful and effective access to data for law enforcement’ and encryption.

The strategy aims to ‘identify and assess technological solutions that would enable law enforcement authorities to access encrypted data lawfully, safeguarding cybersecurity and fundamental rights.’ These issues continue to be the subject of technical and legal discussion across jurisdictions.

Other aspects of the strategy address long-standing challenges within the EU’s security framework, including limited situational awareness and coordination at the executive level. The strategy proposes enhancing intelligence-sharing through the EU’s Single Intelligence Analysis Capacity, a mechanism for the voluntary sharing of intelligence by member states, which is currently supported by open-source analysis.

The report further emphasised that the effectiveness of any reforms in this area would depend on the commitment of member states, citing ongoing challenges related to differing national priorities and levels of political alignment. In addition, the Commission announced its intention to propose a new Cybersecurity Act and new measures to secure cloud and telecom services and develop technological sovereignty.

For more information on these topics, visit diplomacy.edu.

Singapore issues new guidelines to strengthen resilience and security of cloud services and data centres

The Infocomm Media Development Authority (IMDA) has issued new Advisory Guidelines (AGs) intended to support the resilience and security of Cloud Services and Data Centres (DCs) in Singapore. The guidelines set out best practices for Cloud Service Providers (CSPs) and DC operators, aiming to reduce service disruptions and limit their potential impact on economic and social functions.

A wide range of digital services—including online banking, ride-hailing, e-commerce, and digital identity systems—depend on the continued availability of cloud infrastructure and data centre operations. Service interruptions may affect the delivery of these services.

The AGs encourage service providers to adopt measures that improve their ability to recover from outages and maintain operational continuity. The AGs recommend various practices to address risks associated with technical misconfigurations, physical incidents, and cybersecurity threats.

Key proposals include conducting risk and business impact assessments, establishing business continuity arrangements, and strengthening cybersecurity capabilities. For Cloud Services, the guidelines outline seven measures to reinforce security and resilience.

These cover security testing, access controls, data governance, and disaster recovery planning. Concerning Data Centres, the AGs provide a framework for business continuity management to minimise operational disruptions and maintain high service availability.

That involves the implementation of relevant policies, operational controls, and ongoing review processes. The development of the AGs forms part of wider national efforts led by the inter-agency task force on the Resilience and Security of Digital Infrastructure and Services.

These guidelines are intended to complement regulatory initiatives, including planned amendments to the Cybersecurity Act and the Digital Infrastructure Act (DIA) introduction, which will establish requirements for critical digital infrastructure providers such as major CSPs and DC operators. To inform the guidelines, the IMDA conducted consultations with a broad range of stakeholders, including CSPs, DC operators, and end user enterprises across sectors such as banking, healthcare, and digital platforms.

The AGs will be updated periodically to reflect technological developments, incident learnings, and further industry input. A coordinated approach is encouraged across the digital services ecosystem. Businesses that provide digital services are advised to assess operational risks and establish appropriate business continuity plans to support service reliability.

The AGs also refer to international standards, including IMDA’s Multi-Tier Cloud Security Standard, the Cloud Security Alliance Cloud Controls Matrix, ISO 27001, and ISO 22301. Providers are encouraged to designate responsible personnel to oversee resilience and security efforts.

These guidelines form part of Singapore’s broader strategy to strengthen its digital infrastructure. The government will continue to engage with sectoral regulators and stakeholders to promote resilience, cybersecurity awareness, and preparedness across industries and society.

As digital systems evolve, sustained attention to infrastructure resilience and security remains essential. The AGs are intended to support organisations in maintaining reliable services while aligning with recognised standards and best practices.

For more information on these topics, visit diplomacy.edu.

US Cyber Command integrates generative AI for enhanced cybersecurity operations

A senior official at US Cyber Command has stated that the agency has begun employing generative AI tools to significantly reduce the time required to analyse network traffic for potentially malicious activity. Speaking at an event hosted by the Information Technology Industry Council in Washington, D.C., Executive Director Morgan Adamski said Cyber Command is already observing operational benefits from its efforts to integrate AI across various mission areas, particularly in cybersecurity functions.

Cyber Command developed an AI roadmap last year outlining approximately 100 tasks to embed AI into logistics, security operations, and national defence functions. An AI task force within the Cyber National Mission Force conducts 90-day development cycles to test and integrate large language models and other AI technologies into command operations.

The task force is responsible for deploying, evaluating, and assessing the viability of these tools for broader implementation. The agency also examines how AI can be adopted at scale across its cybersecurity enterprise.

General Timothy Haugh, Commander of Cyber Command, noted last year that the task force was created ‘to move us from opportunistic AI application to systematic adoption.’ Through its Constellation initiative—a collaboration with the Defense Advanced Research Projects Agency (DARPA)—Cyber Command is working with private-sector AI firms to accelerate the deployment of new capabilities.

One such tool enables continuous Department of Defense Information Network (DoDIN) monitoring, which supports over three million global users daily. Adamski explained that the tool is strategically placed within key segments of the DoDIN where known adversary tactics may appear.

‘We can monitor traffic at those points and have been able to identify previously unseen malicious activity,’ she said. She also highlighted Panoptic Junction, a pilot initiative led by Army Cyber Command that uses AI to monitor network traffic for compliance, threat intelligence, and anomaly detection.

According to Adamski, the project produced results that have prompted considerations for wider adoption across the DoDIN.

For more information on these topics, visit diplomacy.edu.

Microsoft rethinks AI data centre strategy amid market shifts

Microsoft has reportedly scaled back or delayed several major data centre projects, just three months after announcing plans to invest $80 billion in AI infrastructure through the current fiscal year.

According to Bloomberg, the company has paused developments in multiple locations, including Australia, Indonesia, the United Kingdom, and US states such as Illinois, North Dakota, and Wisconsin.

Instead of denying the report, Microsoft confirmed adjustments to its plans, citing the need for long-term flexibility. A spokesperson said the company continuously reviews future infrastructure needs to ensure alignment with growing AI demand, adding that the changes reflect Microsoft’s adaptable strategy.

The halted projects include negotiations for high-performance AI chip facilities in the UK and a site near Chicago, along with construction delays in Jakarta and Wisconsin.

These moves come amid growing scrutiny over whether the AI sector is entering a bubble, especially as emerging models challenge the assumption that vast computing power is always necessary for innovation.

Instead of sticking to high-cost development, Microsoft may be responding to a new trend: efficient, lower-cost AI models from Chinese firms that rival those of Western tech giants.

With AI development costs dropping and access expanding, Microsoft’s strategic pause could reflect a shift towards a more sustainable and agile future in AI infrastructure.

For more information on these topics, visit diplomacy.edu.

India among few developing nations with strong AI investment

India and China were the only developing nations to attract notable private investment in AI in 2023, according to the UN’s Technology and Innovation Report 2025. Instead of the US simply leading the field, it dominated with $67 billion in AI investment, accounting for 70 per cent of the global total.

China followed with $7.8 billion, while India ranked tenth worldwide with $1.4 billion. Instead of being evenly distributed, access to AI infrastructure and research remains heavily concentrated in a handful of countries, mainly the US and China.

India’s rise in the AI space stems from policy-driven innovation and education rather than organic growth alone. It climbed to 36th place out of 170 on the UNCTAD Frontier Technologies Readiness Index in 2024, improving from 48th in 2022.

Instead of only focusing on economic size, the index measures readiness through ICT availability, skills, R&D, industrial capacity, and financing. India performed well in R&D and industrial capacity but fell behind in ICT access and skill development.

India has supported its AI ecosystem through collaboration between the government, academia, and the private sector. The country hosts a large developer base, around 13 million, and contributes actively to generative AI projects on platforms like GitHub.

Programmes such as the India AI Mission aim to boost AI education and innovation in smaller cities, instead of keeping progress limited to major urban centres. Institutes like IIT Hyderabad and IIT Kharagpur were named among the country’s key centres of AI excellence.

Still, India faces challenges in expanding its AI capabilities across all sectors. Instead of allowing AI to widen inequalities, the report urges investment in workforce reskilling and inclusion. While AI can boost productivity, it may also displace jobs unless paired with supportive policies.

The technology, if harnessed wisely, could create new industries and strengthen employment rather than replace it.

For more information on these topics, visit diplomacy.edu.

UK government announces new cyber bill to strengthen national defences and protect critical infrastructure

The UK government has unveiled plans for a new Cyber Security and Resilience Bill aimed at enhancing the country’s ability to defend against the growing risk of cyber threats. Scheduled to be introduced later this year, the Bill forms a key part of the government’s broader strategy to protect critical national infrastructure (CNI), support economic growth, and ensure the resilience of the UK’s digital landscape.

The forthcoming legislation will focus on bolstering the cyber resilience of essential services—such as healthcare, energy, and IT providers—that underpin the economy and daily life. Around 1,000 vital service providers will be required to meet strengthened cyber security standards under the new rules. These measures are designed to safeguard supply chains and key national functions from increasingly sophisticated cyber attacks affecting both public and private sectors.

In addition, the government is considering extending cyber security regulations to over 200 data centres across the country. These centres are integral to the functioning of modern finance, e-commerce, and digital communication. By improving their security, the government hopes to safeguard services that rely heavily on data, such as online banking, shopping platforms, and social media.

If adopted, the government’s proposals include:

  • Expanding the scope of the NIS Regulations. The scope of the Network and Information Systems (NIS) Regulations would be broadened to include a wider range of organisations and suppliers. This expansion would bring data centres, Managed Service Providers (MSPs), and other critical suppliers under the regulatory framework, ensuring that more entities are held to high standards of cyber security and resilience.
  • Enhanced regulatory powers. Regulators would be equipped with additional tools to strengthen cyber resilience within the sectors they oversee. This includes new obligations for organisations to report a broader range of significant cyber incidents, enabling faster and more informed responses to emerging threats.
  • Greater Flexibility to Adapt. The government would gain increased flexibility to update the framework in line with the evolving threat landscape. This means regulations could be swiftly extended to cover new and emerging sectors, ensuring the UK remains agile in the face of dynamic cyber risks.
  • New Executive Powers for National Security. In circumstances where national security is at stake, the government would be granted new executive powers to act decisively in response to serious cyber threats.

For more information on these topics, visit diplomacy.edu.

Japan passes landmark cyber defence bill

Japan has passed the Active Cyber Defence Bill, which permits the country’s military and law enforcement agencies to undertake pre-emptive measures in response to cyber threats.

The legislation adopts a two-pronged approach, focusing on both passive and active cyber defence. It includes the establishment of a cybersecurity council and an oversight committee to enhance threat analysis and information-gathering capabilities. The bill also introduces new requirements for critical infrastructure providers to report cybersecurity incidents promptly. Additionally, it enables the government to collect technical information—such as IP addresses and timestamps—from telecommunications providers in cases where a potential cyberattack is identified, to monitor communications between Japan and external actors.

The legislation also grants the military powers to carry out active measures against cyber threats. This includes the deployment of ‘cyber harm-prevention officers’, tasked with actions such as disrupting servers involved in cyberattacks and responding to critical incidents.

While the bill is positioned as part of Japan’s broader efforts to strengthen its cyber resilience, some commentary has raised questions about the balance between security and oversight.

For more information on these topics, visit diplomacy.edu.

Nokia expands 5G partnership with Airtel

Nokia has signed a multi-year deal with Bharti Airtel to expand their core network collaboration instead of maintaining a limited partnership, aiming to enhance 5G service delivery.

The move will integrate 5G and 4G technologies into a unified server setup instead of running them separately, while also helping Airtel grow its 4G/5G customer base.

Nokia’s Fixed Wireless Access (FWA) will provide additional solutions for home broadband and enterprise-critical applications instead of relying solely on traditional infrastructure.

The rollout will cover network automation across most Airtel service regions in India, helping the telecom giant optimise its hardware footprint and reduce costs per bit by using appliance-based Packet Core gateways.

Airtel CTO Randeep Sekhon highlighted that Nokia’s Packet Core deployment will improve network quality and reliability instead of allowing congestion to impact customers.

Nokia’s president of cloud and network services, Raghav Sahgal, emphasised that this collaboration strengthens Airtel’s 5G standalone (SA) readiness, reinforcing Nokia’s leadership in core network solutions in India and globally.

For more information on these topics, visit diplomacy.edu.

Dutch police struggle with cyberattacks and underfunding

A leaked report has revealed serious financial and digital failings within the Dutch police, including unchecked spending on IT and cybersecurity.

Auditors from Ernst & Young found that the force must cut €160 million, raising concerns over national security and officer safety.

The Dutch Police Union warns that chronic understaffing, daily cyberattacks and a lack of digital resilience have pushed the system to breaking point.

A September data breach affected nearly all officers, and experts say over €300 million is needed to restore proper infrastructure.

Police Chief Janny Knol acknowledged the force underestimated the costs of digital transformation.

Merged systems from 24 regional departments have caused spiralling maintenance issues, while key tech projects run over budget and behind schedule. Urgent reforms are now planned.

For more information on these topics, visit diplomacy.edu.

Ukrzaliznytsia reopens online ticket sales amid ongoing disruptions

Ukraine’s state-owned railway, Ukrzaliznytsia, has partially restored its online services following a large-scale cyber attack that disrupted passenger and freight transport systems. The attack, first reported on Sunday, forced passengers to buy tickets in person as the IT system went offline.

Ukrzaliznytsia announced that online ticket sales and refunds are now available in a backup format. However, due to high demand, technical interruptions may still occur, and passengers are advised to use the service only for urgent travel.

Despite ongoing challenges, the company reported that 12,000 tickets were successfully purchased through its online system after the restoration. The railway operator continues to monitor the situation and work towards fully stabilising its services in Ukraine.

For more information on these topics, visit diplomacy.edu.