Cyberconflict and warfare

US Cyber Command proposes $5M AI Initiative for 2026 budget

US Cyber Command is seeking $5 million in its fiscal year 2026 budget to launch a new AI project to advance data integration and operational capabilities.

While the amount represents a small fraction of the command’s $1.3 billion research and development (R&D) portfolio, the effort reflects growing emphasis on incorporating AI into cyber operations.

The initiative follows congressional direction set in the fiscal year (FY) 2023 National Defense Authorization Act, which tasked Cyber Command and the Department of Defense’s Chief Information Officer—working with the Chief Digital and Artificial Intelligence Officer, DARPA, the NSA, and the Undersecretary of Defense for Research and Engineering—to produce a five-year guide and implementation plan for rapid AI adoption.

However, this roadmap, developed shortly after, identified priorities for deploying AI systems, applications, and supporting data processes across cyber forces.

Cyber Command formed an AI task force within its Cyber National Mission Force (CNMF) to operationalise these priorities. The newly proposed funding would support the task force’s efforts to establish core data standards, curate and tag operational data, and accelerate the integration of AI and machine learning solutions.

Known as Artificial Intelligence for Cyberspace Operations, the project will focus on piloting AI technologies using an agile 90-day cycle. This approach is designed to rapidly assess potential solutions against real-world use cases, enabling quick iteration in response to evolving cyber threats.

Budget documents indicate the CNMF plans to explore how AI can enhance threat detection, automate data analysis, and support decision-making processes. The command’s Cyber Immersion Laboratory will be essential in testing and evaluating these cyber capabilities, with external organisations conducting independent operational assessments.

The AI roadmap identifies five categories for applying AI across Cyber Command’s enterprise: vulnerabilities and exploits; network security, monitoring, and visualisation; modelling and predictive analytics; persona and identity management; and infrastructure and transport systems.

To fund this effort, Cyber Command plans to shift resources from its operations and maintenance account into its R&D budget as part of the transition from FY2025 to FY2026.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Ukraine strengthens cybersecurity ties with EU

Ukraine participated for the first time in the EU National Cybersecurity Coordination Centers meeting and the European Cybersecurity Competence Centre (ECCC) Steering Board in Rome.

The event, supported by Italy’s National Agency for Cybersecurity, focused on enhancing cooperation among EU member states and fostering a unified cyber community.

Natalia Tkachuk, Secretary of Ukraine’s National Coordination Center for Cybersecurity, highlighted the nation’s challenges and experiences in countering cyber threats amidst ongoing conflict.

She emphasized Ukraine’s role in both receiving and sharing cybersecurity knowledge to strengthen collective European security.

Discussions included the establishment of a joint Center of Competence for Cyber Resilience in Ukraine, aiming to counter Russian cyberattacks, disinformation, and sabotage.

The center will utilize artificial intelligence trained on unique Ukrainian data to enhance response capabilities.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Global instability fuels surge in cyberattacks

A surge in cyberattacks is fuelled by global instability, with businesses worldwide now facing heightened risks. A new report by GlobalData warns that rising geopolitical tensions are giving state actors, terrorists, hacktivists and cybercriminals more opportunities to strike.

Conflicts in Ukraine and the Middle East have created a volatile digital landscape. Cyberattackers are exploiting weakened defences, targeting both national infrastructure and private enterprises.

‘Those not after money are often motivated by revenge,’ the report states. The key perpetrators are disgruntled employees, unhappy customers, and ideologically driven hackers. While some attackers aim to cause reputational harm or attract attention, others seek to turn off critical systems.

Nation states, in particular, use cyberwarfare as a strategic tool against rival governments. Businesses are warned to prepare for disruption as cyber threats become more frequent and sophisticated. The report concludes that no organisation is immune in today’s digital and geopolitical uncertainty climate.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

FBI issues warning as airline cyberattacks rise, posing national security threat

Less than a year after the cyberattack that shut down Sea-Tac Airport, the FBI has issued a stark new warning: America’s airlines are now targets. The agency confirmed that the cybercrime gang Scattered Spider is actively attacking aviation systems.

This group, known for crippling MGM Resorts, uses social engineering to bypass security. By posing as airline staff, they access systems, steal data and deploy ransomware within hours of a breach.

WestJet, Hawaiian Airlines and Qantas have all been hit in the last two months alone. Qantas reported a data breach affecting more than six million passengers.

Today’s airlines depend on interconnected digital infrastructure. Disruption to crew scheduling, flight planning or maintenance can trigger chaos across entire networks.

The FBI says these attacks are shifting from isolated incidents to coordinated campaigns. Experts fear that state and non-state actors are watching closely, ready to exploit aviation vulnerabilities.

Aircraft are now flying data centres. Their connectivity brings both efficiency and risk. Flight safety could be at stake if attackers compromise weather feeds or ground systems.

Sea-Tac was a warning. What happens when multiple airports are targeted at once? Fictional scenarios are edging closer to reality.

Previous attacks — from Warsaw to London — exposed system weaknesses. The threat has only grown. It is no longer a question of if, but when.

The industry must act decisively. Stronger identity checks, hardened systems, and real-time intelligence sharing are no longer optional. Cybersecurity must become as essential as flight safety.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK plans new laws to tackle undersea cable sabotage

The UK government’s evolving defence and security policies aim to close legal gaps exposed by modern threats such as cyberattacks and sabotage of undersea cables. As set out in the recent Strategic Defence Review, ministers plan to introduce a new defence readiness bill to protect critical subsea infrastructure better and prepare for hostile acts that fall outside traditional definitions of war.

The government is also considering revising the outdated Submarine Telegraph Act of 1885, whose penalties, last raised in 1982 to £1,000, are now recognised as inadequate. Instead of merely increasing fines, officials from the Ministry of Defence and the Department for Science, Innovation and Technology intend to draft comprehensive legislation that balances civil and military needs, clarifies how to prosecute sabotage, and updates the UK’s approach to national defence in the digital age.

These policy initiatives reflect growing concern about ‘grey zone’ threats—deliberate acts of sabotage or cyber aggression that stop short of open conflict yet pose serious national security risks. Recent suspected sabotage incidents, including damage to subsea cables connecting Sweden, Latvia, Finland, and Estonia, have highlighted how vulnerable undersea infrastructure remains.

Investigations have linked several of these operations to Russian and Chinese interests, emphasising the urgency of modernising UK law. By updating its legislative framework, the UK government aims to ensure it can respond effectively to attacks that blur the line between peace and conflict, safeguarding both national interests and critical international data flows.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

FBI warns cybercriminals are targeting airline security systems

The FBI has warned that a notorious cybercrime group known as Scattered Spider has broadened its attacks to target the airline sector. The gang, previously linked to breaches at Caesars, MGM, Aflac, and UK retailers, employs sophisticated social‑engineering methods.

These criminals impersonate employees or contractors and persuade IT help‑desk staff to register unauthorised devices, bypassing multi‑factor authentication. FBI and cybersecurity experts stress that airlines and third‑party suppliers are at serious risk.

While their flight operations remained unaffected, recent incidents at WestJet and Hawaiian Airlines are consistent with Scattered Spider’s modus operandi. Help‑desk teams are urged to reinforce identity verification protocols to prevent such incursions.

The FBI is collaborating with aviation partners to share intelligence and assist victims. Warnings emphasise prompt reporting of suspicious requests and reviews of help‑desk procedures. In particular, staff should resist pressure to add MFA devices or reset credentials without rigorous authentication, no matter how credible or urgent the request may appear.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Pentagon backs $10M deal with AI firm to integrate LLMs across its command centres

Pentagon officials have awarded AI firm Ask Sage a $10 million contract to integrate large language models (LLMs) across all US Combatant Commands, the Joint Staff, and the Office of the Secretary of Defence. The collaboration seeks to harness generative AI to speed up battlefield decision‑making and streamline workflows.

Application benefits include operational planning, logistics, command and control, intelligence, cybersecurity, and weapons development. Ask Sage’s AI‑powered tools will be deployed through the US Army’s LLM workspace, seamlessly linking classified and unclassified networks.

Deployment of these models is expected to support more agile, informed military operations while navigating security and data‑sharing challenges inherent to classified environments. The deal marks a strategic continuation of the Pentagon’s wider AI and digital transformation efforts.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Ransomware attack hits Swiss government data

A ransomware attack on the Swiss non-profit Radix has led to the theft and online publication of sensitive government data. Radix, which carries out projects for various federal offices and public authorities, confirmed that the Sarcoma ransomware group breached its systems on 16 June.

According to the Swiss government, some stolen data has already appeared on the dark web.
Authorities are working with the National Cyber Security Centre (NCSC) to assess which federal offices were impacted and how severely.

While Radix has notified affected individuals, it states there is no evidence that sensitive data from its partner organisations was compromised. However, Sarcoma reportedly leaked 1.3TB of documents online, including financial records, contracts, and private correspondence.

Sarcoma is a relatively new but aggressive cybercrime group that began operating in late 2024. It typically gains access through phishing emails, outdated software vulnerabilities, and supply chain weaknesses.

The group has claimed dozens of victims and is known for publishing stolen data if ransom demands are not met.

However, this marks the second serious incident involving Swiss government data in recent months. In March, the government disclosed that a breach at another third-party provider, Xplain, had exposed tens of thousands of documents containing personal details.

The Swiss authorities are urging continued vigilance as investigations into the Radix breach continue.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hacktivist attacks surge in Iran–Israel tensions

The Iran–Israel conflict has now expanded into cyberspace, with rival hacker groups launching waves of politically driven attacks.

Following Israel’s military operation against Iran, pro-Israeli hackers known as ‘Predatory Sparrow‘ struck Iran’s Sepah Bank, deleting data and causing significant service disruption.

A day later, the same group targeted Nobitex, Iran’s largest crypto exchange, stealing and destroying over $90 million in assets.

Cyber attacks intensified in the days before and after Israeli strikes. According to NSFOCUS, cyberattacks on Iran peaked three days before the military operation, suggesting pre-attack reconnaissance.

In retaliation, pro-Iranian hackers escalated attacks on Israel on 16 June, focusing on government systems, aerospace, and education.

While attacks on Iran have been fewer, Israeli systems have faced over 1,300 attacks in 2025 alone, with 37% of all global hacktivist activity aimed at Israel since the conflict began.

However, analysts note these attacks have been high in volume but limited in impact. Their malware tactics involve evading antivirus software, deleting data, and turning off recovery systems.

NSFOCUS warns that geopolitical tensions are turning hacktivist groups into informal cyber proxies. Though not formally state-backed, these loosely organised actors align closely with national interests.

As traditional defences lag, cybersecurity experts argue that national infrastructure must adopt more strategic, coordinated defence measures instead of fragmented responses, especially during crises and conflicts.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyber Command and Coast Guard establish task force for port cyber defence

US Cyber Command has joined forces with the Coast Guard in a major military exercise designed to simulate cyberattacks on key port infrastructure.

Known as Cyber Guard, the training scenario marked a significant evolution in defensive readiness, integrating for the first time with Pacific Sentry—an Indo-Pacific Command exercise simulating conflict over Taiwan.

The joint effort included the formation of Task Force Port, a temporary unit tasked with coordinating defence of coastal infrastructure.

The drill reflected real-world concerns over the vulnerability of US ports in times of geopolitical tension, and brought together multiple combatant commands under a unified operational framework.

Rear Admiral Dennis Velez described the move as part of a broader shift from isolated training to integrated joint force operations.

Cyber Guard also marked the activation of the Department of Defense Cyber Defense Command (DCDC), previously known as Joint Force Headquarters–DOD Information Network.

The unit worked closely with the Coast Guard, signalling the increasing importance of cyber coordination across military branches when protecting critical infrastructure.

Port security has featured in past exercises but was previously handled as a separate scenario. Its inclusion within the core structure of Cyber Guard suggests a strategic realignment, ensuring cyber defence is embedded in wider contingency planning for future conflicts.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.