Cyberconflict and warfare

Geopolitical tensions drive OT and ICS cyberattacks, a new report warns

Attacks on operational technology (OT) networks have increased, driven in part by geopolitical factors, with OT security gaining broader attention, according to the annual report from Dragos.

In 2024, two additional threat groups began targeting OT systems, bringing the total number of known active groups to nine.

Additionally, researchers from Dragos identified two new malware families designed to compromise industrial control systems (ICS).

According to Dragos’ annual report, barriers to OT/ICS attacks have lowered, making these systems more accessible targets for adversaries.

Ransomware attacks against OT/ICS asset owners also increased by 87% in 2024, with the number of ransomware groups targeting these systems growing by 60%.

Dragos monitors 23 threat groups that engage with OT networks for intelligence gathering or system manipulation. Nine of these groups were active in 2024, including two newly identified ones.

For more information on these topics, visit diplomacy.edu

Musk blames ‘major cyberattack’ for X outage, points to Ukraine

Elon Musk’s social media platform, X, experienced widespread disruptions on Monday, which the billionaire attributed to a major cyberattack.

Musk claimed the platform was targeted by an unusually powerful denial-of-service (DoS) attack, suggesting that a well-coordinated group or nation-state might be responsible. However, he offered no concrete evidence to support the claim, leaving cybersecurity experts sceptical.

Many pointed out that DoS attacks, which flood websites with excessive traffic to overwhelm their servers, are commonly executed by small groups or individuals with relatively limited resources.

Reports of outages spiked early in the day, with Downdetector tracking over 39,000 complaints from users in the US at the peak of the disruption. By the afternoon, the number had dwindled significantly, though intermittent service issues persisted for some.

According to an anonymous industry source, the attack consisted of multiple waves of rogue traffic bombarding X’s servers, beginning around 9:45 UTC.

While Musk later asserted in an interview with Fox Business that the cyberattack originated from Ukraine, the same industry source disputed this claim, stating that the bulk of the malicious traffic came from various locations, including the USA, Vietnam, and Brazil, with only a minimal amount from Ukraine.

Tracing the true origin of DoS attacks is notoriously tricky, as attackers often use proxy servers and botnets to disguise their locations.

Cybersecurity specialists have noted that assigning blame based solely on IP addresses can be misleading, as they rarely indicate the actual perpetrators. Despite Musk’s insistence on a Ukraine-based origin, no definitive proof has been presented to substantiate the claim.

Musk’s comments come amid his increasingly vocal criticisms of Ukraine’s ongoing war efforts against Russia, aligning with sentiments echoed by US President Donald Trump, whom he advises.

Over the weekend, Musk suggested that Ukraine’s battlefield operations would collapse without his Starlink satellite communication system, although he clarified that he had no intention of cutting off access.

The latest controversy surrounding X’s cyberattack has further fueled speculation about Musk’s political and strategic positioning in the ongoing geopolitical conflict.

For more information on these topics, visit diplomacy.edu.

Tusk warns against arrogance after US-Poland social media clash

Poland’s Prime Minister, Donald Tusk, has urged allies to show respect and avoid arrogance in a recent post on X, following a heated social media exchange between Polish and US officials. The remarks came after a disagreement over the role of Starlink satellites in Ukraine’s war effort. Radosław Sikorski, Poland‘s foreign minister, had suggested Ukraine may need an alternative to Starlink if its reliability becomes an issue. Poland funds the satellite service for Ukraine, which is crucial for military communications.

The dispute escalated when Marco Rubio, the US Secretary of State, accused Sikorski of being ungrateful, stating that ‘no one has made any threats about cutting Ukraine off from Starlink.’ Rubio emphasised the importance of Starlink in Ukraine’s success, saying the war could have been lost without it. Sikorski responded by thanking Rubio for reaffirming the collaboration between the US and Poland in providing the service.

The controversy deepened when Elon Musk, the founder of SpaceX, which operates Starlink, labelled Sikorski a “small man” and told him to ‘be quiet’ after the suggestion that Poland may seek alternatives. Musk reiterated his commitment to keeping Starlink operational in Ukraine, despite political disagreements, and denied using the service as a bargaining chip.

The ongoing debate highlights growing tensions surrounding the role of private companies in international conflict and the geopolitical importance of satellite technology. Meanwhile, the Franco-British operator Eutelsat saw a surge in stock prices, as speculation grows that it could potentially replace Starlink in providing services to Ukraine.

For more information on these topics, visit diplomacy.edu.

Japan to prioritise domestic cybersecurity solutions

Japan has announced plans to prioritise the use of domestic software for cybersecurity purposes, as part of an initiative to reduce the country’s reliance on foreign products in this critical sector.

The government intends to offer subsidies and support technology standards that will encourage the growth of the local cybersecurity industry. However, this move is also a part of the government’s broader efforts to enhance cyber defence and strengthen national security.

As of 2021, Japanese domestic companies were responsible for around 40% of the nation’s cybersecurity countermeasure products. For newer products, this share has significantly decreased, with domestic offerings accounting for less than 10% of the latest cybersecurity technologies.

The move reflects Japan’s increasing focus on cybersecurity as a national priority, particularly in the face of rising global cyber threats. By fostering a stronger domestic cybersecurity ecosystem, Japan aims to enhance its resilience against cyberattacks.

Experts, however, warned that that restricting foreign products could limit access to cutting-edge technologies, making the domestic industry potentially less competitive in terms of features, capabilities, or performance. This could hinder the effectiveness of cybersecurity defenses.

To support this transition, the government plans to offer financial incentives and collaborate with local technology providers to establish standardized solutions that meet both national and international security requirements.

These efforts are part of a broader strategy to ensure that Japan’s critical infrastructure and businesses are better protected in the digital age.

For more information on these topics, visit diplomacy.edu.

CISA reaffirms its commitment to monitor Russian cyber threats

The Cybersecurity and Infrastructure Security Agency (CISA) has refused recent reports suggesting a shift in its approach to addressing cyber threats from Russia.

The Guardian published an article citing anonymous sources who claimed CISA analysts had been instructed not to report on Russian cyber threats, and that a Russia-related project was halted.

In response, CISA issued a statement, affirming its continued commitment to defending US critical infrastructure against all cyber threats, including those from Russia, and asserting that any claims of a change in strategy were inaccurate.

However, this story coincided with the news about a temporary order from Defense Secretary Pete Hegseth for US Cyber Command to halt all planning related to Russia, though the order did not apply to the National Security Agency.

Further reports from the Washington Post and New York Times indicated that this directive may be related to diplomatic efforts by President Donald Trump to engage Russia in negotiations about the war in Ukraine.

Russia, however, was absent in a recent speech by a senior State Department official on critical infrastructure cyber threats within the UN Open-Ended Working Group (OEWG).

For more information on these topics, visit diplomacy.edu.

Scale AI wins Pentagon AI contract

Scale AI has secured a multimillion-dollar contract with the US Department of Defense to develop AI tools for military operations. The project, named Thunderforge, is the Pentagon’s flagship AI initiative aimed at enhancing decision-making, simulation, and operational planning. Led by the Defense Innovation Unit, the programme will see collaboration with technology partners such as Microsoft and Anduril, initially focusing on the Indo-Pacific and European Commands before expanding further.

Thunderforge represents a shift towards AI-driven military strategies, promising increased speed and efficiency in modern warfare. The Department of Defense and Scale AI have emphasised the importance of rapid response times, with the technology designed to process vast amounts of information quickly. However, while Scale AI has assured that human oversight will be maintained, the Defence Innovation Unit has not explicitly highlighted this aspect in its communications.

The deal comes as more AI firms reconsider their stance on military applications. Companies like OpenAI, Microsoft, and Google have altered policies that previously restricted AI development for defence purposes. Critics argue that these technologies could be used for harmful applications despite company assurances, raising ethical concerns about the potential for AI in warfare. Some experts warn that firms may have limited control over how their AI is ultimately deployed.

This latest partnership highlights the growing integration of AI into defence strategies, despite previous pushback from tech industry employees. While firms insist their technologies will be used responsibly, concerns remain over the long-term implications of AI-driven warfare and the ability to ensure its ethical use.

For more information on these topics, visit diplomacy.edu.

Eutelsat shares surge on prospects of replacing Starlink

Eutelsat shares surged by over 60% on Tuesday, continuing a remarkable rise that saw them increase by 68% the day before. This spike came after geopolitical tensions raised the possibility of OneWeb satellites, owned by the French satellite operator, replacing Elon Musk’s Starlink service in Ukraine. Since Friday, Eutelsat’s stock has nearly tripled in value following a public dispute between Ukrainian President Volodymyr Zelensky and former US President Donald Trump, which has cast doubt on the future of Starlink in the country.

Analysts suggest that the surge in Eutelsat’s stock is driven by the potential for OneWeb to secure the Ukrainian military’s satellite contract, with OneWeb being seen as a viable alternative to Starlink. The situation gained further momentum after a White House official revealed that Trump would pause military aid to Ukraine, potentially allowing Europe to increase its support. On Tuesday, the European Commission unveiled an ambitious 800 billion euro defense plan, further strengthening Europe’s role in the region.

Eutelsat has recently committed to increasing its satellite capacity for Ukraine, highlighting its growing importance for European defence. The French satellite operator has faced challenges, including concerns over rising debt and strong competition from US companies like SpaceX’s Starlink. Despite these hurdles, recent developments have rekindled investor confidence, with shares rising sharply after hitting all-time lows in February due to ongoing financial difficulties.

For more information on these topics, visit diplomacy.edu.

US reassessment of Russian cyber threat signals strategic shift in cyber geopolitics

The Guardian reports on the shift in the USA digital diplomacy with a major impact on global cyber geopolitics. After rumours of dropping Russia as a cyber threat, the first public signal on this shift was the USA’s statement at the UN working group meeting on cybersecurity when Liesyl Franz, a US representative, did not indicate Russia as a cyber threat alongside China and Iran. It is a significant shift in the USA digital diplomacy and cyber geopolitics.

The US representative also omitted usual USA references to allies and partners in cyber politics. The Guardian reports on various concerns of this shift, including a view of James Lewis, USA cybersecurity veteran: ‘It’s incomprehensible to give a speech about threats in cyberspace and not mention Russia, and it’s delusional to think this will turn Russia and the FSB [the Russian security agency] into our friends.’

This repositioning aligns with ongoing efforts to improve US-Russia relations, contrasting starkly with European allies’ views on the threat posed by Russia. It remains to be seen if this shift relates only to cybersecurity or it the US will revisit other aspects related to AI and digital governance.

For more information on these topics, visit diplomacy.edu.

Democrats call for clarification on cyber pause against Russia

Democratic lawmakers are calling for an explanation from the Pentagon after reports surfaced about an order to pause offensive cyber operations against Russia during sensitive negotiations aimed at ending the war in Ukraine.

The decision to halt such operations, which disrupt rival computer networks, is not unusual in the context of diplomatic efforts but has raised concerns among lawmakers. The order was first reported by The Record and later confirmed by two anonymous sources familiar with the matter.

Senate Minority Leader Chuck Schumer criticised the move, calling it a ‘critical strategic mistake’ and arguing that ‘the best defence is always a strong offence’, especially in cybersecurity.

Representative Adam Smith, the top Democrat on the House Armed Services Committee, also demanded that the Pentagon provide Congress with details regarding the scope of the pause and its potential impact on US allies. He further questioned whether a risk assessment was made before the decision.

The Pentagon declined to comment on the matter, citing operational security concerns. The pause in cyber operations comes amid rising tensions surrounding President Donald Trump’s recent dealings with Russia, including a public clash with Ukrainian President Volodymyr Zelenskiy.

Trump has shifted US policy by engaging in talks with Moscow and openly criticising Zelenskiy, suggesting that America could pull its support for Ukraine if the war does not end soon.

For more information on these topics, visit diplomacy.edu.

US pauses cyber operations against Russia

US Defense Secretary Pete Hegseth has ordered a pause on all cyber operations against Russia, including offensive actions, as part of a broader reassessment of US operations related to Russia. The duration and specifics of the pause remain unclear, according to multiple US media reports. The Pentagon declined to comment on the matter, citing operational security concerns.

This move comes amid US President Donald Trump’s push for negotiations to end the war in Ukraine, as well as his recent criticism of Ukrainian President Volodymyr Zelensky. Trump has positioned himself as a mediator between Russian President Vladimir Putin and Zelensky, calling for less focus on Putin.

Despite media reports suggesting a shift in cyber strategy, US National Security Adviser Mike Waltz denied any policy change regarding cyber operations against Russia. He emphasised that efforts to end the war would continue with a range of diplomatic and strategic tools.

For more information on these topics, visit diplomacy.edu.

Diplo chatbot can make mistakes. Consider checking important information.