Cyberconflict and warfare

NATO allies strengthen cyber defenses against critical infrastructure threats

Between 7 and 11 April, representatives from 20 allied governments and national agencies participated in a NATO-led exercise designed to strengthen mutual support in the cyber domain.

The activity aimed to improve coordination and collective response mechanisms for cyber incidents affecting critical national infrastructure. Through simulated threat scenarios, participants practised real-time information exchange, joint decision-making, and coordinated response planning.

According to NATO, cyber activities targeting critical infrastructure, industrial control systems, and public sector services have increased in frequency.

Such activities are considered to serve various objectives, including information gathering and operational disruption.

The role of cyber operations in modern conflict gained increased attention following Russia’s actions in Ukraine in 2022, where cyber activity was observed alongside traditional military operations.

Hosted by Czechia, the exercise served to test NATO’s Virtual Cyber Incident Support Capability (VCISC), a coordination platform introduced at the 2023 Vilnius Summit.

VCISC enables nations to request and receive cyber assistance from designated counterparts across the Alliance.

The support offered includes services such as malware analysis, cyber threat intelligence, and digital forensics. However, the initiative is voluntary, with allies contributing national resources and expertise to mitigate the impact of significant cyber incidents and support recovery.

Separately, in January 2025, the US officials met with her Nordic-Baltic counterparts from Denmark, Estonia, Finland, Iceland, Latvia, Lithuania, Norway, and Sweden.

Discussions centred on enhancing regional cooperation to safeguard undersea cable infrastructure—critical to communications and energy systems. Participants noted the broadening spectrum of threats to these assets.

In parallel, NATO launched the Baltic Sentry to reinforce the protection of critical infrastructure in the Baltic Sea region. The initiative is intended to bolster NATO’s posture and improve its capacity to respond promptly to destabilising activities.

In July 2024, NATO also announced the expansion of the role of its Integrated Cyber Defence Centre (NICC).

The Centre is tasked with enhancing the protection of NATO and allied networks, as well as supporting the operational use of cyberspace. It provides commanders with insights into potential cyber threats and vulnerabilities, including those related to civilian infrastructure essential to military operations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Beijing blames NSA for hacking Asian Games systems

Chinese authorities have accused three alleged US operatives of orchestrating cyberattacks on national infrastructure during the Asian Games in Harbin this February.

The individuals, identified by Harbin police as Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson, are said to have worked through the US National Security Agency (NSA).

The attacks reportedly targeted systems critical to the Games’ operations, including athlete registration, travel, and competition management, which held sensitive personal data.

Chinese state media further claimed that the cyber intrusions extended beyond the sporting event, affecting key infrastructure in Heilongjiang province. Targets allegedly included energy, transport, water, telecoms, defence research institutions, and technology giant Huawei.

Authorities said the NSA used encrypted data to compromise Microsoft Windows systems in the region, with the aim of disrupting services and undermining national security.

The Foreign Ministry of China denounced the alleged cyberattacks as ‘extremely malicious,’ urging the United States to halt what it called repeated intrusions and misinformation.

The UD Embassy in Beijing has yet to respond, and the allegations come amid ongoing tensions, with both nations frequently accusing each other of state-backed hacking.

Only last month, the US government named and charged 12 Chinese nationals in connection with cyberespionage efforts against American interests.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Trump eyes tariffs on semiconductors in push to boost US tech manufacturing

US President Donald Trump is preparing to introduce new tariffs on semiconductor imports, aiming to shift more chip production back to the United States.

Semiconductors, or microchips, are essential components in everything from smartphones and laptops to medical devices and renewable energy systems.

Speaking aboard Air Force One, Trump said new tariff rates would be announced soon as part of a broader effort to end American reliance on foreign-made chips and strengthen national security.

The global semiconductor supply chain is heavily concentrated in Asia, with Taiwan’s TSMC producing over half of the world’s chips and supplying major companies like Apple, Microsoft, and Nvidia.

Trump’s move signals a more aggressive stance in the ongoing ‘chip wars’ with China, as his administration warns of the dangers of the US being dependent on overseas production for such a critical technology.

Although the US has already taken steps to boost domestic chip production—like the $6.6 billion awarded to TSMC to build a factory in Arizona—progress has been slow due to a shortage of skilled workers.

The plant faced delays, and TSMC ultimately flew in thousands of workers from Taiwan to meet demands, underscoring the challenge of building a self-reliant semiconductor industry on American soil.

Why does it matter?

Trump’s proposed tariffs are expected to form part of a wider investigation into the electronics supply chain, aimed at shielding the US from foreign control and ensuring long-term technological independence. As markets await the announcement, the global tech industry is bracing for potential disruptions and new tensions in the international trade landscape.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft users at risk from tax-themed cyberattack

As the US tax filing deadline of April 15 approaches, cybercriminals are ramping up phishing attacks designed to exploit the urgency many feel during this stressful period.

Windows users are particularly at risk, as attackers are targeting Microsoft account credentials by distributing emails disguised as tax-related reminders.

These emails include a PDF attachment titled ‘urgent reminder,’ which contains a malicious QR code. Once scanned, it leads users through fake bot protection and CAPTCHA checks before prompting them to enter their Microsoft login details, details that are then sent to a server controlled by criminals.

Security researchers, including Peter Arntz from Malwarebytes, warn that the email addresses in these fake login pages are already pre-filled, making it easier for unsuspecting victims to fall into the trap.

Entering your password at this stage could hand your credentials to malicious actors, possibly operating from Russia, who may exploit your account for maximum profit.

The form of attack takes advantage of both the ticking tax clock and the stress many feel trying to meet the deadline, encouraging impulsive and risky clicks.

Importantly, this threat is not limited to Windows users or those filing taxes by the April 15 deadline. As phishing techniques become more advanced through the use of AI and automated smartphone farms, similar scams are expected to persist well beyond tax season.

The IRS rarely contacts individuals via email and never to request sensitive information through links or attachments, so any such message should be treated with suspicion instead of trust.

To stay safe, users are urged to remain vigilant and avoid clicking on links or scanning codes from unsolicited emails. Instead of relying on emails for tax updates or returns, go directly to official websites.

The IRS offers resources to help recognise and report scams, and reviewing this guidance could be an essential step in protecting your personal information, not just today, but in the months ahead.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

US Cyber Command integrates generative AI for enhanced cybersecurity operations

A senior official at US Cyber Command has stated that the agency has begun employing generative AI tools to significantly reduce the time required to analyse network traffic for potentially malicious activity. Speaking at an event hosted by the Information Technology Industry Council in Washington, D.C., Executive Director Morgan Adamski said Cyber Command is already observing operational benefits from its efforts to integrate AI across various mission areas, particularly in cybersecurity functions.

Cyber Command developed an AI roadmap last year outlining approximately 100 tasks to embed AI into logistics, security operations, and national defence functions. An AI task force within the Cyber National Mission Force conducts 90-day development cycles to test and integrate large language models and other AI technologies into command operations.

The task force is responsible for deploying, evaluating, and assessing the viability of these tools for broader implementation. The agency also examines how AI can be adopted at scale across its cybersecurity enterprise.

General Timothy Haugh, Commander of Cyber Command, noted last year that the task force was created ‘to move us from opportunistic AI application to systematic adoption.’ Through its Constellation initiative—a collaboration with the Defense Advanced Research Projects Agency (DARPA)—Cyber Command is working with private-sector AI firms to accelerate the deployment of new capabilities.

One such tool enables continuous Department of Defense Information Network (DoDIN) monitoring, which supports over three million global users daily. Adamski explained that the tool is strategically placed within key segments of the DoDIN where known adversary tactics may appear.

‘We can monitor traffic at those points and have been able to identify previously unseen malicious activity,’ she said. She also highlighted Panoptic Junction, a pilot initiative led by Army Cyber Command that uses AI to monitor network traffic for compliance, threat intelligence, and anomaly detection.

According to Adamski, the project produced results that have prompted considerations for wider adoption across the DoDIN.

For more information on these topics, visit diplomacy.edu.

UK government announces new cyber bill to strengthen national defences and protect critical infrastructure

The UK government has unveiled plans for a new Cyber Security and Resilience Bill aimed at enhancing the country’s ability to defend against the growing risk of cyber threats. Scheduled to be introduced later this year, the Bill forms a key part of the government’s broader strategy to protect critical national infrastructure (CNI), support economic growth, and ensure the resilience of the UK’s digital landscape.

The forthcoming legislation will focus on bolstering the cyber resilience of essential services—such as healthcare, energy, and IT providers—that underpin the economy and daily life. Around 1,000 vital service providers will be required to meet strengthened cyber security standards under the new rules. These measures are designed to safeguard supply chains and key national functions from increasingly sophisticated cyber attacks affecting both public and private sectors.

In addition, the government is considering extending cyber security regulations to over 200 data centres across the country. These centres are integral to the functioning of modern finance, e-commerce, and digital communication. By improving their security, the government hopes to safeguard services that rely heavily on data, such as online banking, shopping platforms, and social media.

If adopted, the government’s proposals include:

  • Expanding the scope of the NIS Regulations. The scope of the Network and Information Systems (NIS) Regulations would be broadened to include a wider range of organisations and suppliers. This expansion would bring data centres, Managed Service Providers (MSPs), and other critical suppliers under the regulatory framework, ensuring that more entities are held to high standards of cyber security and resilience.
  • Enhanced regulatory powers. Regulators would be equipped with additional tools to strengthen cyber resilience within the sectors they oversee. This includes new obligations for organisations to report a broader range of significant cyber incidents, enabling faster and more informed responses to emerging threats.
  • Greater Flexibility to Adapt. The government would gain increased flexibility to update the framework in line with the evolving threat landscape. This means regulations could be swiftly extended to cover new and emerging sectors, ensuring the UK remains agile in the face of dynamic cyber risks.
  • New Executive Powers for National Security. In circumstances where national security is at stake, the government would be granted new executive powers to act decisively in response to serious cyber threats.

For more information on these topics, visit diplomacy.edu.

Japan passes landmark cyber defence bill

Japan has passed the Active Cyber Defence Bill, which permits the country’s military and law enforcement agencies to undertake pre-emptive measures in response to cyber threats.

The legislation adopts a two-pronged approach, focusing on both passive and active cyber defence. It includes the establishment of a cybersecurity council and an oversight committee to enhance threat analysis and information-gathering capabilities. The bill also introduces new requirements for critical infrastructure providers to report cybersecurity incidents promptly. Additionally, it enables the government to collect technical information—such as IP addresses and timestamps—from telecommunications providers in cases where a potential cyberattack is identified, to monitor communications between Japan and external actors.

The legislation also grants the military powers to carry out active measures against cyber threats. This includes the deployment of ‘cyber harm-prevention officers’, tasked with actions such as disrupting servers involved in cyberattacks and responding to critical incidents.

While the bill is positioned as part of Japan’s broader efforts to strengthen its cyber resilience, some commentary has raised questions about the balance between security and oversight.

For more information on these topics, visit diplomacy.edu.

ECB warns Euro zone banks on geopolitical risks

Euro zone banks must remain resilient and prepared for geopolitical shocks, including the risk of liquidity drying up amid volatile financial markets, according to Claudia Buch, the European Central Bank’s supervisory chief.

She highlighted concerns about the potential impact of policy reversals by the US government, particularly under President Donald Trump, which have unsettled investors and created uncertainty about future growth and stability.

Buch also pointed to the ongoing financial and political pressures arising from Russia’s war in Ukraine and the sanctions that followed.

She emphasised the need for banks to maintain sufficient capital, robust governance, and effective risk management systems in the face of potential asset quality deterioration and economic disruptions caused by geopolitical conflicts or sanctions.

Additionally, Buch noted the increasing threat of cybersecurity attacks, which have become more frequent and severe. The ECB’s annual report warned that geopolitical risks could strain liquidity and funding, particularly in foreign currencies, leading to higher borrowing costs and increased use of credit lines.

Buch called for progress in creating a crisis management and deposit insurance framework to protect depositors in the event of bank failures.

For more information on these topics, visit diplomacy.edu.

Trump dismisses Signal leak, supports Waltz

US President Donald Trump on Tuesday downplayed the incident in which sensitive military plans for a strike against Yemen’s Houthis were mistakenly shared in a group chat that included a journalist. Trump referred to it as ‘the only glitch in two months’ and insisted that it was ‘not a serious’ issue.

The development, which surprised him when first questioned by reporters, has sparked criticism from Democratic lawmakers accusing the administration of mishandling sensitive information.

The lapse occurred when US National Security Adviser Mike Waltz unintentionally included Jeffrey Goldberg, editor-in-chief of The Atlantic, in a group chat with 18 high-ranking officials discussing military strike plans.

Waltz admitted to the mistake and accepted full responsibility, stating that an aide had mistakenly added Goldberg’s contact to the conversation.

The incident, which took place over the Signal app, has raised concerns due to the app’s public availability and its use for discussing such sensitive matters.

While Trump continued to express support for Waltz, Democratic critics, including former Secretary of State Hillary Clinton, have voiced strong disapproval.

Clinton, commenting on the breach, highlighted the irony of the situation, given Trump’s previous criticisms of Hillary Clinton’s use of a private email server for sensitive material.

For more information on these topics, visit diplomacy.edu.

US report highlights China’s growing military capabilities

A US intelligence report has identified China as the top military and cyber threat, warning of Beijing’s growing capabilities in AI, cyber warfare, and conventional weaponry.

The report highlights China’s ambitions to surpass the US as the leading AI power by 2030 and its steady progress towards military capabilities that could be used to capture Taiwan.

It also warns that China could target US infrastructure through cyberattacks and space-based assets.

The findings, presented to the Senate Intelligence Committee, sparked tensions between Washington and Beijing. Chinese officials rejected the report, accusing the US of using outdated Cold War thinking and hyping the ‘China threat’ to maintain military dominance.

China’s foreign ministry also criticised US support for Taiwan, urging Washington to stop backing separatist movements.

Meanwhile, Beijing dismissed accusations that it has failed to curb fentanyl shipments, a key source of US overdose deaths.

The report also notes that Russia, Iran, and North Korea are working to challenge US influence through military and cyber tactics.

While China continues to expand its global footprint, particularly in Greenland and the Arctic, the report points to internal struggles, including economic slowdowns and demographic challenges, that could weaken the Chinese government’s stability.

The intelligence report underscores ongoing concerns in Washington about Beijing’s long-term ambitions and its potential impact on global security.

For more information on these topics, visit diplomacy.edu.