Cybersecurity

The Philippines and South Korea launch a major cybersecurity centre project

The Department of Information and Communications Technology in the Philippines has formalised a major cybersecurity partnership with South Korea, securing funding and technical support to establish a National Cyber Security Centre to strengthen the country’s digital defences.

The agreement, supported by the Korea International Cooperation Agency, has been described by Philippine officials as the largest cybersecurity cooperation project of its kind in the country.

The initiative is intended to create a central hub for cyber threat monitoring, incident response, and coordinated defence, while also improving information security management across government systems. The programme is backed by a US$25.6 million grant over five years, reflecting the growing urgency of responding to increasingly sophisticated cyber threats affecting infrastructure and public services.

Beyond infrastructure, the project also aims to strengthen national capacity through training and workforce development, helping build a larger pool of cybersecurity professionals. Philippine authorities have stressed that cybersecurity now extends beyond technical systems and increasingly affects public trust, economic stability, and everyday digital activity.

The agreement with South Korea points to a broader effort to strengthen the Philippines’ resilience as a digital economy, with stronger institutional safeguards against evolving cyber risks and a longer-term commitment to secure digital transformation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

UNIDIR highlights the security implications of the shift from classical to quantum technologies

The United Nations Institute for Disarmament Research (UNIDIR) has outlined the evolution of digital technologies from early internet systems to emerging quantum capabilities, highlighting their growing impact on global systems and security.

In its analysis, UNIDIR traces the progression from dial-up connectivity and classical computing to advanced technologies such as AI and quantum computing, noting that innovation cycles are accelerating and becoming increasingly interconnected. The organisation states that the transition to quantum technologies represents a significant shift in how data is processed, stored and secured.

Unlike classical systems, quantum computing introduces new capabilities that could transform fields ranging from scientific research to communications.

However, UNIDIR warns that these advances also present risks, particularly in cybersecurity. Quantum technologies could challenge existing encryption methods and expose vulnerabilities in digital infrastructure, with implications for governments, businesses and critical systems.

The analysis also links emerging technologies to broader geopolitical dynamics, noting that competition over technological leadership is becoming a key factor in international security. As digital and physical systems converge, technological developments are increasingly shaping strategic stability.

Why does it matter?

UNIDIR emphasises the need for forward-looking governance, international cooperation and policy coordination to manage these challenges. It calls for stronger dialogue among states and stakeholders to ensure that technological progress supports global security rather than undermines it.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU cybersecurity certification framework gains momentum after Cyprus event

The European Commission and the European Union Agency for Cybersecurity (ENISA) have stepped up efforts to strengthen cybersecurity certification across the EU during the European Cybersecurity Certification Week held in Cyprus. The event brought together policymakers, industry representatives, and national authorities to support the implementation of a more unified certification framework.

Discussions focused on advancing the EU Cybersecurity Certification Framework under the Cybersecurity Act, as well as its interactions with related legislation, including the Cyber Resilience Act, the NIS2 Directive, and the Cyber Solidarity Act. The initiative reflects a broader effort to harmonise standards and strengthen trust in digital products and services across member states.

Progress was also reported on two certification schemes currently under development. One concerns European Digital Identity Wallets, aiming to set high security requirements to protect citizens’ credentials, while the other focuses on Managed Security Services, particularly incident response capabilities under the Cyber Solidarity Act.

Participants also reviewed the peer assessment mechanism intended to support consistent implementation across member states. That process, already underway, is designed to promote equivalent cybersecurity standards throughout the EU and reduce the risk of fragmented national approaches.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

ENISA updates cybersecurity assessment framework for the EU Member States

The European Union Agency for Cybersecurity has released an updated version of its National Cybersecurity Capabilities Assessment framework, designed to help countries evaluate the maturity of their cybersecurity strategies and implementation progress.

The revised tool provides a structured approach for identifying strengths, weaknesses, and areas requiring further development.

The framework, known as NCAF 2.0, is intended for policymakers and government officials responsible for national cybersecurity planning. It enables authorities to track progress at both strategic and operational levels while improving understanding of how effectively national strategies are being implemented.

Aligned with key EU legislation, including the NIS2 Directive, the updated framework supports coordination across Member States by offering a shared reference point for capability assessment.

It also facilitates peer review processes and encourages the exchange of best practices in cybersecurity governance.

Why does it matter?

The tool gives EU Member States a consistent way to measure and improve cybersecurity readiness, reducing fragmentation across national approaches.

By identifying gaps and aligning strategies with frameworks like NIS2, it strengthens collective resilience against cross-border cyber threats. The shared methodology also improves coordination, enabling faster learning and more coordinated responses to evolving cyber risks across the EU.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!  

CISA publishes FIRESTARTER malware report and updates directive

The US Cybersecurity and Infrastructure Security Agency has published a malware analysis report on FIRESTARTER, a malware affecting Cisco Firepower and Secure Firewall products running Adaptive Security Appliance or Firepower Threat Defense software. At the same time, CISA updated Emergency Directive 25-03 with new required actions for Federal Civilian Executive Branch agencies.

CISA said the report was co-sealed with the UK’s National Cyber Security Centre and is intended to help organisations detect and respond to FIRESTARTER. The agencies assess that an advanced persistent threat actor exploited CVE-2025-20333 and CVE-2025-20362 in Cisco ASA firmware to gain initial access and deploy the malware on affected devices.

The report also says FIRESTARTER enabled post-patching persistence. CISA stated that firmware patching on compromised devices did not necessarily remove an existing threat actor.

The updated directive requires affected federal agencies to identify specified Firepower and Secure Firewall devices, collect forensic data, and apply new vendor-provided updates. CISA also urged organisations using the affected Cisco products to review the report and implement the recommended mitigations.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

ECON adopts Business Wallets opinion and highlights cybersecurity risks

Members of the European Committee of the Regions’ Commission for Economic Policy adopted a draft opinion on European Business Wallets at their meeting, while also addressing cybersecurity, industrial policy, defence, AI, and state aid issues.

ECON members stressed that European Business Wallets should be simple, user-friendly, and cost-effective, particularly for SMEs, micro-enterprises, and start-ups operating across borders. They also backed a ‘once-only’ principle allowing businesses to submit data a single time and reuse it across different administrative procedures.

The draft opinion also calls for awareness-raising, clear guidance, financial support, technical assistance, and training for local administrations facing new obligations.

Rapporteur Branislav Zacharides, Mayor of Vrútky, stated:

The deployment of the Business Wallets will entail new administrative obligations for public authorities, which can be especially burdensome for smaller municipalities. We therefore call on the European Commission and Member States to provide adequate technical capacity-building and financial support so that the Wallets can deliver real added value.

Members also addressed the upcoming Cybersecurity Review and the Digital Networks Act, warning that new responsibilities linked to digital resilience and connectivity could put pressure on regional and local administrations, especially those with limited resources and technical expertise. They called for financial support, training, and capacity-building to help authorities meet those requirements.

ECON members also discussed the EU Defence Industry Transformation Roadmap and the Industrial Accelerator Act, stressing the need for a place-based approach to defence and industrial acceleration policies. They argued that local and regional authorities should help shape investment priorities and industrial strategies, rather than merely implement them.

The meeting also included a discussion of gender bias in AI and a review of the General Block Exemption Regulation on state aid. ECON members warned that broader state-aid flexibilities could have uneven territorial and competition effects, risking the widening of regional disparities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Frontier AI changes cyber risk calculations, New Zealand warns

New Zealand’s National Cyber Security Centre has warned that frontier AI models are likely to change the cyber threat landscape by increasing malicious actors’ ability to discover and exploit software vulnerabilities at greater speed and scale.

The guidance states that frontier AI models have already demonstrated the ability to identify vulnerabilities in software products. At the same time, it notes that defenders should consider where AI can support their own work, including checking in-house code for vulnerabilities and strengthening software before it is deployed into production.

Also, the guidance refers to a recent Anthropic report on Mythos Preview, which describes it as an agentic model capable of autonomously completing a series of tasks. According to the NCSC, Anthropic says the model can identify zero-day vulnerabilities in code and turn them into working exploits.

At the same time, the NCSC stresses that effective security controls remain the best line of defence as new vulnerabilities continue to be discovered. It recommends that organisations review their security posture to ensure it remains fit for purpose, and that appropriate methods to detect and contain malicious activity are in place across networks.

Senior leaders are urged to review how vulnerabilities are identified and managed, including patching, disclosure, supplier assurance, incident response, and protections for critical systems. For developers, the guidance recommends using frontier AI models cautiously in code reviews, patching frequently, reducing attack surfaces, applying defence-in-depth, and monitoring closely for signs of compromise.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK’s National Cyber Security Centre launches device to protect display connections from cyber threats

The National Cyber Security Centre (NCSC) has developed SilentGlass, a device designed to protect display connections from malicious or unexpected activity. It is the first commercially available product licensed to use NCSC branding and was launched at CYBERUK.

SilentGlass blocks unauthorised interactions between HDMI and DisplayPort connections and screens. The NCSC stated that threat actors can target monitors as they may process sensitive or personal data.

The intellectual property has been licensed to Goldilock Labs, which is manufacturing the device in partnership with Sony UK Technology Centre. The product has already been deployed in government environments and approved for use in high-threat settings.

The NCSC noted that increasing numbers of connected devices raise exposure to risks linked to physical interfaces. SilentGlass has been developed to address this risk by preventing malicious connections at the hardware level.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot 

UK National Cyber Security Centre recommends passkeys over passwords

The National Cyber Security Centre (NCSC) recommends the use of passkeys as a more secure alternative to passwords for accessing online services. The guidance supports wider adoption of passwordless authentication across digital platforms.

Passkeys are created and managed on user devices and do not need to be remembered. The NCSC noted that they are resistant to phishing, as they cannot be intercepted, reused or stolen in the same way as passwords.

The NCSC also stated that passkeys can be faster and more convenient to use. Authentication relies on existing device security methods, such as fingerprint, facial recognition or PIN, rather than separate login credentials.

Passkeys are stored and managed through credential managers, which can synchronise access across trusted devices and provide backups. The NCSC advised that where passkeys are not available, users should continue using strong passwords and enable two-step verification.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot 

Microsoft commits A$25 billion to expand AI and cloud in Australia

Microsoft has announced its largest-ever investment in Australia, committing A$25 billion by the end of 2029 to expand AI and cloud infrastructure, strengthen cyber defence collaboration, and train three million Australians in AI skills by 2028.

The announcement was made alongside Australian Prime Minister Anthony Albanese during Microsoft chief executive Satya Nadella’s visit to Sydney. The company said the investment will expand Azure AI supercomputing and cloud capacity in Australia and increase its local cloud and AI infrastructure footprint by more than 140% by the end of 2029.

The announcement also includes collaboration with the Australian AI Safety Institute, an extension of the Microsoft-Australian Signals Directorate Cyber Shield to additional government agencies, and deeper work on national resilience with the Department of Home Affairs.

Albanese said:

We want to make sure all Australians benefit from AI. Our National AI Plan is all about capturing the economic opportunities of this transformative technology while protecting Australians from the risks.’ He added: ‘Microsoft’s long-term investment in our national capability will help deliver on that plan – strengthening our cyber defences and creating opportunity for Australian workers and businesses.’

Nadella added:

Australia has an enormous opportunity to translate AI into real economic growth and societal benefit.’ He added: ‘That is why we are making our largest investment in Australia to date, committing A$25 billion to expand AI and cloud capacity, strengthen cybersecurity, and expand access to digital skills across the country.

Microsoft said the investment is underpinned by a memorandum of understanding with the Australian Government, tied to national expectations for data center and AI infrastructure developers. It also said it will work with the Australian AI Safety Institute to monitor, test, and evaluate advanced AI systems, including human-AI interaction risks in companion chatbots and conversational AI systems.

Why does it matter?

The scale of the investment links infrastructure, skills, safety, and cyber resilience in a single package aligned with Australia’s AI Action Plan. It also signals that competition over AI capacity is increasingly tied not only to datacentres and compute, but to workforce readiness, regulatory cooperation, and national capability in areas such as cybersecurity and resilience.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.