Cybersecurity

Tech giants join forces to promote global standards for data provenance and AI transparency

OASIS Open, a global open-source and standards organisation, and the Data & Trust Alliance, a consortium focused on responsible data and AI practices, have announced the formation of the OASIS Data Provenance Standards Technical Committee (DPS TC).

The committee will build upon version 1.0.0 of the Data Provenance Standards developed by the Data & Trust Alliance’s cross-industry Working Group, expanding industry participation to establish formal technical standards for data transparency, accountability, and trust. Founding sponsors include Cisco, IBM, Intel, Microsoft, and Red Hat.

As AI adoption accelerates, organisations face increasing challenges in verifying data sources, ensuring compliance, and maintaining data integrity. The DPS TC aims to create a standardised metadata framework that tracks data lineage, transformations, and compliance across various platforms. This initiative will help organisations improve governance practices, mitigate risks related to data privacy and intellectual property, and enhance transparency in AI-driven applications.

The committee’s work will focus on:

  • Standardised data lineage tracking: Establishing clear and consistent methods for documenting data origins and transformations.
  • Compliance and risk management: Supporting organisations in meeting regulatory and ethical standards for data use.
  • Interoperability across platforms: Ensuring metadata models can be applied consistently across different databases, tables, and data pipelines.
  • Transparency for data users: Providing businesses and individuals with visibility into how data is sourced and managed.

IBM has already tested an early version of the standards, integrating them into its governance framework. According to Christina Montgomery, Chief Privacy and Trust Officer at IBM, this resulted in measurable improvements in data diligence and management processes.

The DPS TC will hold its first meeting on 8 April 2025, with participation open to organisations, industry leaders, and experts through OASIS membership. The committee aims to refine existing standards and develop implementation tools, with a goal of introducing broadly applicable metadata quality metrics within the next 12 to 18 months.

For more information on these topics, visit diplomacy.edu

Spain approves bill to regulate AI-generated content

Spain’s government has approved a bill imposing heavy fines on companies that fail to label AI-generated content, aiming to combat the spread of deepfakes.

The legislation, which aligns with the European Union’s AI Act, classifies non-compliance as a serious offence, with penalties reaching up to €35 million or 7% of a company’s global revenue.

Digital Transformation Minister Oscar Lopez stressed that AI can be a force for good but also a tool for misinformation and threats to democracy.

The bill also bans manipulative AI techniques, such as subliminal messaging targeting vulnerable groups, and restricts the use of AI-driven biometric profiling, except in cases of national security.

Spain is one of the first EU nations to implement these strict AI regulations, going beyond the looser US approach, which relies on voluntary compliance.

A newly established AI supervisory agency, AESIA, will oversee enforcement, alongside sector-specific regulators handling privacy, financial markets, and law enforcement concerns.

For more information on these topics, visit diplomacy.edu.

Duffy criticises Verizon over FAA contract delays

US Transportation Secretary Sean Duffy criticised Verizon on Tuesday for delays in its $2.4 billion, 15-year contract with the Federal Aviation Administration (FAA), saying the company is ‘not moving fast enough.’

As the FAA works to upgrade ageing air traffic control systems, Duffy stressed the need for multiple companies to contribute to the effort, adding that the American public ‘can’t wait 10 or 12 years’ for improvements.

Verizon defended its progress, stating it is actively working with FAA technology teams and is open to collaborating with other firms offering complementary services.

Meanwhile, SpaceX’s Starlink denied reports that it aims to take over the FAA contract, saying it could be a partial solution but has no plans to replace Verizon’s role.

The FAA has been testing Starlink terminals in Alaska to improve weather data access, while the Government Accountability Office warns that one-third of US air traffic control systems are outdated and unsustainable.

Some Democrats have suggested shifting the FAA contract to Starlink due to Elon Musk’s ties to Donald Trump, but no official decisions have been made.

For more information on these topics, visit diplomacy.edu.

Trump administration ends support for cybersecurity projects

The Trump administration has cut funding for two key cybersecurity initiatives, including one supporting election security, sparking concerns over potential vulnerabilities in future US elections.

The Cybersecurity and Infrastructure Security Agency (CISA) announced it would end around $10 million in annual funding to the non-profit Center for Internet Security, which manages election-related cybersecurity programmes.

However, this move comes as part of a broader review of CISA’s election-related work, during which over a dozen staff members were placed on administrative leave.

The decision follows another controversial step by the administration to dismantle an FBI task force that investigated foreign influence in US elections.

Critics warn that reducing government involvement in election security weakens safeguards against interference, with Larry Norden from the Brennan Center for Justice calling the cuts a serious risk for state and local election officials.

The National Association of Secretaries of State is now seeking clarification on CISA’s decision and its wider implications.

CISA has faced Republican criticism in recent years for its role in countering misinformation related to the 2020 election and the coronavirus pandemic. However, previous leadership maintained that the agency’s work was limited to assisting states in identifying and addressing misinformation.

While CISA argues the funding cuts will streamline its focus on critical security areas, concerns remain over the potential impact on election integrity and cybersecurity protections across local and state governments.

For more information on these topics, visit diplomacy.edu.

Switzerland mandates cyberattack reporting for critical infrastructure from 1 April 2025

As of 1 April 2025, operators of critical infrastructure in Switzerland will be required to report cyberattacks to the National Cyber Security Centre (NCSC) within 24 hours of discovery. This measure, introduced by the Federal Council, is part of an amendment to the Information Security Act (ISA) and aims to enhance cybersecurity coordination and response capabilities.

The reporting obligation applies to key sectors, including energy and water suppliers, transport companies, and public administrations at the cantonal and communal levels. Reports must be submitted when an attack disrupts critical infrastructure, compromises or manipulates information, or involves blackmail, threats, or coercion. Failure to comply may result in financial penalties, which will be enforceable from 1 October, allowing a six-month adjustment period before sanctions take effect.

To facilitate compliance, the NCSC will provide a reporting form on its Cyber Security Hub, with an alternative email submission option for organisations not yet registered on the platform. Initial reports must be submitted within 24 hours, followed by a detailed report within 14 days.

The Federal Council has also approved the Cybersecurity Ordinance, which outlines implementation provisions, reporting exemptions, and mechanisms for information exchange between the NCSC and other authorities. Consultations on the ordinance reflected broad support for streamlined reporting processes, ensuring alignment with existing obligations, such as those under data protection laws.

Additionally, from 1 April, the National Cyber Security Centre will officially change its name as part of its transition into a federal office within the Department of Defence, Civil Protection and Sport (DDPS).

This regulatory update aligns Switzerland with international cybersecurity practices, including the EU’s NIS Directive, which has required cyber incident reporting since 2018.

For more information on these topics, visit diplomacy.edu

Geopolitical tensions drive OT and ICS cyberattacks, a new report warns

Attacks on operational technology (OT) networks have increased, driven in part by geopolitical factors, with OT security gaining broader attention, according to the annual report from Dragos.

In 2024, two additional threat groups began targeting OT systems, bringing the total number of known active groups to nine.

Additionally, researchers from Dragos identified two new malware families designed to compromise industrial control systems (ICS).

According to Dragos’ annual report, barriers to OT/ICS attacks have lowered, making these systems more accessible targets for adversaries.

Ransomware attacks against OT/ICS asset owners also increased by 87% in 2024, with the number of ransomware groups targeting these systems growing by 60%.

Dragos monitors 23 threat groups that engage with OT networks for intelligence gathering or system manipulation. Nine of these groups were active in 2024, including two newly identified ones.

For more information on these topics, visit diplomacy.edu

Xpeng plans major investment in humanoid robots

Chinese electric vehicle maker Xpeng is making a long-term push into humanoid robots, with potential investments reaching up to 100 billion yuan ($13.8 billion), according to CEO He Xiaopeng. Speaking at the annual parliamentary session, He described the company’s current investment as conservative but signalled a willingness to scale up significantly over the next two decades. Xpeng, which entered the humanoid robotics sector in 2020, unveiled its Iron humanoid robot last November, positioning it as a rival to Tesla’s Bot.

Chinese automakers are increasingly venturing into robotics, encouraged by policymakers aiming for breakthroughs in the field. Stellantis-backed Leapmotor has also joined the race, forming a robotics team to develop machines for industrial applications such as factory assembly lines. CEO Zhu Jiangming stated that these robots are intended to enhance efficiency by replacing human labour in production processes.

Xpeng’s CEO suggested that automakers could invest between 1-2 billion yuan per year in developing and deploying humanoid robots in real-world scenarios. As the industry shifts towards automation, carmakers are betting that advanced robotics will play a crucial role in future manufacturing and mobility solutions.

For more information on these topics, visit diplomacy.edu.

Coinbase calls for a unified crypto scam reporting system

The reporting system for crypto scams in the US is fragmented and needs to be unified, according to Coinbase’s chief security officer, Philip Martin. Speaking at the SXSW conference, Martin explained that victims often struggle to know where to report scams, with different organisations handling cases in a disjointed manner. He called for a single reporting system that would help track the scale of the issue and improve coordination between organisations.

Martin pointed out that victims of crypto scams often feel frustrated, as many reports seem to go unnoticed, especially with platforms like the FBI’s Internet Crime Complaint Centre (IC3). He suggested that a more centralised approach would provide better visibility for victims and more effective resources to address the problem.

In addition, Martin noted that many crypto scams originate from outside the US, making it harder for law enforcement to take action. He advocated for stronger international cooperation to ensure scammers have no safe havens. Meanwhile, California’s financial regulator reported over 2,600 complaints last year, revealing new types of scams in the crypto space.

For more information on these topics, visit diplomacy.edu

Allstate faces lawsuit for security failures in data breach

New York State has taken legal action against Allstate, accusing its National General unit of mishandling customer data security and failing to report a breach that exposed sensitive information.

The state’s Attorney General, Letitia James, filed the lawsuit in Manhattan, claiming that the breaches, which occurred in 2020 and 2021, resulted in hackers accessing the driver’s license numbers of over 360,000 people.

According to the lawsuit, National General did not notify affected drivers or state agencies about the first breach, which occurred between August and November 2020.

The second, larger breach, was discovered three months later in January 2021. James alleges that National General violated the state’s Stop Hacks and Improve Electronic Data Security Act by failing to protect customer information adequately.

In response, Allstate defended its actions, stating that it had resolved the issue years ago, secured its systems, and offered free credit monitoring to affected consumers.

The lawsuit seeks civil fines of $5,000 per violation, in addition to other remedies. This legal action follows similar penalties imposed on other US companies for data security lapses, including fines for Geico and Travelers.

For more information on these topics, visit diplomacy.edu.

Meta has developed an AI chip to cut reliance on Nvidia, Reuters reports

Meta, the owner of Facebook, Instagram, and WhatsApp, is testing its first in-house chip designed for training AI systems, sources told Reuters.

The social media giant has started a limited rollout of the chip, planning to scale up production if testing delivers positive results. The move represents a crucial step in Meta’s strategy to lessen dependence on external suppliers like Nvidia and lower substantial infrastructure costs.

The company has projected expenses between $114 billion and $119 billion for 2025, with up to $65 billion dedicated to AI infrastructure.

The chip, part of Meta’s Meta Training and Inference Accelerator (MTIA) series, is a dedicated AI accelerator, meaning it is specifically designed for AI tasks rather than general processing. This could make it more power-efficient than traditional GPUs.

Meta is collaborating with Taiwan-based chip manufacturer TSMC to produce the new hardware. The test phase follows Meta’s first ‘tape-out’ of the chip, a crucial milestone in silicon development where an initial design is sent to a chip factory.

However, this process is costly and time-consuming, with no guarantee of success, and any failure would require repeating the tape-out step.

Meta has previously faced setbacks in its custom chip development, including scrapping an earlier version of an inference chip after poor test results. However, the company has since used another MTIA chip for AI-powered recommendations on Facebook and Instagram.

The new training chip aims to first enhance recommendation systems before expanding to generative AI applications like the chatbot Meta AI.

Meta executives hope to implement their own chips for AI training by 2026, although the company continues to be one of Nvidia’s biggest customers, investing heavily in GPUs for its AI operations.

The development comes as AI researchers increasingly question whether scaling up large language models by adding more computing power will continue to drive progress. The recent emergence of more efficient AI models, such as those from Chinese startup DeepSeek, has intensified these debates.

While Nvidia remains a dominant force in AI hardware, fluctuating investor confidence and broader market concerns have caused turbulence in the company’s stock value.

For more information on these topics, visit diplomacy.edu.

Diplo chatbot can make mistakes. Consider checking important information.