Cybersecurity

Singapore fraud case involves $390 million in transactions

Singapore prosecutors revealed on Thursday that a fraud case involving local firms accused of illegally supplying US servers to Malaysia involves transactions worth $390 million.

Three men—Singaporeans Aaron Woon and Alan Wei, along with Chinese national Li Ming—have been charged with deceiving tech giants Dell and Super Micro by misrepresenting the servers’ final destination.

The case has been linked to Chinese AI firm DeepSeek, which is under US scrutiny over the potential use of banned Nvidia chips.

While Singapore authorities confirmed the servers may have contained Nvidia components, they did not specify whether these were the restricted high-end semiconductors subject to US export controls.

Singapore’s Law and Home Affairs Minister K Shanmugam declined to comment on the alleged connection.

Prosecutors claim Wei paid himself tens of millions in dividends, while Woon received a multimillion-dollar bonus. Singaporean authorities are investigating a wider network of 22 individuals and companies suspected of similar fraudulent practices, with six additional arrests made.

The accused are set to reappear in court on May 2, while Malaysian authorities are also probing potential legal violations.

For more information on these topics, visit diplomacy.edu.

India plans five-year limit on satellite spectrum

India’s telecom regulator plans to recommend allocating satellite broadband spectrum for around five years to assess market adoption, a move that goes against Elon Musk’s Starlink, which has been pushing for a 20-year permit.

The Telecom Regulatory Authority of India (TRAI) is finalising key recommendations on the licensing timeframe and pricing, opting for a shorter period to monitor industry growth before making long-term commitments.

A government official confirmed TRAI is inclined towards a five-year limit, allowing regulators to review the market and revise spectrum pricing as needed.

However, this decision could impact Starlink’s long-term plans in India, as its deals with Reliance and Airtel are still pending regulatory approvals. Meanwhile, industry forecasts suggest India’s satellite communication sector could expand over tenfold, reaching $25 billion by 2028.

For more information on these topics, visit diplomacy.edu.

Zhipu AI raises 500 million yuan amid rising competition

Chinese startup Zhipu AI has secured 500 million yuan (£54.8 million) in funding from the state-owned Huafa Group, following a separate 1 billion yuan capital raise earlier this month.

Huafa Group, a government-backed conglomerate based in Zhuhai, Guangdong province, announced its investment as Chinese cities compete to support AI firms, a sector seen as critical in Beijing’s technological rivalry with the US.

The funding comes amid increasing competition in China’s AI industry, particularly with Hangzhou-backed DeepSeek, whose large language models have gained attention for their cost-effectiveness and performance against Western alternatives.

Zhipu AI, established in 2019 and recognised as one of China’s ‘AI tigers,’ has received investments from major tech firms including Tencent, Meituan, and Xiaomi. The startup was valued at 20 billion yuan (£2.2 billion) in a funding round last July, according to business registration platform Qichacha.

With the new funding, Zhipu AI aims to enhance technological innovation and further develop its GLM foundation model.

However, the company faces challenges on the international stage, having been added to the US Commerce Department’s export control list in January, restricting its access to American components.

Despite these hurdles, China continues to bolster its AI sector as it seeks to establish a leading position in global artificial intelligence development.

For more information on these topics, visit diplomacy.edu.

UK NCSC evaluates best practices for open source software and supply chain risk management

The UK government, through the Department for Science, Innovation and Technology (DSIT), has commissioned research to evaluate best practices for managing risks associated with open-source software (OSS). The study assesses existing guidance on OSS security and resilience, examines its effectiveness across sectors, and provides recommendations for strengthening software supply chain security. That research is part of the government’s wider work to improve the UK’s cyber defences and protect and grow the economy.

The report outlines key recommendations for organisations using OSS, including:

  • Establishing an internal OSS policy to manage the adoption of OSS components.
  • Creating a Software Bill of Materials (SBOM) to track OSS components and their dependencies.
  • Continuously monitoring the software supply chain with software composition analysis (SCA) tools to identify vulnerabilities and licensing issues.
  • Actively engaging with the OSS community to attract talent, foster innovation, enhance reputation, and ensure a sustainable ecosystem.
  • Using automation tools to streamline OSS management processes, particularly for smaller organisations, as a cost-effective alternative to manual practices.

The report also highlights the need for further research and policy development in areas such as scale-appropriate best practice guidance, industry-specific OSS management frameworks, standardised metrics for evaluating OSS component maturity, and the impact of community engagement on OSS quality and security.

For more information on these topics, visit diplomacy.edu.

OpenSSF launches security baseline to strengthen open source software protection

The Open Source Security Foundation (OpenSSF) has introduced the Open Source Project Security Baseline (OSPS Baseline), a structured framework of security requirements designed to align with international cybersecurity regulations and best practices.

The OSPS Baseline provides a tiered approach that evolves with project maturity, integrating guidance from OpenSSF and industry experts to help open-source projects enhance their security posture. Following the Baseline enables developers to align with global cybersecurity regulations, including the EU Cyber Resilience Act (CRA) and the US National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF).

Several projects, including GUAC, OpenVEX, bomctl, and Open Telemetry, participated in the pilot rollout. OpenSSF encourages developers and maintainers to adopt the framework and contribute to its ongoing refinement.

For more information on these topics, visit diplomacy.edu.

HQC announced as safeguard against future quantum attacks

The National Institute of Standards and Technology (NIST) has introduced HQC, a backup encryption algorithm designed to protect sensitive data from potential threats posed by future quantum computers.

As part of its ongoing efforts to strengthen cybersecurity, the agency selected HQC to complement the existing post-quantum cryptography (PQC) standard, ML-KEM, in case quantum advancements compromise current encryption methods.

HQC relies on error-correcting codes, a mathematical approach used in data protection for decades, including in NASA missions.

The algorithm is larger than ML-KEM and requires more computing power, but experts determined it to be a secure and reliable alternative. A draft standard for HQC is expected within a year, with final approval anticipated by 2027.

NIST has been working to prepare for the so-called ‘Q day,’ when quantum computers could break conventional encryption. Three PQC algorithms were finalized in 2024, including ML-KEM and two digital signature standards.

In addition to announcing HQC, NIST is preparing to release a draft standard for the FALCON algorithm, further strengthening protections against future cyber threats.

For more information on these topics, visit diplomacy.edu.

Tech giants join forces to promote global standards for data provenance and AI transparency

OASIS Open, a global open-source and standards organisation, and the Data & Trust Alliance, a consortium focused on responsible data and AI practices, have announced the formation of the OASIS Data Provenance Standards Technical Committee (DPS TC).

The committee will build upon version 1.0.0 of the Data Provenance Standards developed by the Data & Trust Alliance’s cross-industry Working Group, expanding industry participation to establish formal technical standards for data transparency, accountability, and trust. Founding sponsors include Cisco, IBM, Intel, Microsoft, and Red Hat.

As AI adoption accelerates, organisations face increasing challenges in verifying data sources, ensuring compliance, and maintaining data integrity. The DPS TC aims to create a standardised metadata framework that tracks data lineage, transformations, and compliance across various platforms. This initiative will help organisations improve governance practices, mitigate risks related to data privacy and intellectual property, and enhance transparency in AI-driven applications.

The committee’s work will focus on:

  • Standardised data lineage tracking: Establishing clear and consistent methods for documenting data origins and transformations.
  • Compliance and risk management: Supporting organisations in meeting regulatory and ethical standards for data use.
  • Interoperability across platforms: Ensuring metadata models can be applied consistently across different databases, tables, and data pipelines.
  • Transparency for data users: Providing businesses and individuals with visibility into how data is sourced and managed.

IBM has already tested an early version of the standards, integrating them into its governance framework. According to Christina Montgomery, Chief Privacy and Trust Officer at IBM, this resulted in measurable improvements in data diligence and management processes.

The DPS TC will hold its first meeting on 8 April 2025, with participation open to organisations, industry leaders, and experts through OASIS membership. The committee aims to refine existing standards and develop implementation tools, with a goal of introducing broadly applicable metadata quality metrics within the next 12 to 18 months.

For more information on these topics, visit diplomacy.edu

Spain approves bill to regulate AI-generated content

Spain’s government has approved a bill imposing heavy fines on companies that fail to label AI-generated content, aiming to combat the spread of deepfakes.

The legislation, which aligns with the European Union’s AI Act, classifies non-compliance as a serious offence, with penalties reaching up to €35 million or 7% of a company’s global revenue.

Digital Transformation Minister Oscar Lopez stressed that AI can be a force for good but also a tool for misinformation and threats to democracy.

The bill also bans manipulative AI techniques, such as subliminal messaging targeting vulnerable groups, and restricts the use of AI-driven biometric profiling, except in cases of national security.

Spain is one of the first EU nations to implement these strict AI regulations, going beyond the looser US approach, which relies on voluntary compliance.

A newly established AI supervisory agency, AESIA, will oversee enforcement, alongside sector-specific regulators handling privacy, financial markets, and law enforcement concerns.

For more information on these topics, visit diplomacy.edu.

Duffy criticises Verizon over FAA contract delays

US Transportation Secretary Sean Duffy criticised Verizon on Tuesday for delays in its $2.4 billion, 15-year contract with the Federal Aviation Administration (FAA), saying the company is ‘not moving fast enough.’

As the FAA works to upgrade ageing air traffic control systems, Duffy stressed the need for multiple companies to contribute to the effort, adding that the American public ‘can’t wait 10 or 12 years’ for improvements.

Verizon defended its progress, stating it is actively working with FAA technology teams and is open to collaborating with other firms offering complementary services.

Meanwhile, SpaceX’s Starlink denied reports that it aims to take over the FAA contract, saying it could be a partial solution but has no plans to replace Verizon’s role.

The FAA has been testing Starlink terminals in Alaska to improve weather data access, while the Government Accountability Office warns that one-third of US air traffic control systems are outdated and unsustainable.

Some Democrats have suggested shifting the FAA contract to Starlink due to Elon Musk’s ties to Donald Trump, but no official decisions have been made.

For more information on these topics, visit diplomacy.edu.

Trump administration ends support for cybersecurity projects

The Trump administration has cut funding for two key cybersecurity initiatives, including one supporting election security, sparking concerns over potential vulnerabilities in future US elections.

The Cybersecurity and Infrastructure Security Agency (CISA) announced it would end around $10 million in annual funding to the non-profit Center for Internet Security, which manages election-related cybersecurity programmes.

However, this move comes as part of a broader review of CISA’s election-related work, during which over a dozen staff members were placed on administrative leave.

The decision follows another controversial step by the administration to dismantle an FBI task force that investigated foreign influence in US elections.

Critics warn that reducing government involvement in election security weakens safeguards against interference, with Larry Norden from the Brennan Center for Justice calling the cuts a serious risk for state and local election officials.

The National Association of Secretaries of State is now seeking clarification on CISA’s decision and its wider implications.

CISA has faced Republican criticism in recent years for its role in countering misinformation related to the 2020 election and the coronavirus pandemic. However, previous leadership maintained that the agency’s work was limited to assisting states in identifying and addressing misinformation.

While CISA argues the funding cuts will streamline its focus on critical security areas, concerns remain over the potential impact on election integrity and cybersecurity protections across local and state governments.

For more information on these topics, visit diplomacy.edu.

Diplo chatbot can make mistakes. Consider checking important information.