NIST explores OT asset management to strengthen cybersecurity

NIST’s National Cybersecurity Center of Excellence (NCCoE) is seeking public feedback on a new project focused on operational technology (OT) asset management as the foundation for stronger OT cybersecurity.

The draft project description, Asset Management as a Foundation for OT Cybersecurity, outlines the project’s scope, challenges and technical approach. The NCCoE plans to demonstrate practical methods for OT asset discovery, inventory, configuration and change management.

The project will involve collaboration with asset owners, operators, and solution providers. The NCCoE plans to demonstrate real-world OT asset management and visibility solutions using commercially available products.

The proposal also includes a high-level reference architecture, desired technical capabilities and alignment with relevant standards, including outcomes from the NIST Cybersecurity Framework 2.0.

The NCCoE said AI is accelerating both the discovery and exploitation of vulnerabilities, making strong OT asset management increasingly important as organisations modernise industrial systems, adopt zero trust architectures and respond to AI-driven cyber threats.

Many organisations struggle to maintain a complete inventory of OT assets. Without effective asset management, activities such as risk assessment, network segmentation, vulnerability management, incident response and technology modernisation become significantly more difficult.

The NCCoE said the laboratory demonstration will support the development of source code, scripts, architectures, procedures, and guidelines. These resources are intended to help organisations gain the visibility needed to detect and respond to modern cyber threats in OT environments.

The centre is seeking input from asset owners, operators, technology providers, and cybersecurity practitioners. Feedback will help refine the project scope, use cases, reference architecture, and demonstration objectives.

Following the consultation, the NCCoE plans to recruit collaborators for project demonstrations and development activities. Public comments on the draft are open until 31 July 2026.

Why does it matter?

Operational technology underpins critical infrastructure, manufacturing and industrial operations, making accurate asset visibility a prerequisite for effective cybersecurity. As AI enables attackers to identify and exploit vulnerabilities more quickly, organisations need reliable inventories, configuration management and continuous monitoring to support risk assessments, zero trust strategies and incident response.

The project also reflects a broader shift towards practical cybersecurity guidance. By working with industry to develop reference architectures, tools and implementation guidance aligned with the NIST Cybersecurity Framework 2.0, the NCCoE aims to help organisations translate cybersecurity best practices into operational improvements across industrial environments.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

NCSC warns of growing cyber risks to critical infrastructure

Hostile state actors were linked to around three-quarters of cyber attacks affecting the UK’s critical national infrastructure over the past year, according to the head of the National Cyber Security Centre.

Speaking at the Royal United Services Institute’s Annual Security Lecture, NCSC CEO Dr Richard Horne said the agency managed more than 200 cyber incidents affecting critical national infrastructure and its supporting ecosystem in the year to May 2026.

Horne said around 75% of those incidents were believed to be linked to state actors. He warned that hostile states are increasingly targeting the systems that underpin essential services in the UK.

The NCSC chief said cybersecurity should not be treated only as a technical risk to be managed, but as an ongoing contest with capable adversaries. He urged executives and board members to improve resilience by understanding their exposure to threats, strengthening proven security fundamentals and ensuring organisations can continue operating and recover quickly after attacks.

Horne also warned that AI is likely to accelerate the threat. The NCSC assesses that by 2028, attackers will probably use AI-enabled cyber capabilities to exploit known vulnerabilities in legacy technology at scale across critical national infrastructure.

He said many serious incidents still occur because basic cybersecurity measures are not in place. The warning places legacy systems, board-level accountability and operational resilience at the centre of the UK’s critical infrastructure security debate.

Why does it matter?

The NCSC warning shows that cyber attacks on critical infrastructure are no longer just an operational IT risk. They are part of a wider geopolitical contest involving hostile states, essential services and national resilience. The AI warning makes the issue more urgent: if attackers can use AI to exploit known weaknesses in legacy systems at scale, organisations that have tolerated unresolved vulnerabilities may face attacks much faster and broader.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Google proposes a balanced approach to AI governance in the US

Google has published a policy paper proposing a two-track approach to AI governance in the United States, separating oversight of frontier AI models from rules for widely deployed AI applications.

The paper argues that AI policy should avoid what Google describes as a false choice between over-regulation and no regulation. Instead, the company calls for a pragmatic, evidence-based framework that treats the most advanced AI systems differently from everyday AI tools such as chatbots.

For frontier AI, Google proposes the creation of a Frontier AI Regulatory Organisation, or FARO. The industry-funded body would operate under federal oversight and develop standards for safety, security, incident reporting and transparency.

Google says FARO could set scientific benchmarks for frontier capabilities, particularly in areas such as cybersecurity and chemical, biological, radiological and nuclear risks. It could also oversee independent audits and require frontier AI companies to publish and follow safety frameworks before releasing highly capable models.

For widely deployed AI applications, Google argues that the federal government should rely mainly on existing legal frameworks, with targeted updates where needed. The paper says policy should focus on real-world harms and outputs rather than micromanaging AI development.

The company identifies several priority areas, including workforce preparedness, child safety, information integrity, copyright, privacy and energy infrastructure for data centres.

Google supports measures such as AI interaction guidelines for children, disclosures that chatbots are not sentient, rules for self-harm-related queries, watermarking and provenance standards for generative AI, privacy-enhancing technologies and workforce reskilling.

The paper presents the model as a way to address national security and consumer protection risks while preserving US leadership in AI development.

Why does it matter?

Google’s paper is a significant industry intervention in the US AI policy debate. Its two-track model reflects a broader governance trend: frontier AI is increasingly being treated as a national security and safety issue, while everyday AI applications are being handled through consumer protection, child safety, privacy, copyright and labour policy. The proposal could influence federal discussions, but it also reflects Google’s own regulatory preferences, including industry-funded oversight, confidential audit reports and reliance on existing law for many AI applications.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Canadian ministers to discuss Safe Social Media Act

Canadian Heritage will hold an in-person roundtable in Winnipeg on Bill C-34, the Safe Social Media Act, as the government continues public discussion on its proposed online safety framework.

The event will bring together Marc Miller, Minister of Canadian Identity and Culture and Minister responsible for Official Languages, and Adam van Koeverden, Secretary of State for Sport. Media representatives have been invited to attend the conclusion of the discussion, followed by an informal media availability.

The Safe Social Media Act was introduced on 10 June 2026 and would create new duties for social media services, AI chatbot services and other regulated online services. The government says the bill is intended to make platforms more responsible for addressing harmful content and creating safer online spaces, especially for children and young people.

The bill would enact the Digital Safety Act and establish the Digital Safety Commission of Canada. The proposed framework focuses on platform accountability, child protection, transparency and the prevention of online harms before they occur.

The legislation comes amid growing international debate over children’s access to social media, age restrictions, harmful content, platform design and the role of AI chatbots in online safety.

The Winnipeg roundtable signals continued government engagement with stakeholders as Bill C-34 moves through the parliamentary process.

Why does it matter?

Canada’s Safe Social Media Act is part of a wider global shift towards stronger online safety rules focused on children and young people. By covering social media services and AI chatbots, the bill reflects growing concern that harmful content, platform design and AI-driven interactions can affect child safety, mental health and exposure to exploitation. The proposed Digital Safety Commission would also create a new federal oversight structure for platform accountability.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU targets AWS and Azure under the DMA

The European Commission has informed Amazon and Microsoft of its preliminary view that their cloud computing services, Amazon Web Services and Microsoft Azure, should be designated as gatekeepers under the Digital Markets Act.

The move could extend the DMA’s reach into cloud infrastructure, a sector the Commission describes as critical to Europe’s digital economy and AI development.

The Commission opened market investigations into AWS and Azure in November 2025. It has now been provisionally concluded that both services act as important gateways between businesses and customers in the EU, despite not meeting the DMA’s standard quantitative thresholds.

According to the Commission, AWS and Azure benefit from large and established user bases, high switching costs, loyalty effects, broad cloud ecosystems and long-standing market positions. It also said their AI tool portfolios and partnerships are becoming increasingly important for cloud customers.

Amazon and Microsoft now have the opportunity to examine the investigation files and respond to the preliminary findings. If the Commission confirms its assessment, AWS and Azure would be designated as gatekeepers, and the companies would have six months to comply with DMA obligations.

The Commission said fair and competitive cloud markets are important for secure, sustainable and interoperable cloud services in Europe. It also linked the case to Europe’s wider technological sovereignty objectives, as cloud infrastructure underpins AI systems, enterprise software and public services.

Why does it matter?

The case shows how the EU competition policy is moving deeper into the infrastructure behind the AI economy. Cloud platforms are no longer just business services; they shape access to compute, data, AI tools, software ecosystems and switching options for companies and public institutions. If AWS and Azure are designated as DMA gatekeepers, the decision could affect cloud interoperability, customer lock-in and the balance of power between US hyperscalers and European cloud providers.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EDPB updates right to erasure case digest

The European Data Protection Board has updated its one-stop-shop case digest on the GDPR rights to erasure and to object.

The digest is based on final one-stop-shop decisions from the EDPB’s public register under Article 60 of the GDPR. It presents key decisions on a specific theme and provides aggregate findings from relevant cross-border cases.

The updated digest focuses on how data protection authorities assess the internal processes organisations use to comply with erasure requests and objections to processing.

It also lists frequent infringements and provides an overview of corrective measures issued by data protection authorities. Cases include objections to direct marketing and requests by individuals to delete accounts or online data profiles.

The update reflects hundreds of new one-stop-shop decisions adopted by data protection authorities since the original digest was finalised.

The digest was developed under the EDPB’s Support Pool of Experts programme, which supports cooperation among European data protection authorities by providing expertise and enforcement tools.

Why does it matter?

The right to erasure and the right to object are among the GDPR rights most directly used by individuals to control how organisations handle their personal data. The updated digest can help regulators and organisations understand how data protection authorities apply these rights in practice, especially in cross-border cases. It also supports more consistent GDPR enforcement by highlighting recurring infringements, procedural weaknesses and corrective measures.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Greek supercomputer DAEDALUS enters global supercomputer rankings

Greece’s DAEDALUS supercomputer has entered the international TOP500 and Green500 rankings, strengthening the country’s position in Europe’s high-performance computing landscape.

The system ranked 31st in the TOP500 list of the world’s most powerful supercomputers and 23rd in the Green500 list of energy-efficient systems. According to GRNET, DAEDALUS recorded a measured performance of 85.69 petaflops, making it the most powerful computing system ever ranked in Greece.

DAEDALUS is based on Hewlett Packard Enterprise architecture and uses NVIDIA GH200 accelerators. It also uses direct liquid cooling, combining high computing performance with energy efficiency.

The supercomputer and its data centre are located at the Lavrio Technological and Cultural Park of the National Technical University of Athens, inside the former Power Station building.

Once fully operational, DAEDALUS is expected to support researchers, universities, industry and public authorities working on demanding computational tasks. These include AI, cybersecurity, personalised healthcare, climate research, public administration and large-scale data analytics.

The system will also serve as the computational core of PHAROS, Greece’s national AI Factory under the European AI Factories initiative. Through PHAROS, Greece aims to expand access to AI infrastructure and support the development of AI applications across research, business and the public sector.

The project forms part of Greece’s wider digital transformation agenda and contributes to European efforts to strengthen technological capacity, AI infrastructure and digital sovereignty through high-performance computing.

Why does it matter?

DAEDALUS gives Greece strategic computing capacity for AI research, scientific modelling and public-sector digital transformation. Its role in PHAROS also links national supercomputing infrastructure to the EU’s AI Factories initiative, which aims to give researchers and companies access to advanced computing resources for AI development. The Green500 ranking matters as well, because Europe’s AI infrastructure push increasingly depends not only on raw performance, but also on energy efficiency and sustainable data-centre design.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Canadian cybersecurity agency warns AI is reshaping cyber threats

Canada’s Centre for Cyber Security has warned that frontier AI models are rapidly transforming the cyber threat landscape, reducing the time organisations have to detect, contain and respond to attacks.

According to the Cyber Centre, AI is enabling cybercriminals to identify vulnerabilities, automate complex attack chains and generate increasingly convincing phishing campaigns, deepfakes and voice impersonation attacks at unprecedented speed and scale.

The advisory follows a joint statement by the Five Eyes cybersecurity agencies urging organisations worldwide to strengthen cyber resilience before AI-enabled attacks evolve into major operational, financial and national security incidents.

The Cyber Centre also highlights internal risks associated with unapproved AI use, including the exposure of sensitive information and reliance on inaccurate or manipulated AI-generated outputs.

Rather than viewing AI solely as a source of risk, the Cyber Centre encourages organisations to integrate frontier AI into cybersecurity operations. AI can help identify vulnerabilities earlier in software development, strengthen secure-by-design practices, improve security monitoring and accelerate incident detection and response.

The guidance emphasises that fundamental cyber hygiene, including timely patching, phishing-resistant multi-factor authentication, network segmentation, centralised logging and regularly tested incident response plans, remains essential despite rapid advances in AI capabilities.

Why does it matter?

The guidance reflects a shift in cybersecurity from preparing for future AI risks to responding to immediate operational challenges. As frontier AI enables attackers to identify vulnerabilities, automate exploitation and produce more sophisticated phishing and social engineering campaigns, organisations may have less time to detect and contain incidents.

The advisory also reinforces an emerging consensus among the Five Eyes partners that AI should be treated as both a cyber risk and a defensive capability. Alongside robust governance and responsible AI use, organisations are increasingly expected to combine AI-enabled security tools with strong cyber hygiene, secure-by-design practices and resilient incident response capabilities to keep pace with a rapidly evolving threat landscape.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

EU targets cross-border crime cooperation

The European Commission has proposed new measures to strengthen EU cooperation against cross-border crime, organised criminal networks, terrorism and hostile actors.

The Commission said crime is becoming more sophisticated, international and digital, requiring closer cooperation between police, customs authorities, prosecutors and courts from the start of investigations through to final judgments.

The package would strengthen the roles of Europol and Eurojust, the EU agencies that support national authorities in cross-border criminal investigations and judicial cooperation.

For Europol, the proposal would enable faster and more automated information sharing to support real-time collaboration during investigations. It would also create Europol Support Offices, staffed by former Europol officers, to provide operational assistance to the EU countries.

The Commission also wants to establish a technology and innovation hub within Europol to map law enforcement capability needs across the EU and support the use of new tools against cross-border crime.

Eurojust would receive stronger operational powers, including the ability to act on its own initiative to identify links between cases. Its mandate would also expand into emerging areas of crime, including cybercrime and gender-based violence.

The package would strengthen cooperation between Europol, Eurojust and the European Public Prosecutor’s Office, while also expanding international cooperation with third countries.

The Commission is also proposing to update the European Investigation Order, the EU procedure for gathering evidence across borders in criminal cases. A new European Remote Participation Order would allow suspects, accused persons and victims to take part remotely in criminal court hearings from another EU country.

Why does it matter?

Cross-border crime is increasingly digital and difficult for national authorities to tackle on their own. The Commission’s proposal aims to make EU investigations faster and more coordinated by improving data sharing, evidence gathering and cooperation between police, prosecutors and courts. The cybercrime and technology-hub elements are especially relevant because law enforcement agencies need technical capacity, legal tools and cross-border coordination to respond to digital criminal networks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU funds first regional hubs to protect undersea cables

The European Commission has announced funding for the first two Regional Cable Hubs in the Baltic and Mediterranean seas as part of a broader effort to strengthen the protection of Europe’s critical undersea infrastructure. The initiative aims to improve coordination in monitoring and responding to risks affecting submarine communication and energy cables.

Alongside the €5.8 million allocated to establish the hubs, the Commission has launched a €40 million funding call to expand Europe’s capacity to repair damaged submarine cables. The measures form part of the EU Action Plan on Cable Security, which aims to improve resilience against both physical and cyber threats affecting critical data and energy infrastructure.

The programme is intended to enhance the EU’s ability to detect incidents earlier and coordinate rapid responses across member states. Officials say the initiative will also strengthen cross-border cooperation among countries facing shared security challenges in strategically important maritime regions.

Executive Vice-President Henna Virkkunen said the project reflects Europe’s commitment to improving security and sovereignty by investing in stronger infrastructure resilience. The new hubs are expected to act as coordination centres for faster incident response, improved preparedness and enhanced situational awareness in the face of emerging threats.

Why does it matter?

Submarine cables are a critical component of modern digital and energy infrastructure, carrying the vast majority of international internet traffic while also supporting financial transactions, cloud services and cross-border energy connectivity. Disruptions to these networks can have immediate economic, security and operational consequences that extend far beyond the affected region.

The initiative also reflects a broader shift in European security policy. As concerns grow over geopolitical tensions, hybrid threats and infrastructure sabotage, the EU is increasingly treating undersea cables as strategic assets that require coordinated protection, monitoring and rapid repair capabilities. Strengthening resilience in these networks is becoming an important element of Europe’s broader agenda on digital sovereignty, critical infrastructure security and collective resilience.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!