Japan unveils AI defence strategy

The Japanese Defence Ministry has unveiled its inaugural policy to promote AI use, aiming to adapt to technological advancements in defence operations. Focusing on seven key areas, including detection and identification of military targets, command and control, and logistic support, the policy aims to streamline the ministry’s work and respond to changes in technology-driven defence operations.

The new policy highlights that AI can enhance combat operation speed, reduce human error, and improve efficiency through automation. AI is also expected to aid in information gathering and analysis, unmanned defence assets, cybersecurity, and work efficiency. However, the policy acknowledges the limitations of AI, particularly in unprecedented situations, and concerns regarding its credibility and potential misuse.

The Defence Ministry plans to secure human resources with cyber expertise to address these issues, starting a specialised recruitment category in fiscal 2025. Defence Minister Minoru Kihara emphasised the importance of adapting to new forms of battle using AI and cyber technologies and stressed the need for cooperation with the private sector and international agencies.

Recognising the risks associated with AI use, Kihara highlighted the importance of accurately identifying and addressing these shortcomings. He stated that Japan’s ability to adapt to new forms of battle with AI and cyber technologies is a significant challenge in building up its defence capabilities. The ministry aims to deepen cooperation with the private sector and relevant foreign agencies by proactively sharing its views and strategies.

Indonesia orders audit after ransomware compromises government data

President of Indonesia Joko Widodo has ordered an audit of government data centres following a significant ransomware cyberattack that exposed the country’s vulnerability to such incidents.

The attack, which disrupted multiple government services, including immigration and airport operations, affected over 230 public agencies. Despite an $8 million ransom demand, the government of Indonesia has refused to pay to retrieve the encrypted data.

In response, state auditor Muhammad Yusuf Ateh announced that the audit would examine both the governance and financial aspects of the data centres. The head of Indonesia’s cybersecurity agency, Hinsa Siburian, revealed that 98% of the compromised data had not been backed up, highlighting a major governance issue.

Communications Minister Budi Arie Setiadi acknowledged that while backup capacity was available, budget constraints had prevented its use, which will now be made mandatory.

The cyberattack has led to widespread criticism of Minister Setiadi, with digital advocacy group SAFEnet calling for his resignation due to repeated cyberattacks.

Setiadi countered with a petition to stay on as minister and informed parliament that a ‘non-state actor’ seeking money was likely behind the attack. The government aims to fully restore services by August, using backup data centres and improved cybersecurity measures.

Why does it matter?

The IATSE’s tentative agreement represents a significant step forward in securing fair wages and job protections for Hollywood’s behind-the-scenes workers, ensuring that the rapid technological advancements do not come at the expense of human employment.

UK minister warns ‘Wagner-like’ cyber groups threatening UK critical national infrastructure

Emerging Russia-aligned cyber groups similar to private military contractors Wagner pose a threat to the UK’s critical national infrastructure (CNI), UK Minister Oliver Dowden noted in a speech at the CyberUK conference in Belfast. Dowden noted that the government, in conjunction with the National Cyber Security Centre, plans to set cyber-resilience targets for critical sectors to meet within two years. Additionally, private sector companies involved in critical infrastructure will be subject to resilience regulations.

It remains unclear how these groups are similar to the Wagner Group of mercenaries. The hacking groups, it was noted, are motivated by ideology rather than finances, are not directly controlled by the Kremlin and are, therefore, less likely to exercise the same restraint as nation state hackers.

UK cybersecurity chief warns of China’s technological rise as a security threat

The head of the National Cyber Security Centre (NCSC), Lindy Cameron, announced that China represents a significant and era-defining challenge for the West.

Cameron raised concerns about China’s increasing technological prowess and its impact on global politics and economics. ‘Bluntly, we cannot afford not to keep pace with China. Otherwise, we risk China becoming the predominant power in cyberspace’, she said. ‘China is not only pushing for parity with Western countries, it is aiming for global technological supremacy,’ Cameron continued.

She noted that China is using its cyber capabilities to conduct intelligence and surveillance campaigns. Similar remarks about China’s activities were made earlier in the week by the Dutch General Intelligence and Security Service’s director general Eric Akerboom.

This comes as Western countries grapple with how to respond to China’s growing influence and potential security risks.

European Commission proposes the Cyber Solidarity Act for EU-wide response to cyberattacks

The EU’s proposed draft Cyber Solidarity Act aims to enhance EU cross-border coordination for cyberattack prevention and response. Such legislation was suggested in response to an increased threat of significant cyberattacks following Russia’s invasion of Ukraine.

The Commission’s proposal suggests a public-private collaboration to respond to cyberattacks. However, some aspects, particularly intelligence sharing, have attracted debate and opposition from the EU member states.

The act proposes a European Cyber Shield, consisting of national and cross-border Security Operations Centers (SOCs), which will monitor and identify cyber threats using AI technology and alert authorities. The proposal aims to work alongside, rather than replace; the EU member states’ current cybersecurity operation centres.

The act will also establish a Cyber Emergency Mechanism to improve incident response capabilities and preparedness in the EU. This mechanism will include preparedness actions, such as testing entities in critical sectors for vulnerabilities, creating a new EU Cybersecurity Reserve of pre-contracted incident response services ready to intervene in case of a severe cybersecurity incident, and providing financial support for mutual assistance between the EU member states.

The proposed act will also establish a Cybersecurity Incident Review Mechanism to assess significant incidents and issue recommendations for improving the Union’s cyber posture.

The total budget for all actions under the EU Cyber Solidarity Act is EUR 1.1 billion.

The Commission has also presented a proposal for a Cybersecurity Skills Academy under its new cybersecurity package.

US CISA, FBI, NSA, UK NCSC and Cisco warn about attacks on routers by Russia-linked actors

The US Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the NSA, the UK National Cyber Security Centre (NCSC), and technology firm Cisco released advisories highlighting attacks on routers believed to have been exploited by hackers group APT28.

APT28, allegedly linked to Russia’s General Staff Main Intelligence Directorate’s (GRU) targeted Cisco router vulnerabilities throughout 2021, attacking ‘a small number based in Europe, US government institutions and approximately 250 Ukrainian victims.’

APT28 exploited a vulnerability CVE-2017-6742 to access the Simple Network Management protocol (SNMP), which allows network administrators to monitor and configure network devices remotely. Poor configuration, such as using default settings, allowed APT28 to gain access to router information. For some of the targeted devices, APT28 deployed malware, which allowed them to obtain further device information and backdoor access.

Previously, the NCSC attributed attacks on the German parliament in 2015 and the Organization for the Prohibition of Chemical Weapons (OPCW) in April 2018 to APT28.

Russia’s FSB said Pentagon, NATO states behind massive cyberattacks from Ukraine against Russia

The Pentagon and NATO countries are behind massive cyberattacks from Ukrainian territory against the Russian critical infrastructure, the press office of Russia’s Federal Security Service (FSB) claimed.

Over 5,000 hacker attacks on Russian critical infrastructure have been recorded since the beginning of 2022, the press office said in a statement. ‘The analysis of revealed computer threats has helped obtain data evidencing that the United States and NATO countries used Ukrainian territory for carrying out massive computer attacks on civilian infrastructure facilities in Russia,’ the security agency stated. The FSB further claimed that Washington wants to portray only Ukraine as the ‘author” of these cyberattacks. However, FSB stressed that the Pentagon is directly involved in developing these cyberattacks in consultation with international and national hacker groups such as Anonymous, Silence, Ghost Clan from the United States, RedHack from Turkey, GNG from Georgia, and Squad 303 from Poland.

Suspected Fancy Bear leader allegedly hacked by a pro-Ukrainian group

Ukrainian hacktivist group Kiber Sprotyv (Cyber Resistance) claimed to have breached the email of Sergey Alexandrovich Morgachev, who is believed to be the leader of the Russian state-sponsored hacker group Fancy Bear, also known as APT28.

Kiber Sprotyv uncovered Morgachev’s personal data, his home address, car plates, the location of the Russian hackers’ secretive office, and associates of Morgachev. They shared the data with InformNapalm volunteer intelligence community.

Morgachev serves as a Lieutenant Colonel of the Russian Main Intelligence Directorate of the General Staff of the Russian Army (GRU). In 2018, he was named in a US indictment charging Russian nationals with attempting to hack the Democratic National Committee (DNC) ahead of the 2016 US presidential election.

Yurii Shchyhol warns of a new ongoing World Cyber War

Yurii Shchyhol, the head of the Ukrainian State Service of Special Communications and Information Protection, warns there might be an ongoing World Cyber War since the start of Russia’s invasion. Russian cyberespionage and cyberattacks since 24 February weren’t targeted only at Ukraine. Their intervention has been recorded in 42 countries across six continents, mostly from NATO and countries which supported Ukraine during this period.

Shchyhol has stated for Politico that the world has been awakened and that countries are more willing to intensely cooperate with each other on these issues. He also advised: ‘But what we need are not further sanctions and further efforts to curb cyberattacks, we also need for global security companies to leave the market of the Russian Federation. Only then can we ensure the victory will be ours, especially in cyberspace.’

In this interview, it was said that there is strong assistance from the U.S. Cyber Command and the National Security Agency as all of Russia’s attacks are ‘an ongoing, continuous war, including the war in cyberspace.’ What Shchyhol also warns us is that despite the two-month stagnation of Russian cyber attacks, what they’re doing is just a part of their tactic in order to collect resources for another attack – which will likely be on a global level.