The Federal Communications Commission (FCC) has launched a national security unit in response to recent cyber incidents affecting US telecommunications firms.
These incidents, attributed to a group known as Salt Typhoon, involved unauthorised access to sensitive data and communications.
The newly formed unit will be led by Adam Chan, FCC’s national security counsel, and will include representatives from eight different bureaus and offices within the agency. The council’s objectives are to:
Reduce reliance on foreign entities in the US telecom and technology supply chains.
Address vulnerabilities related to cyber threats, espionage, and surveillance.
Support U.S. leadership in critical technologies, including 5G, satellites, quantum computing, IoT, and robotics.
Cybersecurity experts have emphasised the importance of securing digital infrastructure against advanced threats. The telecommunications sector, despite its established cybersecurity measures, continues to face persistent and evolving risks.
Recent reports indicate that Salt Typhoon has continued targeting US telecom networks, with activity observed as recently as February.
The FCC has taken several steps in recent months to enhance industry security, and the formation of this council represents a further effort to strengthen resilience.
For more information on these topics, visit diplomacy.edu.
Elon Musk’s social media platform, X, experienced evident disruptions on Monday, 10 March 2025, affecting tens of thousands of users worldwide. The outages began around 6 a.m. Eastern Time, peaking at approximately 10 a.m. with over 41,000 reported issues, according to Downdetector. Users reported difficulties accessing the platform on mobile devices and computers worldwide, with services gradually returning to normal later in the day.
Elon Musk attributed these disruptions to a ‘massive cyberattack’, suggesting that a large, coordinated group or possibly a nation-state was involved. He said, ‘We get attacked every day, but this was done with many resources. Either a large, coordinated group and/or a country is involved.’ However, cybersecurity experts have expressed scepticism regarding Musk’s claims. They note that Distributed Denial of Service (DDoS) attacks, which overwhelm servers with excessive traffic, can be executed by relatively small groups or even individuals without the backing of a nation-state.
Musk further elaborated in an interview with Fox Business’ Larry Kudlow, asserting that the attack originated from IP addresses in the ‘Ukraine area’. This claim has raised eyebrows among cybersecurity professionals, as attributing cyberattacks based solely on IP addresses is notoriously unreliable. Attackers often use proxy servers and botnets across various countries to mask their true location, making definitive attribution challenging.
Either way, the timing of this cyberattack coincides with a tumultuous period for Musk’s business ventures, notably Tesla. Shares of Tesla have plummeted 15.4% to $222.15, their lowest since October. This decline is attributed to waning investor confidence due to the company’s declining global sales. Namely, Tesla experienced its first annual global sales decline last year, with significant drops in key markets such as California, Europe, and China. Analysts foresee a further 5% drop in US deliveries for 2025.
Compounding these financial challenges is Musk’s public alliance with President Donald Trump. Musk has been a prominent supporter of the Trump administration, contributing $277 million to Trump’s campaign and allied Republicans, making him the largest individual political donor in the 2024 election. This alliance has sparked a backlash from Tesla’s predominantly environmentally conscious customer base, leading to protests at Tesla showrooms and acts of vandalism against vehicles.
Furthermore, Musk has been appointed by President Trump to lead the newly established Department of Government Efficiency (DOGE), aiming to streamline federal operations and reduce unnecessary expenditures. Musk’s unconventional approach to this role, including setting up a gaming PC in the Secretary of War Suite at the Eisenhower Executive Office Building, has drawn both attention and criticism. His methods have been described as radical, openly dismissing traditional roles and respect for federal employees and their work.
Conclusions:
First, the convergence of these events—the cyberattack on X, Tesla’s market challenges, and Musk’s deepening political engagements—paints a complex picture of the current landscape surrounding Musk’s enterprises. The cyberattack raises questions about X’s security infrastructure and the potential motives behind such an attack. If a nation-state were indeed involved, it could signify a targeted effort to disrupt a platform influential in global communications.
Secondly, Tesla’s declining stock value means broader concerns about the company’s future performance amid increasing competition in the electric vehicle market. Companies like China’s BYD are emerging as formidable competitors, challenging Tesla’s market share. Musk’s political affiliations may also alienate a segment of Tesla’s customer base, further impacting sales.
Lastly, Musk’s alliance with President Trump positions him at a crucial intersection of business and politics. While this relationship significantly influences policies that could benefit his ventures, it also subjects him to heightened scrutiny and potential backlash. Public perception of Musk is becoming increasingly polarised, which could have additional and lasting implications for his businesses.
For more information on cybersecurity, digital policies, AI governance and other related topics, visit diplomacy.edu.
Musk suggested the attack was backed by significant resources, possibly indicating involvement by a large group or nation-state.
In other news:
Tusk warns against arrogance after US-Poland social media clash
In a recent post on X, Poland’s Prime Minister, Donald Tusk, has urged allies to show respect and avoid arrogance, following a heated social media exchange between Polish and US officials.
Trump’s viral ‘Everything is computer’ sparks new meme coin frenzy
A new meme coin, Everything is Computer (EIC), has taken the crypto market by storm after a viral comment from US President Donald Trump.
Switzerland will require operators of critical infrastructure to report cyberattacks to the National Cyber Security Centre (NCSC) within 24 hours from 1 April 2025, with fines for non-compliance taking effect…
The tax aims to target the profits of major tech companies to support local tech development, though its timing has sparked internal government debate.
The lawsuit claims Meta violated intellectual property rights by using the authors’ works without permission and removing copyright information to cover up the infringement.
The ECB is also addressing privacy concerns and exploring blockchain technologies amid competitive pressure from global digital currencies like China’s digital yuan and US stablecoins.
The situation has attracted potential buyers, including former Los Angeles Dodgers owner Frank McCourt, with analysts estimating TikTok’s value at up to $50 billion.
Developed using 120 Nvidia H100 GPUs in four weeks, the model is based on Meta’s Llama 3.1 architecture and is optimised for traditional Chinese and Taiwanese language styles.
The EU’s bold Digital Markets and Services Acts set the stage for a transatlantic clash with the US over the regulation of tech giants. As Brussels pursues digital sovereignty, Washington…
Can the SDGs serve as guardrails for metaverse development? In Part 4 of her blog series, Dr Anita Lamprech examines how human rights, ethics, and digital policies must evolve alongside immersive technologies.
UNESCO’s Recommendation on the Ethics of Artificial Intelligence sets a global standard for AI governance. It provides a framework for policymakers to ensure AI development aligns with ethical and inclusive principles.
The Trump administration’s decision to stipulate a cyber peace with Russia marks a dramatic shift in US cyber strategy, reflecting certain diplomatic efforts to resolve the ongoing Russia-Ukraine conflict. The decision to halt offensive cyber operations against Russia, reportedly directed by National Security Adviser Pete Hegseth, has ignited debates over US national security, intelligence operations, and international cyber policy implications. Critics warn that the move weakens US cyber deterrence, emboldening adversaries like Russia to act with impunity, while proponents argue that de-escalation in cyberwarfare could improve diplomatic engagement.
The order to US Cyber Command to stop all ongoing cyber-offensive activities — as well as any planned activity — targeting Russian cyber infrastructure, which has often been linked to disinformation campaigns, espionage, and election interference, comes with other fundamental changes the Trump administration wants to implement to recalibrate US-Russia relations. The same Pete Hegseth, appointed under President Donald Trump as the US Secretary of Defence, played a key role in advocating for the policy shift, aligning it with Trump’s broader agenda of reducing hostilities with Moscow and prioritising direct diplomatic channels over covert cyber operations. Such a cybersecurity policy change is an extension of the administration’s reluctance to escalate confrontations with Russia, especially in cyberspace, which remains a critical battleground in modern geopolitical conflicts.
However, the decision provoked immediate backlash from lawmakers and national security experts. Senate Minority Leader Chuck Schumer labelled the move a ‘critical strategic mistake,’ arguing that an equally strong offensive capability must complement a robust cyber defence. Schumer’s concerns are echoed by a broader faction in Washington that sees this decision as a capitulation to Russian cyber aggression. In an era where cyberattacks have become a core instrument of statecraft, critics argue that the USA cannot afford to cede ground, particularly to a country accused of interfering in elections and orchestrating widespread cyberespionage.
Beyond domestic political implications, the halt of US cyber operations raises serious concerns for America’s allies. Representative Adam Smith, the Ranking Member of the House Armed Services Committee, has called for greater transparency on the matter, demanding clarity from the Pentagon on the policy’s scope and its impact on intelligence-sharing agreements with NATO partners. The USA has long played a leadership role in countering Russian cyber threats, and this policy shift introduces uncertainties for European allies who have relied on American cyber expertise to fortify their digital defences.
Despite mounting criticism, the Pentagon and the Cybersecurity and Infrastructure Security Agency (CISA) have downplayed the significance of the change. The US Department of Defense has officially denied the statements of the press. A senior defence official stated that the USA remains committed to defending its digital infrastructure and countering foreign cyber threats but emphasised that cyber policy adjustments should not be interpreted as a retreat from broader security commitments. However, scepticism remains about whether this is a calculated diplomatic manoeuvre or a strategic misstep that could embolden adversaries like Russia further to expand their cyber operations without fear of US retaliation.
The complexity in the US cybersecurity sector
Recent media coverage of the US government’s actions on cybersecurity with Russia has overlooked the complexity of the US cybersecurity sector. A potential halt in cyber operations against Russia, if implemented, would primarily impact US Cyber Command’s offensive operations, which focus on advancing US national interests and military objectives.
However, such measures would not affect the operations of CISA (Cybersecurity and Infrastructure Security Agency), which is responsible for domestic and civilian cybersecurity, or the NSA (National Security Agency), which handles intelligence gathering.
The US policy shift partially depicts the evolving dynamics of cyberwarfare, where offence and defence are deeply interconnected. Without an offensive cyber strategy, intelligence agencies may struggle to prevent threats, leaving the USA and its allies vulnerable to cyber incursions. Some experts fear this move could set a dangerous precedent, signalling to other adversaries, including China and Iran, that the USA is scaling back its cyber posture. So, we pose the question: Will the Trump administration’s decision ultimately improve diplomatic relationships or expose the USA to greater cyber vulnerabilities in an unstable digital battlefield, geopolitically speaking?
For more information on cybersecurity, digital policies, AI governance and other related topics, visit diplomacy.edu.
The closure of USAID has sparked debate on the future of soft power and public digital diplomacy in a world dominated by hard power. Questions arise about the relevance of…
In other news:
Microsoft retires Skype, focuses on Teams
Skype, the pioneering internet calling service that revolutionised communication in the early 2000s, will make its final call on 5 May, as Microsoft retires the platform after two decades.
Musk’s bid to halt OpenAI’s for-profit transition rejected
A US court has denied Elon Musk’s request for a preliminary injunction against OpenAI’s transition into a for-profit organisation.
The Trump administration is shifting its stance by no longer recognising Russia as a significant cyber threat to US national security, deviating from previous intelligence assessments. This change is communicated…
A landmark agreement to replace the outdated passport stamping process by collecting biometric data, including photos and fingerprints, from non-EU visitors.
The IMF emphasised that the government should not accrue Bitcoin or issue debt instruments tied to it in an effort to improve governance, transparency, and economic resilience while mitigating risks…
The start-up’s transparent approach includes insights into its cost management strategies, such as load balancing to optimise computing power and distribute work efficiently across servers and data centres.
UNESCO’s Recommendation on the Ethics of Artificial Intelligence sets a global standard for AI governance. It provides a framework for policymakers to ensure AI development aligns with ethical and inclusive principles.
In today’s digital world, protecting state data is essential. Data embassies, supported by the Vienna Convention, provide an innovative solution. Countries like Estonia and Monaco use them to enhance cybersecurity, ensuring data remains safe and secure.
The Amazons were real. DNA from warrior burials across the Eurasian steppes proves many were women. But what do they teach us about society? Aldo Matteucci examines.
Last week, the UN Open-Ended Working Group (OEWG) on the security of the use of information and communications technologies in 2021–2025 held its tenth substantive session, the penultimate session of the group before its mandate concludes in July of this year.
Tensions ran high since the first day, with attributions of cyberattacks and rights of reply denouncing those attributions taking centre stage. The states held tightly to their positions, largely unchanged since the last session in December 2024. The Chair pointed out that direct dialogue was lacking, with participants instead opting for a virtual town hall approach—circulating their positions and posting them on the portal, and reminded delegates that whatever decisions to be made would be made by consensus, urging them to demonstrate flexibility.
Ransomware, AI, and threats to critical infrastructure remain the biggest concerns of countries regarding the threat landscape. Even as countries don’t agree on an exhaustive list of threats or their sources, there is a strong emphasis on collective and cooperative responses such as capacity development and knowledge sharing to reduce the risk of these threats, as well as mitigate and manage them.
The long-standing debate between implementing existing norms and developing new ones continued. However, this session saw ASEAN countries take a more pragmatic approach, emphasising concrete steps toward implementing agreed norms while maintaining openness to discussing new ones in parallel. At the same time, the call from developing countries for greater capacity development gained momentum, underscoring the challenge of implementing norms without sufficient resources and support.
The discussions on international law have shown little progress in drawing closer between the positions states hold — there is still no consensus on the necessity of new legally binding regulations for cyberspace. There is also discord on how to proceed with discussing international law in the future permanent UN mechanism on cybersecurity.
Discussions on confidence-building measures (CBMs) were largely subdued, as few new CBMs were introduced, and states didn’t overly detail their POC Directory experience. Many states shared their CBM implementation, which is often linked to regional initiatives and best practices, showing eagerness to operationalise CBMs. It seems states now anticipate the future permanent mechanism to serve as the forum for detailed CBM discussions.
The Voluntary Fund and the Capacity-Building Portal have increasingly been regarded as key deliverables of the OEWG process. However, states remain cautious about the risk of duplicating existing global and regional initiatives, and a clear consensus has yet to emerge regarding the objectives of these deliverables.
States are still grappling with thematic groups and non-state stakeholder engagement questions in the future permanent mechanism. The Chair’s upcoming reflections and town halls will likely get the ball rolling on finding elements for the future permanent mechanism acceptable to all delegations.
Delegations have much to agree upon and exceedingly little time to do so. While this has been the mantra for the last two years, negotiations are now truly entering the eleventh hour, and consensus remains elusive. This spells trouble not just for the group’s final report, but also uncertainty for the future of UN cybersecurity discussions that the report will chart.
For more information on cybersecurity, digital policies, AI governance and other related topics, visit diplomacy.edu.
The Open-Ended Working Group (OEWG) on the security of and in the use of information and communications technologies in 2021–2025 will hold its seventh substantive session on 17-21 February 2025 in New York, the USA.
In other news:
Trump’s team considers tighter semiconductor trade restrictions on China with international cooperation
Donald Trump’s team is considering stronger semiconductor restrictions on China, expanding on measures introduced during Joe Biden’s presidency.
EU Commission proposes enhanced cyber crisis management framework
The EU Commission introduced a proposal aimed at strengthening the EU’s response to large-scale cyber attacks.
The EU Commission’s proposal seeks to boost cybersecurity cooperation among Member States through collaborative clusters, a common crisis management taxonomy, ongoing exercises, improved DNS strategies, and enhanced information sharing.
A new wave of competition is emerging against Elon Musk’s Starlink, with rivals like China’s SpaceSail and Jeff Bezos’s Project Kuiper entering the satellite internet market.
Despite being one of the world’s most influential platforms, YouTube remains shrouded in mystery. A team of researchers has devised an unconventional way to uncover hidden statistics, challenging the carefully…
Known for its cost-effective and innovative strategies, DeepSeek is challenging more expensive Western AI models by using efficient Nvidia hardware and advanced techniques like Mixture-of-Experts (MoE).
The OEWG’s tenth session in February 2025 saw states emphasise collective action against cyber threats, address divisions on norms implementation and binding regulations, highlight the Voluntary Fund and Capacity-Building Portal,…
These approaches illustrate a global shift towards embracing AI’s transformative potential while considering the ethical and societal implications, fostering international cooperation to future-proof technological advancements.
Augmented reality features like ‘Tabletop’ allow NBA fans to view matches from multiple angles, analyse performances in real time, and simulate alternative outcomes.
UNESCO’s Recommendation on the Ethics of Artificial Intelligence sets a global standard for AI governance. It provides a framework for policymakers to ensure AI development aligns with ethical and inclusive principles.
The closure of USAID marks an important shift in U.S. foreign policy, potentially weakening American soft power and leaving a vacuum that rivals like China may exploit. As global diplomacy evolves, questions arise about the future of influence, public diplomacy, and the role of digital networks in shaping international relations.
How ready are countries for the metaverse? Nations are taking different approaches – state-led, industry-driven, or hybrid models. Where does your country stand? Dr Anita Lamprecht explores.
Once, diplomacy was a game of kings, queens, and marriages. Now, it’s a world of sub-federal actors, corporations, NGOs, and diasporas. The ambassador is no longer the sole conduit of statecraft – just one node in a growing network. Aldo Matteucci writes.
The primary goal of this webinar is to provide a platform for dialogue, knowledge sharing, and collaboration among policymakers, tourism stakeholders, and digital technology experts.
The Japanese Defence Ministry has unveiled its inaugural policy to promote AI use, aiming to adapt to technological advancements in defence operations. Focusing on seven key areas, including detection and identification of military targets, command and control, and logistic support, the policy aims to streamline the ministry’s work and respond to changes in technology-driven defence operations.
The new policy highlights that AI can enhance combat operation speed, reduce human error, and improve efficiency through automation. AI is also expected to aid in information gathering and analysis, unmanned defence assets, cybersecurity, and work efficiency. However, the policy acknowledges the limitations of AI, particularly in unprecedented situations, and concerns regarding its credibility and potential misuse.
The Defence Ministry plans to secure human resources with cyber expertise to address these issues, starting a specialised recruitment category in fiscal 2025. Defence Minister Minoru Kihara emphasised the importance of adapting to new forms of battle using AI and cyber technologies and stressed the need for cooperation with the private sector and international agencies.
Recognising the risks associated with AI use, Kihara highlighted the importance of accurately identifying and addressing these shortcomings. He stated that Japan’s ability to adapt to new forms of battle with AI and cyber technologies is a significant challenge in building up its defence capabilities. The ministry aims to deepen cooperation with the private sector and relevant foreign agencies by proactively sharing its views and strategies.
President of Indonesia Joko Widodo has ordered an audit of government data centres following a significant ransomware cyberattack that exposed the country’s vulnerability to such incidents.
The attack, which disrupted multiple government services, including immigration and airport operations, affected over 230 public agencies. Despite an $8 million ransom demand, the government of Indonesia has refused to pay to retrieve the encrypted data.
In response, state auditor Muhammad Yusuf Ateh announced that the audit would examine both the governance and financial aspects of the data centres. The head of Indonesia’s cybersecurity agency, Hinsa Siburian, revealed that 98% of the compromised data had not been backed up, highlighting a major governance issue.
Communications Minister Budi Arie Setiadi acknowledged that while backup capacity was available, budget constraints had prevented its use, which will now be made mandatory.
The cyberattack has led to widespread criticism of Minister Setiadi, with digital advocacy group SAFEnet calling for his resignation due to repeated cyberattacks.
Setiadi countered with a petition to stay on as minister and informed parliament that a ‘non-state actor’ seeking money was likely behind the attack. The government aims to fully restore services by August, using backup data centres and improved cybersecurity measures.
Why does it matter?
The IATSE’s tentative agreement represents a significant step forward in securing fair wages and job protections for Hollywood’s behind-the-scenes workers, ensuring that the rapid technological advancements do not come at the expense of human employment.
Emerging Russia-aligned cyber groups similar to private military contractors Wagner pose a threat to the UK’s critical national infrastructure (CNI), UK Minister Oliver Dowden noted in a speech at the CyberUK conference in Belfast. Dowden noted that the government, in conjunction with the National Cyber Security Centre, plans to set cyber-resilience targets for critical sectors to meet within two years. Additionally, private sector companies involved in critical infrastructure will be subject to resilience regulations.
It remains unclear how these groups are similar to the Wagner Group of mercenaries. The hacking groups, it was noted, are motivated by ideology rather than finances, are not directly controlled by the Kremlin and are, therefore, less likely to exercise the same restraint as nation state hackers.
The head of the National Cyber Security Centre (NCSC), Lindy Cameron, announced that China represents a significant and era-defining challenge for the West.
Cameron raised concerns about China’s increasing technological prowess and its impact on global politics and economics. ‘Bluntly, we cannot afford not to keep pace with China. Otherwise, we risk China becoming the predominant power in cyberspace’, she said. ‘China is not only pushing for parity with Western countries, it is aiming for global technological supremacy,’ Cameron continued.
She noted that China is using its cyber capabilities to conduct intelligence and surveillance campaigns. Similar remarks about China’s activities were made earlier in the week by the Dutch General Intelligence and Security Service’s director general Eric Akerboom.
This comes as Western countries grapple with how to respond to China’s growing influence and potential security risks.
The EU’s proposed draft Cyber Solidarity Act aims to enhance EU cross-border coordination for cyberattack prevention and response. Such legislation was suggested in response to an increased threat of significant cyberattacks following Russia’s invasion of Ukraine.
The Commission’s proposal suggests a public-private collaboration to respond to cyberattacks. However, some aspects, particularly intelligence sharing, have attracted debate and opposition from the EU member states.
The act proposes a European Cyber Shield, consisting of national and cross-border Security Operations Centers (SOCs), which will monitor and identify cyber threats using AI technology and alert authorities. The proposal aims to work alongside, rather than replace; the EU member states’ current cybersecurity operation centres.
The act will also establish a Cyber Emergency Mechanism to improve incident response capabilities and preparedness in the EU. This mechanism will include preparedness actions, such as testing entities in critical sectors for vulnerabilities, creating a new EU Cybersecurity Reserve of pre-contracted incident response services ready to intervene in case of a severe cybersecurity incident, and providing financial support for mutual assistance between the EU member states.
The proposed act will also establish a Cybersecurity Incident Review Mechanism to assess significant incidents and issue recommendations for improving the Union’s cyber posture.
The total budget for all actions under the EU Cyber Solidarity Act is EUR 1.1 billion.
The US Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the NSA, the UK National Cyber Security Centre (NCSC), and technology firm Cisco released advisories highlighting attacks on routers believed to have been exploited by hackers group APT28.
APT28, allegedly linked to Russia’s General Staff Main Intelligence Directorate’s (GRU) targeted Cisco router vulnerabilities throughout 2021, attacking ‘a small number based in Europe, US government institutions and approximately 250 Ukrainian victims.’
APT28 exploited a vulnerability CVE-2017-6742 to access the Simple Network Management protocol (SNMP), which allows network administrators to monitor and configure network devices remotely. Poor configuration, such as using default settings, allowed APT28 to gain access to router information. For some of the targeted devices, APT28 deployed malware, which allowed them to obtain further device information and backdoor access.
Previously, the NCSC attributed attacks on the German parliament in 2015 and the Organization for the Prohibition of Chemical Weapons (OPCW) in April 2018 to APT28.
