cybersecurity

UK Home Office’s new vulnerability reporting policy creates legal risks for ethical researchers, experts warn

The UK Home Office has introduced a vulnerability reporting mechanism through the platform HackerOne, allowing cybersecurity researchers to report security issues in its systems. However, concerns have been raised that individuals who submit reports could still face legal risks under the UK’s Computer Misuse Act (CMA), even if they follow the department’s new guidance.

Unlike some private-sector initiatives, the Home Office program does not offer financial rewards for reporting vulnerabilities. The new guidelines prohibit researchers from disrupting systems or accessing and modifying data. However, they also caution that individuals must not ‘break any applicable law or regulations,’ a clause that some industry groups argue could discourage vulnerability disclosure due to the broad provisions of the CMA, which dates back to 1990.

The CyberUp Campaign, a coalition of industry professionals, academics, and cybersecurity experts, warns that the CMA’s definition of unauthorized access does not distinguish between malicious intent and ethical security research. While the Ministry of Defence has previously assured researchers they would not face prosecution, the Home Office provides no such assurances, leaving researchers uncertain about potential legal consequences.

A Home Office spokesperson declined to comment on the concerns.

The CyberUp Campaign acknowledged the growing adoption of vulnerability disclosure policies across the public and private sectors but highlighted the ongoing legal risks researchers face in the UK. The campaign noted that other countries, including Malta, Portugal, and Belgium, have updated their laws to provide legal protections for ethical security research, while the UK has yet to introduce similar reforms.

The Labour Party had previously proposed an amendment to the CMA that would introduce a public interest defense for cybersecurity researchers, but this was not passed. Last year, Labour’s security minister Dan Jarvis praised the contributions of cybersecurity professionals and stated that the government was considering CMA reforms, though no legislative changes have been introduced so far.

For more information on these topics, visit diplomacy.edu.

Sweden considers law requiring encrypted messaging backdoors, Signal threatens to exit

Swedish law enforcement and security agencies are advocating for legislation that would require encrypted messaging services such as Signal and WhatsApp to implement technical measures allowing authorities to access user communications, according to a report by SVT Nyheter.

If introduced, the bill would mandate that these platforms retain messages and provide law enforcement with access to the message history of criminal suspects. Minister of Justice Gunnar Strömmer stated that such measures are necessary for authorities to carry out investigations effectively.

Signal Foundation President Meredith Whittaker told SVT Nyheter that if the proposed legislation requires the company to introduce backdoors, Signal would withdraw from the Swedish market rather than comply. The Swedish Armed Forces have also expressed concerns, warning that implementing such access mechanisms could introduce security risks that might be exploited by unauthorised parties.

The bill could be considered by Sweden’s parliament, the Riksdag, next year if it moves forward in the legislative process.

Similar legislative efforts have been introduced in other countries. In the UK, Apple recently disabled end-to-end encryption for iCloud accounts in response to government demands for access to encrypted data.

For more information on these topics, visit diplomacy.edu.

EU Commission proposes enhanced cyber crisis management framework

The EU Commission introduced a proposal aimed at strengthening the EU’s response to large-scale cyber attacks. This recommendation to the Council of Ministers seeks to update the existing EU framework for crisis management in cybersecurity and outline the roles of relevant EU actors, including civilian and military entities as well as NATO.

Specifically, the proposal aims to establish coordination points with NATO to facilitate information sharing during cyber crises, including interconnections between systems. If Member States deploy defense initiatives during a cybersecurity incident, they must inform EU-CyCLONe and the EU Cyber Commanders Conference.

The High Representative, in collaboration with the Commission and relevant entities, should facilitate information flow with strategic partners during identified incidents and enhance coordination against malicious cyber activities using the cyber diplomacy toolbox. Joint exercises should be organized to test cooperation between civilian and military components during significant incidents, including those affecting NATO allies and candidate countries.

The Commission noted that a significant cybersecurity incident could overwhelm the response capabilities of individual Member States and impact multiple EU countries, potentially leading to a crisis that disrupts the internal market and poses risks to public safety. It encourages the establishment of voluntary collaborative clusters to foster cooperation and trust in cybersecurity. Member States can create these clusters based on existing information-sharing frameworks, focusing on common threats while adhering to the mandates of participating actors.

The document emphasizes the importance of a comprehensive and integrated approach to crisis management across all sectors and levels of government. It highlights that if cybersecurity incidents are part of a broader hybrid campaign, stakeholders should collaborate to develop a unified situational awareness across sectors.

Within twelve months of adopting the cybersecurity blueprint, Member States must develop a unified taxonomy for cyber crisis management and establish guidelines for the secure handling of cybersecurity information. The proposal emphasises avoiding over-classification to promote the sharing of non-classified information through established cooperation platforms.

To enhance preparedness for crises and improve organizational efficiency, Member States and relevant entities should conduct ongoing cyber exercises based on scenarios derived from EU-coordinated risk assessments, aligning with existing crisis response mechanisms. Smaller exercises should test interactions during escalating incidents, while the Commission, EEAS, and ENISA will organize an exercise within eighteen months to evaluate the cybersecurity blueprint, involving all relevant stakeholders, including the private sector.

The proposal also recommends that Member States and critical infrastructure operators integrate at least one Union-based DNS infrastructure, such as DNS4EU, to ensure reliable services during crises. ENISA and EU-CyCLONe are tasked with creating emergency failover guidelines for transitioning to Union-based DNS in case of service failures.

While the cybersecurity blueprint does not interfere with how entities define their internal procedures, each entity should clearly define the interfaces used for working with other entities. These interfaces should be jointly agreed upon between the entities concerned and documented.

National and cross-border cyber hubs should share threat information to bolster protection against Union-specific threats, and Member States are encouraged to engage in a multistakeholder forum to identify best practices and standards for securing critical Internet infrastructure. Public and private entities should implement threat-informed detection strategies to proactively identify potential disruptions. They must share information about covert operations with partners before crises escalate and report potential cyber crises to relevant networks, while the CSIRTs Network and EU-CyCLONe establish procedures for coordinating responses to large-scale incidents.

For more information on these topics, visit diplomacy.edu.

Hackers steal $1.5 billion in largest-ever crypto heist

Hackers have stolen $1.5 billion from Dubai-based cryptocurrency exchange Bybit in what is believed to be the largest digital heist in history. The attacker gained access to an Ethereum wallet during a routine transfer and moved the funds to an unknown address, sparking concerns across the cryptocurrency sector.

Bybit quickly reassured users that their funds remained secure, with chief executive Ben Zhou pledging to fully compensate affected customers. Despite this, the platform saw a surge of over 350,000 withdrawal requests, leading to potential delays. The company remains solvent, holding $20 billion in customer assets and is prepared to cover losses if necessary.

The price of Ethereum briefly dipped by nearly 4% following the breach but has since stabilised. Bybit has called upon leading cybersecurity experts to assist in recovering the stolen assets, offering a reward of up to $140 million. Speculation has emerged regarding the hackers’ identity, with reports suggesting possible links to the North Korean state-sponsored Lazarus group known for previous large-scale cryptocurrency thefts.

For more information on these topics, visit diplomacy.edu

New Microsoft’s quantum chip sparks fresh debate over Bitcoin’s security

According to Bitcoin exchange River, Microsoft’s latest quantum computing chip, Majorana 1, could accelerate the timeline for making Bitcoin resistant to quantum threats. While the risk of a quantum attack remains distant, experts warn that preparations must begin now. The chip, launched on 19 February, is part of a growing race in quantum technology, with Google’s Willow chip also making headlines in December.

River suggests that if quantum computers reach one million qubits by 2027-2029, they could crack Bitcoin addresses in long-range attacks. Though some argue such a scenario is still decades away, River insists early action is key. The potential threat has reignited discussions on BIP-360, a proposed upgrade to strengthen Bitcoin’s defences against future quantum advancements.

Critics remain sceptical, arguing that quantum computing is still in its infancy, with major technical challenges to overcome. Some believe traditional banking systems, which hold far greater assets than Bitcoin, would be targeted first. Others see quantum developments as an opportunity, suggesting they could help fortify Bitcoin’s security rather than weaken it.

For more information on these topics, visit diplomacy.edu.

Europol chief warns trust in law enforcement at risk

Law enforcement agencies must ensure public understanding of the need for expanded investigative powers to effectively combat the increasing scale and complexity of cybercrime, Europol’s chief Catherine De Bolle stated at the Munich Cyber Security Conference.

De Bolle emphasised that cybercriminal activity is not only growing in volume but also evolving in sophistication, leveraging both traditional telecom infrastructure and advanced digital tools, including dark web marketplaces. In response, she underscored the necessity for law enforcement agencies to strengthen their technical capabilities. However, she noted that implementing large-scale investigative measures must be balanced with maintaining public confidence in state institutions.

Her remarks followed those of Sir Jeremy Fleming, former director of the UK’s cyber intelligence agency GCHQ, who spoke about the importance of maintaining public trust in intelligence operations.

De Bolle further stressed the need for stronger collaboration between government agencies, private sector entities, and international organisations to address cyber threats effectively. As cybercrime and state-sponsored cyber activities increasingly overlap, she advocated for a shift away from fragmented approaches, calling for ‘multilateral responses’ to improve collective cybersecurity readiness.

For more information on these topics, visit diplomacy.edu.

Rising foreign cyber threats test Philippine security

The Philippines has reported attempts by foreign actors to infiltrate government intelligence systems, though no breaches have occurred, according to Cyber Minister Ivan Uy.

Advanced Persistent Threats (APTs), often linked to state-backed groups, have persistently targeted the nation but failed to compromise its cybersecurity defences.

Uy highlighted that some threats, described as ‘sleepers’, had been embedded in systems before being uncovered through government cybersecurity measures. He expressed concerns about such threats operating undetected for extended periods.

Efforts to trace the origins of these attacks are challenging, as hackers often leave misleading evidence. Diplomatic cooperation and intelligence sharing with the military and international allies have become key tools in countering these threats.

Last year, the government successfully thwarted cyberattacks allegedly originating in China, including attempts to breach systems related to maritime security. Uy noted that global cyber conflicts resemble a ‘non-kinetic World War III’, with nations and organisations exploiting digital vulnerabilities for strategic or financial gain.

In addition to cyberattacks, the Philippines is grappling with rising misinformation, deepfakes, and ‘fake news media outlets’ ahead of its mid-term elections in May.

The ministry has deployed tools to counter these risks, emphasising their potential to harm democracies reliant on informed public opinion during elections.

For more information on these topics, visit diplomacy.edu.

Cybersecurity firm Dream secures $100 million, hits $1.1 billion valuation

A cybersecurity firm co-founded by former Austrian Chancellor Sebastian Kurz and Israeli entrepreneurs has reached a valuation of $1.1 billion after securing $100 million in a new funding round.

The company, known as Dream, focuses on AI-driven cybersecurity solutions for governments and critical infrastructure. Bain Capital Ventures led the Series B investment, with additional backing from Group 11, Tru Arrow, Tau Capital, and Aleph.

Founded in January 2023, Dream has reported over $130 million in annual sales to government and national cybersecurity agencies in 2024.

The company was established by Kurz, former NSO Group CEO Shalev Hulio, and cybersecurity expert Gil Dolev. It operates out of Tel Aviv, Vienna, and Abu Dhabi, positioning itself as a key player in global cybersecurity.

Kurz, who became Austria‘s chancellor in 2017 at the age of 31, resigned in 2021 and was later convicted of perjury in a political case. He received an eight-month suspended sentence, which he is currently appealing. Despite his legal troubles, his latest business venture is rapidly growing in the cybersecurity industry.

For more information on these topics, visit diplomacy.edu.

Polish cybersecurity to gain from Microsoft funding

Microsoft has announced plans to invest an additional $700 million in Poland, aiming to strengthen the country’s cybersecurity capabilities.

The investment will be carried out in collaboration with Poland’s armed forces, marking a significant boost in security infrastructure.

The funding forms part of the second phase of Microsoft’s earlier commitment to the region, following a $1 billion data centre project announced in 2020.

That project saw the opening of a data centre in 2023, which provides cloud services to businesses and government institutions.

Polish Prime Minister Donald Tusk joined Microsoft President Brad Smith at a press conference to discuss the plans. The investment highlights the growing importance of cybersecurity in the partnership between Microsoft and Poland.

For more information on these topics, visit diplomacy.edu.

Google: Cybercrime now a national security threat, enabling state-backed attacks

A new report from Google states that cybercrime continues to expand, intersecting with state-backed cyber operations. Released ahead of the Munich Security Conference, research from Google’s Threat Intelligence Group and Mandiant outlines findings from their investigations in 2024 and trends observed over the past four years.

In 2024, Mandiant consultants responded to nearly four times as many incidents involving financially motivated actors compared to state-backed intrusions. However, the report notes that state-affiliated groups are increasingly leveraging cybercriminal tools and services, and at the same time ‘cybercrime receives much less attention from national security practitioners than the threat from state-backed groups‘.

According to Google, financially motivated and state-backed cyber activities are becoming more interconnected. Cybercriminal ecosystems facilitate the acquisition of malware, vulnerabilities, and operational support, offering lower-cost alternatives to state-developed capabilities.

The report emphasises that while cybercrime and state-backed cyber operations increasingly overlap, responses to these threats require distinct strategies. Cybercrime often involves networks operating across jurisdictions, necessitating international collaboration to address its impact effectively.

For more information on these topics, visit diplomacy.edu.