cybersecurity

FCC targets cybersecurity in the telecom sector

FCC Chairwoman Jessica Rosenworcel has proposed requiring US communications providers to certify annually that they have plans to defend against cyberattacks. The move comes amid growing concerns over espionage by ‘Salt Typhoon,’ a hacking group allegedly linked to Beijing that has infiltrated several American telecom companies to steal call data.

Rosenworcel highlighted the need for a modern framework to secure networks as US intelligence agencies assess the impact of Salt Typhoon’s widespread attack. A senior US official confirmed the hackers had stolen metadata from numerous Americans, breaching at least eight telecom firms.

The FCC proposal, which Rosenworcel has circulated to other commissioners, would take effect immediately if approved. The announcement follows a classified Senate briefing on the breach, but industry giants like Verizon, AT&T, and T-Mobile have yet to comment.

Axiado aims to block cyberattacks with hardware innovation

With organisations facing an average of 1,300 cyberattacks per week, Axiado is stepping up with a novel defence: a specialised security chip designed to protect digital infrastructure. Founded in 2017, the Silicon Valley-based startup recently secured $60M in Series C funding led by Maverick Silicon, with participation from Samsung Catalyst Fund and other investors. This brings Axiado’s total funding to $140M.

Axiado’s chip defends against boot-level and runtime security threats, ensuring the integrity of devices from data centres to 5G base stations. It uses root-of-trust technology to prevent hardware tampering and leverages AI-powered analytics to detect malicious data patterns. The company’s chip is positioned as a complement to existing software-based cybersecurity measures, acting as a last line of defence against sophisticated attacks.

The new funds will support Axiado’s go-to-market efforts and help transition its products into mass production by 2025. CEO Gopi Sirineni highlights the growing need for hardware-based security solutions, particularly as the stakes rise in the fight against cybercrime. With partnerships like the one with Jabil to develop server cybersecurity solutions, Axiado is set to expand its reach while competing with industry heavyweights and open-source projects such as Google’s OpenTitan.

US official advises encryption amid alleged Chinese hacking efforts

A senior United States cybersecurity official has urged Americans to embrace encryption to safeguard their communications, citing ongoing efforts to expel alleged Chinese hackers from US telecom networks. Jeff Greene, Executive Assistant Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), emphasised the importance of avoiding plaintext communications and recommending encrypted apps like Signal and WhatsApp.

US authorities have accused hackers from China of infiltrating telecommunications companies, such as T-Mobile, to access sensitive data, including call records and intercepted audio, predominantly from Washington, DC. Beijing has denied the allegations, calling them disinformation. Greene acknowledged that removing the hackers entirely from the networks could take an unpredictable amount of time, further underscoring the need for encryption to ensure secure communications.

The advice marks a notable shift from previous US government positions that questioned strong encryption’s impact on public safety. As concerns over foreign cyber intrusions grow, Greene’s remarks highlight encryption as a critical tool for Americans facing prolonged cybersecurity threats.

UK cyber security under growing threat

Hostile cyber activity targeting the UK has surged, with incidents increasing by 16% in 2024 compared to the previous year. The National Cyber Security Centre (NCSC) reported handling 430 incidents, up from 371 in 2023. Of these, 347 involved data exfiltration, while 20 were linked to ransomware, underscoring the growing risks.

Richard Horne from the NCSC revealed that adversaries are exploiting society’s reliance on technology to maximise disruption. The centre issued 542 notifications to affected organisations, more than doubling the number of alerts from the previous year. Critical infrastructure sectors such as energy, transport, and health remain particularly vulnerable to ransomware attacks.

The annual review from the NCSC emphasised the evolving nature of threats, warning of the potential for AI to enhance cyberattack complexity. Officials also noted that the risks posed by state actors and cybercriminals remain underestimated. Horne urged against complacency, highlighting the severity of both immediate and long-term dangers.

Efforts to counter these threats are intensifying, but experts stress the importance of strengthening defences and maintaining vigilance as the cyber landscape becomes increasingly hostile.

Cybersecurity chief warns of rising cyber risks in the UK

The UK faces an escalating cyber threat from hostile states and criminal gangs, according to Richard Horne, head of the National Cyber Security Centre (NCSC). In his first major speech, Horne warned that the severity of these risks is being underestimated, citing a significant rise in cyber incidents, particularly from Russia and China. He described Russia’s cyber activity as ‘aggressive and reckless’ while noting that China’s operations are highly sophisticated with growing global ambitions.

Over the past year, the NCSC responded to 430 cyber incidents, a marked increase from the previous year. Among them, 12 were deemed especially severe, a threefold rise from 2023. The agency highlighted the growing threats to critical infrastructure and supply chains, urging both public and private sectors to strengthen their cyber defences. The UK also faces a growing number of ransomware attacks, often originating from Russia, which target key organisations like the British Library and healthcare services.

Horne emphasised the human costs of cyber-attacks, citing how these incidents disrupt vital services like healthcare and education. The rise in ransomware, often linked to Russian criminal gangs, is a major concern, and the NCSC is working to address these challenges. The agency’s review also pointed to increasing cyber activity from China, Iran, and North Korea, with these states targeting the UK’s infrastructure and private sector.

Experts like Professor Alan Woodward of Surrey University echoed Horne’s concerns, urging the UK to step up its cybersecurity efforts to keep pace with evolving threats. With adversaries growing more sophisticated, the government and businesses must act swiftly to protect the country’s digital infrastructure.

Meta tightens financial ad rules in Australia

Meta Platforms announced stricter regulations for advertisers promoting financial products and services in Australia, aiming to curb online scams. Following an October initiative where Meta removed 8,000 deceptive ‘celeb bait’ ads, the company now requires advertisers to verify beneficiary and payer details, including their Australian Financial Services License number, before running financial ads.

This move is part of Meta’s ongoing efforts to protect Australians from scams involving fake investment schemes using celebrity images. Verified advertisers must also display a “Paid for By” disclaimer, ensuring transparency in financial advertisements.

The updated policy follows a broader regulatory push in Australia, where the government recently abandoned plans to fine internet platforms for spreading misinformation. The crackdown on online platforms is part of a growing effort to assert Australian sovereignty over foreign tech companies, with a federal election looming.

India introduces new rules for critical telecom infrastructure

The government of India introduced the Telecommunications (Critical Telecommunication Infrastructure) Rules, 2024, on 22 November, which require telecom entities designated as Critical Telecommunication Infrastructure (CTI) to grant government-authorised personnel access to inspect hardware, software, and data. These rules are part of the Telecommunications Act, 2023, empowering the government to designate telecom networks as CTI if their disruption could severely impact national security, the economy, public health, or safety.

The rules mandate that telecom entities appoint a Chief Telecom Security Officer (CTSO) to oversee cybersecurity efforts and report incidents within six hours, a revised deadline from the original two hours proposed in the draft rules. This brings the telecom sector in India in line with existing Telecom Cyber Security Rules and CERT-In directions, though experts argue that the six-hour window does not meet global standards and may contribute to over-regulation.

Telecom networks are already governed under the Information Technology Act, creating potential overlaps with other regulatory frameworks such as the National Critical Information Infrastructure Protection Centre (NCIIPC). The rules also raise concerns about inspection protocols and data access, as they lack clarity on when inspections can be triggered or what limitations should be placed on government personnel accessing sensitive information.

Experts have also questioned the accountability measures in case of abuse of power and the potential for government officials to access the personal data of telecom subscribers during these inspections. To implement these rules, telecom entities must provide detailed documentation to the government, including network architecture, access lists, cybersecurity plans, and security audit reports. They must also maintain logs and documentation for at least two years to assist in detecting anomalies.

Additionally, remote maintenance or repairs from outside India require government approval, and upgrades to hardware or software must be reviewed within 14 days. Immediate upgrades are allowed during cybersecurity incidents, with notification to the government within 24 hours. A digital portal will be established to manage these rules, but concerns about the lack of transparency in communications have been raised. Finally, all CTI hardware, software, and spares must meet Indian Telecommunication Security Assurance Requirements.

T-Mobile prevents cyberattack, safeguarding customer data

T-Mobile has reported recent attempts by cyber attackers to infiltrate its systems. The US telecom giant confirmed that its security measures successfully prevented access to sensitive customer data, including calls, voicemails, and texts. The intrusion originated from a compromised network connected to T-Mobile’s systems, prompting the company to sever the connection.

The attackers’ traits resembled those of Salt Typhoon, a Chinese-linked cyber espionage group, though T-Mobile has not confirmed their identity. The firm’s Chief Security Officer, Jeff Simon, stated that customer information remained secure, with no disruption to services. Findings were reported to the US government for further investigation.

Simon attended a White House meeting last week to discuss escalating cyber threats. The FBI and the Cybersecurity & Infrastructure Security Agency recently disclosed an ongoing investigation into a Chinese-linked espionage campaign targeting several US telecom providers.

The broader operation reportedly infiltrated multiple companies, stealing sensitive call data and accessing private communications. Such breaches compromised the devices of individuals in government and politics, including campaign staff during the 2020 US presidential election, raising concerns about national security.

France eyes strategic tech control in Atos deal

French IT giant Atos has entered discussions with the government for a potential €500 million ($524 million) acquisition of its advanced computing division. Known for its crucial role in securing communications for the French military and manufacturing supercomputer servers, Atos is restructuring to address its mounting debt. The government has prioritised retaining control over the company’s strategic technology assets to safeguard national interests.

The proposed deal includes an initial payment of €150 million upon signing, expected before the exclusivity period ends on May 31. The offer could rise to €625 million with performance-based earn-outs. French Finance Minister Antoine Armand emphasised the state’s duty to ensure the survival and development of industries critical to national sovereignty. Atos’ advanced computing and cybersecurity unit, employing 4,000 people and generating €900 million annually, is seen as a vital asset.

As part of its restructuring, Atos announced plans to sell its cybersecurity unit’s Critical Systems and Cyber Products. With this deal factored in, the company forecasts its financial leverage for 2027 to be between 1.8 and 2.1 times core earnings. Meanwhile, France‘s parliament is considering an amendment that could pave the way for Atos’ nationalisation, underscoring the government’s commitment to protecting key technologies.

GCTU partners with Microsoft for digital skills programme in Ghana

Ghana Communication Technology University and Microsoft Skills have partnered to introduce the Microsoft Skills for Jobs Microdegree Programme in Ghana, aimed at enhancing digital skills in high-demand fields such as cybersecurity, AI, and coding. That collaboration, funded by the European Union, will provide training, certification, and job placement opportunities, helping students and professionals gain the essential skills needed in today’s digital economy.

To make the programme more accessible, local banks will offer micro-loans, allowing participants to pay fees in manageable instalments. The initiative is expected to certify 286,000 students globally by 2026, with 60,000 certifications coming from Ghana, creating significant opportunities for local students in the global job market.

Ghana Communication Technology University and Microsoft Skills have also partnered to foster international collaboration through student exchange programs. The partnership will also connect Ghanaian graduates to job opportunities with 32,000 IT companies across Europe, further expanding their career prospects and establishing GCTU as a leader in IT education in Ghana.