cybersecurity

Thailand strengthens cybersecurity with Google Cloud

Thailand’s National Cyber Security Agency (NCSA) has joined forces with Google Cloud to strengthen the country’s cyber resilience, using AI-based tools and shared threat intelligence instead of relying solely on traditional defences.

The collaboration aims to better protect public agencies and citizens against increasingly sophisticated cyber threats.

A key part of the initiative involves deploying Google Cloud Cybershield for centralised monitoring of security events across government bodies. Instead of having fragmented monitoring systems, this unified approach will help streamline incident detection and response.

The partnership also brings advanced training for cybersecurity personnel in the public sector, alongside regular threat intelligence sharing.

Google Cloud Web Risk will be integrated into government operations to automatically block websites hosting malware and phishing content, instead of relying on manual checks.

Google further noted the impact of its anti-scam technology in Google Play Protect, which has prevented over 6.6 million high-risk app installation attempts in Thailand since its 2024 launch—enhancing mobile safety for millions of users.

For more information on these topics, visit diplomacy.edu.

European Commission targets end-to-end encryption and proposes expanding Europol’s powers into an EU-level FBI equivalent

The European Commission announced ProtectEU, a new internal security strategy that sets out the broad priorities it intends to pursue in the coming years in response to evolving security challenges. While the document outlines strategic objectives, it does not include specific legislative proposals.

The Commission highlighted the need to revisit the European Union’s approach to internal security, citing what it described as ‘a changed security environment and an evolving geopolitical landscape.’ Among the identified challenges are hybrid threats from state and non-state actors, organised crime, and increasing levels of online criminal activity.

One of the key elements of the strategy is the proposed strengthening of Europol’s operational role. The Commission suggests developing Europol into a truly operational police agency to reinforce support to member states, with the capacity to assist in cross-border, large-scale, and complex investigations that present serious risks to the Union’s internal security.

That would bring Europol closer in function to agencies such as the US Federal Bureau of Investigation. The strategy also notes the Commission’s intention to develop roadmaps on ‘lawful and effective access to data for law enforcement’ and encryption.

The strategy aims to ‘identify and assess technological solutions that would enable law enforcement authorities to access encrypted data lawfully, safeguarding cybersecurity and fundamental rights.’ These issues continue to be the subject of technical and legal discussion across jurisdictions.

Other aspects of the strategy address long-standing challenges within the EU’s security framework, including limited situational awareness and coordination at the executive level. The strategy proposes enhancing intelligence-sharing through the EU’s Single Intelligence Analysis Capacity, a mechanism for the voluntary sharing of intelligence by member states, which is currently supported by open-source analysis.

The report further emphasised that the effectiveness of any reforms in this area would depend on the commitment of member states, citing ongoing challenges related to differing national priorities and levels of political alignment. In addition, the Commission announced its intention to propose a new Cybersecurity Act and new measures to secure cloud and telecom services and develop technological sovereignty.

For more information on these topics, visit diplomacy.edu.

Singapore issues new guidelines to strengthen resilience and security of cloud services and data centres

The Infocomm Media Development Authority (IMDA) has issued new Advisory Guidelines (AGs) intended to support the resilience and security of Cloud Services and Data Centres (DCs) in Singapore. The guidelines set out best practices for Cloud Service Providers (CSPs) and DC operators, aiming to reduce service disruptions and limit their potential impact on economic and social functions.

A wide range of digital services—including online banking, ride-hailing, e-commerce, and digital identity systems—depend on the continued availability of cloud infrastructure and data centre operations. Service interruptions may affect the delivery of these services.

The AGs encourage service providers to adopt measures that improve their ability to recover from outages and maintain operational continuity. The AGs recommend various practices to address risks associated with technical misconfigurations, physical incidents, and cybersecurity threats.

Key proposals include conducting risk and business impact assessments, establishing business continuity arrangements, and strengthening cybersecurity capabilities. For Cloud Services, the guidelines outline seven measures to reinforce security and resilience.

These cover security testing, access controls, data governance, and disaster recovery planning. Concerning Data Centres, the AGs provide a framework for business continuity management to minimise operational disruptions and maintain high service availability.

That involves the implementation of relevant policies, operational controls, and ongoing review processes. The development of the AGs forms part of wider national efforts led by the inter-agency task force on the Resilience and Security of Digital Infrastructure and Services.

These guidelines are intended to complement regulatory initiatives, including planned amendments to the Cybersecurity Act and the Digital Infrastructure Act (DIA) introduction, which will establish requirements for critical digital infrastructure providers such as major CSPs and DC operators. To inform the guidelines, the IMDA conducted consultations with a broad range of stakeholders, including CSPs, DC operators, and end user enterprises across sectors such as banking, healthcare, and digital platforms.

The AGs will be updated periodically to reflect technological developments, incident learnings, and further industry input. A coordinated approach is encouraged across the digital services ecosystem. Businesses that provide digital services are advised to assess operational risks and establish appropriate business continuity plans to support service reliability.

The AGs also refer to international standards, including IMDA’s Multi-Tier Cloud Security Standard, the Cloud Security Alliance Cloud Controls Matrix, ISO 27001, and ISO 22301. Providers are encouraged to designate responsible personnel to oversee resilience and security efforts.

These guidelines form part of Singapore’s broader strategy to strengthen its digital infrastructure. The government will continue to engage with sectoral regulators and stakeholders to promote resilience, cybersecurity awareness, and preparedness across industries and society.

As digital systems evolve, sustained attention to infrastructure resilience and security remains essential. The AGs are intended to support organisations in maintaining reliable services while aligning with recognised standards and best practices.

For more information on these topics, visit diplomacy.edu.

Australia’s largest pension funds face coordinated cyber attacks

Several of Australia’s largest pension funds have recently been under suspected cyberattacks, exposing sensitive personal data and leading to confirmed financial losses in some cases.

AustralianSuper, the country’s biggest fund, confirmed that hackers used stolen passwords to access around 600 accounts, resulting in a reported A$500,000 loss from four members.

Rest Super, which manages A$93 billion for two million members, reported unauthorised access affecting about 8,000 accounts.

The fund quickly shut down its member portal and launched an investigation, stating that while personal information was accessed, no money was taken during the incident.

Other major superannuation providers, including Hostplus, Australian Retirement Trust (ART), and Insignia Financial, also reported suspicious activity.

ART detected login attempts across hundreds of accounts but confirmed no theft, while Insignia acknowledged attempted breaches with no reported losses.

Authorities believe the attacks were primarily conducted using ‘credential stuffing,’ a method where attackers use passwords leaked in unrelated breaches to access other platforms.

Here, the continued risks of weak password reuse are highlighted, as well as the importance of additional protections like two-factor authentication.

In response to the breaches, the National Cyber Security Coordinator of Australia, Michelle McGuinness, has initiated a government-wide review in cooperation with regulators and industry representatives.

Prime Minister Anthony Albanese addressed the attacks, reaffirming his administration’s commitment to strengthening cybersecurity defences.

Superannuation funds are contacting affected members and urging all users to update their credentials and take additional precautions.

For more information on these topics, visit diplomacy.edu.

UK’s Royal Mail investigates major data breach

Royal Mail is investigating a significant cybersecurity incident after a hacker known as ‘GHNA’ claimed to have leaked 144GB of sensitive customer data. The files were allegedly obtained through Spectos, a third-party analytics provider, and posted on the BreachForums platform. While the leaked information includes names, addresses, parcel data, and internal recordings, Royal Mail stated that its delivery services remain unaffected.

Spectos confirmed a breach on 29 March, explaining that the attack stemmed from a 2021 malware infection that compromised an employee’s credentials. Cybersecurity firm Hudson Rock linked the same login data to another recent attack involving Samsung. The exposed dataset includes thousands of files containing mailing lists from Mailchimp, Zoom meetings, logistics details, and a WordPress database, raising concerns about the security of Royal Mail’s extended network.

The breach is the latest in a series of cyber incidents targeting the UK’s Royal Mail, following a 2023 ransomware attack that halted international shipping and a 2022 outage in its tracking systems. While the full extent of the latest leak remains under investigation, experts warn that prolonged access to internal systems may have occurred before the data was released. No public notification procedures have yet been confirmed.

For more information on these topics, visit diplomacy.edu.

UK government announces new cyber bill to strengthen national defences and protect critical infrastructure

The UK government has unveiled plans for a new Cyber Security and Resilience Bill aimed at enhancing the country’s ability to defend against the growing risk of cyber threats. Scheduled to be introduced later this year, the Bill forms a key part of the government’s broader strategy to protect critical national infrastructure (CNI), support economic growth, and ensure the resilience of the UK’s digital landscape.

The forthcoming legislation will focus on bolstering the cyber resilience of essential services—such as healthcare, energy, and IT providers—that underpin the economy and daily life. Around 1,000 vital service providers will be required to meet strengthened cyber security standards under the new rules. These measures are designed to safeguard supply chains and key national functions from increasingly sophisticated cyber attacks affecting both public and private sectors.

In addition, the government is considering extending cyber security regulations to over 200 data centres across the country. These centres are integral to the functioning of modern finance, e-commerce, and digital communication. By improving their security, the government hopes to safeguard services that rely heavily on data, such as online banking, shopping platforms, and social media.

If adopted, the government’s proposals include:

  • Expanding the scope of the NIS Regulations. The scope of the Network and Information Systems (NIS) Regulations would be broadened to include a wider range of organisations and suppliers. This expansion would bring data centres, Managed Service Providers (MSPs), and other critical suppliers under the regulatory framework, ensuring that more entities are held to high standards of cyber security and resilience.
  • Enhanced regulatory powers. Regulators would be equipped with additional tools to strengthen cyber resilience within the sectors they oversee. This includes new obligations for organisations to report a broader range of significant cyber incidents, enabling faster and more informed responses to emerging threats.
  • Greater Flexibility to Adapt. The government would gain increased flexibility to update the framework in line with the evolving threat landscape. This means regulations could be swiftly extended to cover new and emerging sectors, ensuring the UK remains agile in the face of dynamic cyber risks.
  • New Executive Powers for National Security. In circumstances where national security is at stake, the government would be granted new executive powers to act decisively in response to serious cyber threats.

For more information on these topics, visit diplomacy.edu.

Japan passes landmark cyber defence bill

Japan has passed the Active Cyber Defence Bill, which permits the country’s military and law enforcement agencies to undertake pre-emptive measures in response to cyber threats.

The legislation adopts a two-pronged approach, focusing on both passive and active cyber defence. It includes the establishment of a cybersecurity council and an oversight committee to enhance threat analysis and information-gathering capabilities. The bill also introduces new requirements for critical infrastructure providers to report cybersecurity incidents promptly. Additionally, it enables the government to collect technical information—such as IP addresses and timestamps—from telecommunications providers in cases where a potential cyberattack is identified, to monitor communications between Japan and external actors.

The legislation also grants the military powers to carry out active measures against cyber threats. This includes the deployment of ‘cyber harm-prevention officers’, tasked with actions such as disrupting servers involved in cyberattacks and responding to critical incidents.

While the bill is positioned as part of Japan’s broader efforts to strengthen its cyber resilience, some commentary has raised questions about the balance between security and oversight.

For more information on these topics, visit diplomacy.edu.

Dutch police struggle with cyberattacks and underfunding

A leaked report has revealed serious financial and digital failings within the Dutch police, including unchecked spending on IT and cybersecurity.

Auditors from Ernst & Young found that the force must cut €160 million, raising concerns over national security and officer safety.

The Dutch Police Union warns that chronic understaffing, daily cyberattacks and a lack of digital resilience have pushed the system to breaking point.

A September data breach affected nearly all officers, and experts say over €300 million is needed to restore proper infrastructure.

Police Chief Janny Knol acknowledged the force underestimated the costs of digital transformation.

Merged systems from 24 regional departments have caused spiralling maintenance issues, while key tech projects run over budget and behind schedule. Urgent reforms are now planned.

For more information on these topics, visit diplomacy.edu.

AI powers Microsoft’s latest security upgrade

Microsoft has launched a new set of AI agents as part of its Security Copilot platform, aiming to automate key cybersecurity tasks like phishing detection, data protection, and identity management. The release includes six in-house agents and five developed with partners.

Among the tools is a phishing triage agent that can autonomously process routine alerts, freeing analysts to focus on advanced incidents.

Microsoft said its new AI-driven approach goes beyond traditional security platforms, using generative AI to prioritise threats, correlate data, and even recommend or execute responses.

The rollout also brings new capabilities to Microsoft Defender, Entra, and Purview, enhancing organisations’ ability to manage and secure AI systems.

While analysts welcome the move as a step forward in proactive cybersecurity, some warn that full reliance on one platform carries strategic risks like vendor lock-in and reduced flexibility.

Experts suggest a balanced approach that combines Microsoft’s core capabilities with specialised solutions for areas such as threat intelligence and cloud protection, helping organisations stay agile in a fast-evolving threat landscape.

For more information on these topics, visit diplomacy.edu.

US launches national security unit to combat cyberattacks on telecom sector

The Federal Communications Commission (FCC) has launched a national security unit in response to recent cyber incidents affecting US telecommunications firms.

These incidents, attributed to a group known as Salt Typhoon, involved unauthorised access to sensitive data and communications.

The newly formed unit will be led by Adam Chan, FCC’s national security counsel, and will include representatives from eight different bureaus and offices within the agency. The council’s objectives are to:

  • Reduce reliance on foreign entities in the US telecom and technology supply chains.
  • Address vulnerabilities related to cyber threats, espionage, and surveillance.
  • Support U.S. leadership in critical technologies, including 5G, satellites, quantum computing, IoT, and robotics.

Cybersecurity experts have emphasised the importance of securing digital infrastructure against advanced threats. The telecommunications sector, despite its established cybersecurity measures, continues to face persistent and evolving risks.

Recent reports indicate that Salt Typhoon has continued targeting US telecom networks, with activity observed as recently as February.

The FCC has taken several steps in recent months to enhance industry security, and the formation of this council represents a further effort to strengthen resilience.

For more information on these topics, visit diplomacy.edu.