cybersecurity

Infosys resolves cybersecurity lawsuits in the US

Indian IT services giant Infosys has settled lawsuits filed against its US subsidiary, Infosys McCamish Systems, for $17.5 million. The lawsuits stem from a cyber incident that occurred in November 2023, which resulted in the compromise of personal data. The company has agreed to pay the settlement into a fund that will resolve all claims related to the breach.

The breach, which involved unauthorised access and data exfiltration, affected up to 6.5 million individuals. Following the incident, Infosys McCamish in the US, in coordination with a third-party vendor, took steps to address the issue and limit the damage caused by the cyberattack.

This settlement marks a significant step for Infosys in resolving the ongoing legal issues stemming from the 2023 incident. The Indian company has worked to resolve the situation while continuing to bolster its cybersecurity measures to prevent future breaches.

For more information on these topics, visit diplomacy.edu.

OpenSSF launches security baseline to strengthen open source software protection

The Open Source Security Foundation (OpenSSF) has introduced the Open Source Project Security Baseline (OSPS Baseline), a structured framework of security requirements designed to align with international cybersecurity regulations and best practices.

The OSPS Baseline provides a tiered approach that evolves with project maturity, integrating guidance from OpenSSF and industry experts to help open-source projects enhance their security posture. Following the Baseline enables developers to align with global cybersecurity regulations, including the EU Cyber Resilience Act (CRA) and the US National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF).

Several projects, including GUAC, OpenVEX, bomctl, and Open Telemetry, participated in the pilot rollout. OpenSSF encourages developers and maintainers to adopt the framework and contribute to its ongoing refinement.

For more information on these topics, visit diplomacy.edu.

Trump administration ends support for cybersecurity projects

The Trump administration has cut funding for two key cybersecurity initiatives, including one supporting election security, sparking concerns over potential vulnerabilities in future US elections.

The Cybersecurity and Infrastructure Security Agency (CISA) announced it would end around $10 million in annual funding to the non-profit Center for Internet Security, which manages election-related cybersecurity programmes.

However, this move comes as part of a broader review of CISA’s election-related work, during which over a dozen staff members were placed on administrative leave.

The decision follows another controversial step by the administration to dismantle an FBI task force that investigated foreign influence in US elections.

Critics warn that reducing government involvement in election security weakens safeguards against interference, with Larry Norden from the Brennan Center for Justice calling the cuts a serious risk for state and local election officials.

The National Association of Secretaries of State is now seeking clarification on CISA’s decision and its wider implications.

CISA has faced Republican criticism in recent years for its role in countering misinformation related to the 2020 election and the coronavirus pandemic. However, previous leadership maintained that the agency’s work was limited to assisting states in identifying and addressing misinformation.

While CISA argues the funding cuts will streamline its focus on critical security areas, concerns remain over the potential impact on election integrity and cybersecurity protections across local and state governments.

For more information on these topics, visit diplomacy.edu.

Switzerland mandates cyberattack reporting for critical infrastructure from 1 April 2025

As of 1 April 2025, operators of critical infrastructure in Switzerland will be required to report cyberattacks to the National Cyber Security Centre (NCSC) within 24 hours of discovery. This measure, introduced by the Federal Council, is part of an amendment to the Information Security Act (ISA) and aims to enhance cybersecurity coordination and response capabilities.

The reporting obligation applies to key sectors, including energy and water suppliers, transport companies, and public administrations at the cantonal and communal levels. Reports must be submitted when an attack disrupts critical infrastructure, compromises or manipulates information, or involves blackmail, threats, or coercion. Failure to comply may result in financial penalties, which will be enforceable from 1 October, allowing a six-month adjustment period before sanctions take effect.

To facilitate compliance, the NCSC will provide a reporting form on its Cyber Security Hub, with an alternative email submission option for organisations not yet registered on the platform. Initial reports must be submitted within 24 hours, followed by a detailed report within 14 days.

The Federal Council has also approved the Cybersecurity Ordinance, which outlines implementation provisions, reporting exemptions, and mechanisms for information exchange between the NCSC and other authorities. Consultations on the ordinance reflected broad support for streamlined reporting processes, ensuring alignment with existing obligations, such as those under data protection laws.

Additionally, from 1 April, the National Cyber Security Centre will officially change its name as part of its transition into a federal office within the Department of Defence, Civil Protection and Sport (DDPS).

This regulatory update aligns Switzerland with international cybersecurity practices, including the EU’s NIS Directive, which has required cyber incident reporting since 2018.

For more information on these topics, visit diplomacy.edu

NHS looks into Medefer data flaw after security concerns

NHS is investigating allegations that a software flaw at private medical services company Medefer left patient data vulnerable to hacking.

The flaw, discovered in November, affected Medefer’s internal patient record system in the UK, which handles 1,500 NHS referrals monthly.

A software engineer who found the issue believes the vulnerability may have existed for six years, but Medefer denies this claim, stating no data has been compromised.

The engineer discovered that unprotected application programming interfaces (APIs) could have allowed outsiders to access sensitive patient information.

While Medefer has insisted that there is no evidence of any breach, they have commissioned an external security agency to review their systems. The agency confirmed that no breach was found, and the company asserts that the flaw was fixed within 48 hours of being discovered.

Cybersecurity experts have raised concerns about the potential risks posed by the flaw, emphasising that a proper investigation should have been conducted immediately.

Medefer reported the issue to the Information Commissioner’s Office (ICO) and the Care Quality Commission (CQC), both of which found no further action necessary. However, experts suggest that a more thorough response could have been beneficial given the sensitive nature of the data involved.

For more information on these topics, visit diplomacy.edu.

Japan to prioritise domestic cybersecurity solutions

Japan has announced plans to prioritise the use of domestic software for cybersecurity purposes, as part of an initiative to reduce the country’s reliance on foreign products in this critical sector.

The government intends to offer subsidies and support technology standards that will encourage the growth of the local cybersecurity industry. However, this move is also a part of the government’s broader efforts to enhance cyber defence and strengthen national security.

As of 2021, Japanese domestic companies were responsible for around 40% of the nation’s cybersecurity countermeasure products. For newer products, this share has significantly decreased, with domestic offerings accounting for less than 10% of the latest cybersecurity technologies.

The move reflects Japan’s increasing focus on cybersecurity as a national priority, particularly in the face of rising global cyber threats. By fostering a stronger domestic cybersecurity ecosystem, Japan aims to enhance its resilience against cyberattacks.

Experts, however, warned that that restricting foreign products could limit access to cutting-edge technologies, making the domestic industry potentially less competitive in terms of features, capabilities, or performance. This could hinder the effectiveness of cybersecurity defenses.

To support this transition, the government plans to offer financial incentives and collaborate with local technology providers to establish standardized solutions that meet both national and international security requirements.

These efforts are part of a broader strategy to ensure that Japan’s critical infrastructure and businesses are better protected in the digital age.

For more information on these topics, visit diplomacy.edu.

CISA reaffirms its commitment to monitor Russian cyber threats

The Cybersecurity and Infrastructure Security Agency (CISA) has refused recent reports suggesting a shift in its approach to addressing cyber threats from Russia.

The Guardian published an article citing anonymous sources who claimed CISA analysts had been instructed not to report on Russian cyber threats, and that a Russia-related project was halted.

In response, CISA issued a statement, affirming its continued commitment to defending US critical infrastructure against all cyber threats, including those from Russia, and asserting that any claims of a change in strategy were inaccurate.

However, this story coincided with the news about a temporary order from Defense Secretary Pete Hegseth for US Cyber Command to halt all planning related to Russia, though the order did not apply to the National Security Agency.

Further reports from the Washington Post and New York Times indicated that this directive may be related to diplomatic efforts by President Donald Trump to engage Russia in negotiations about the war in Ukraine.

Russia, however, was absent in a recent speech by a senior State Department official on critical infrastructure cyber threats within the UN Open-Ended Working Group (OEWG).

For more information on these topics, visit diplomacy.edu.

US national security threatened by large-scale federal workforce reductions

A former top National Security Agency official has warned that widespread federal job cuts could severely undermine US cybersecurity and national security.

Rob Joyce, former NSA director of cybersecurity, told a congressional committee that eliminating probationary employees would weaken the government’s ability to combat cyber threats, particularly those from China.

The remarks were made during a House Select Committee hearing on China‘s cyber operations targeting critical United States infrastructure and telecommunications.

More than 100,000 federal workers have left their jobs through early retirement or layoffs as part of President Donald Trump’s efforts to shrink government agencies, with support from billionaire advisor Elon Musk.

While national security roles were supposed to be exempt, some cybersecurity positions have still been affected.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has already cut over 130 positions, raising concerns about the government’s ability to protect critical systems.

The White House and NSA declined to comment on the impact of the job reductions.

A DHS spokesperson confirmed that the cuts are expected to save $50 million and that further reductions in ‘wasteful positions’ are being considered.

However, critics argue that the loss of skilled personnel in cybersecurity roles could leave the country more vulnerable to foreign threats.

For more information on these topics, visit diplomacy.edu.

Digital Watch newsletter – Issue 97 – March 2025

Hourglass

Snapshot: The developments that made waves

AI governance

Chinese companies are increasingly backing DeepSeek‘s AI, marking a pivotal moment for the industry.

The European Commission has launched the OpenEuroLLM Project, a new initiative to develop open-source, multilingual AI models.

Australia has banned Chinese AI startup DeepSeek from all government devices, citing security risks.

World leaders gathered in Paris for the second day of the Artificial Intelligence (AI) Action Summit, where the focus turned to balancing national interests with global cooperation.

In his op-ed, From Hammurabi to ChatGPT, Jovan Kurbalija draws on the ancient Code of Hammurabi to argue for a principle of legal accountability in modern AI regulation and governance.

Technologies

DeepSeek, an up-and-coming AI startup from China, is rapidly pushing forward the release of its latest AI model, R2, following the remarkable success of its predecessor, R1.

Elon Musk’s AI startup, xAI, has unveiled its latest AI model, Grok-3, which the billionaire claims is the most advanced chatbot technology.

The New York Times has officially approved the use of AI tools for its editorial and product teams, allowing AI to assist with tasks such as generating social media copy, writing SEO headlines, and coding.

Microsoft has announced a groundbreaking quantum computing chip, Majorana 1, which it claims could make useful quantum computers a reality within years.

China has warned that the United States‘ efforts to pressure other nations into targeting its semiconductor industry will ultimately backfire.

Infrastructure

A state-of-the-art space lab on the outskirts of Cairo, touted as Africa’s first satellite production facility, has been built with substantial Chinese involvement. 

Elon Musk’s Starlink network is facing increasing competition in the satellite internet market, particularly from SpaceSail, a Shanghai-based company backed by the Chinese government, and Amazon’s Project Kuiper.

Cybersecurity

The EU Commission introduced a proposal aimed at strengthening the EU’s response to large-scale cyber attacks.

Hackers have stolen $1.5 billion from Dubai-based cryptocurrency exchange Bybit in what is believed to be the largest digital heist in history.

Following the recent security breach at Bybit, major cryptocurrency firms have joined forces to combat the attack and mitigate its impact.

Digital rights

Elon Musk has reignited his rivalry with OpenAI by leading a consortium in a staggering $97.4 billion bid to acquire the nonprofit that governs the ChatGPT creator.

South Korea’s National Intelligence Service (NIS) has raised concerns about the Chinese AI app DeepSeek, accusing it of excessively collecting personal data and using it for training purposes.

TikTok has introduced a new method for US Android users to download the app directly from its website, bypassing restrictions imposed by app stores.

South Korea’s data protection authority has suspended new downloads of the Chinese AI app DeepSeek, citing concerns over non-compliance with the country’s privacy laws.

A US federal judge has denied a request to temporarily block Elon Musk’s Department of Government Efficiency (DOGE) from accessing data from seven federal agencies or making further workforce cuts.

Legal

An online education company has filed a lawsuit against Google, claiming its AI-generated search overviews are damaging digital publishing.

The Trump administration is reevaluating the conditions of CHIPS and Science Act subsidies, which allocate $39 billion to boost domestic semiconductor production.

Elon Musk-owned social media platform X has successfully removed a judge from a German court case concerning demands for real-time election data.

Trump Media & Technology Group and Rumble have filed an emergency motion in a US court against Brazilian Supreme Court Justice Alexandre de Moraes.

Internet economy

Chinese investors are flocking to AI-related stocks, betting that the success of home-grown startup DeepSeek will propel China to the forefront of the AI race amid the escalating Sino-US technology conflict. 

In a meeting at the White House on Friday, US President Donald Trump and Nvidia CEO Jensen Huang discussed the emerging challenges posed by China’s AI advancements, particularly the rapid rise of DeepSeek that has disrupted the global tech industry.

Macron announced private sector investments totalling around 109 billion euros ($112.5 billion) in its AI sector at the Paris AI summit, according to President Emmanuel Macron.

Elon Musk, who is leading Donald Trump’s federal cost-cutting initiative, has announced that efforts are underway to shut down the United States Agency for International Development (USAID).

President Donald Trump confirmed on Wednesday that he was in active discussions with China over the future of TikTok, as the US seeks to broker a sale of the popular app.

Elon Musk’s social media company X is currently discussing raising funds from investors at a $44 billion valuation.

Development

Alibaba has announced plans to invest at least 380 billion yuan ($52.44 billion) in cloud computing and AI infrastructure over the next three years.

US drugmaker Amgen has announced a $200 million investment in a new technology centre in southern India, which will focus on using AI and data science to support the development of new medicines.

Sociocultural

A German court has ruled that Elon Musk’s social media platform X must provide researchers with data to track the spread of misinformation ahead of the country’s national election on 23 February.

French prosecutors have launched an investigation into X, formerly known as Twitter, over alleged algorithmic bias.

Meta has launched a new initiative with UNESCO to enhance AI language recognition and translation, focusing on underserved languages.

A recent report by Australia’s eSafety regulator reveals that children in the country are finding it easy to bypass age restrictions on social media platforms.

A Russian court has fined Google 3.8 million roubles (£32,600) for hosting YouTube videos that allegedly instructed Russian soldiers on how to surrender.

Mexico has strongly opposed Google’s decision to rename the Gulf of Mexico as the ‘Gulf of America’ for US Google Maps users.

For more information on cybersecurity, digital policies, AI governance and other related topics, visit diplomacy.edu.

Data Protection Day 2025: A new mandate for data protection

Data Protection Day 2025 brought experts to Brussels and online to discuss the latest privacy challenges. The event featured key speeches, panels, and discussions on data protection enforcement, international cooperation, and the impact of emerging technologies.

In his keynote, Leonardo Cervera Navas warned about algorithms being used to destabilise the EU democracies and the power imbalance caused by tech monopolies. Despite these challenges, he emphasised that European values and regulatory tools like the Digital Clearing House 2.0 could help uphold privacy.

AD 4nXdmpGPG AL98foAOOO5roALPZOPmpQMnQS9nGmVYA8TE1X3h V4FREpOLCvfOzlOhX84Av5lyytjnr1 03pJCSMPxJm8gepCjIT55 ZzeUMmfKcriOJt

A panel moderated by Kait Bolongaro examined data protection priorities and enforcement challenges. European Data Protection Supervisor Wojciech Wiewiorowski stressed the role of strong data protection authorities (DPAs) in ensuring GDPR compliance. Matthias Kloth highlighted the modernisation of Convention 108+ as a key legal advancement. The discussion also covered international cooperation, with panellists agreeing that while global collaboration is necessary, privacy standards must not be diluted.

Audience questions raised concerns about the complexity and cost of enforcing privacy rights. Wiewiorowski saw no major GDPR overhaul in the near future but suggested procedural adjustments. Jo Pierson proposed that civil society organisations assist individuals facing legal barriers. The discussion also touched on China’s DeepSeek AI, with panellists refraining from labelling it a threat but stressing the need for Europe to control AI training datasets. Wiewiorowski likened the AI race to the Cold War’s ‘Sputnik moment,’ questioning if Europe was falling behind.

A session on future data protection challenges, led by Anna Buchta, highlighted regulatory complexity. Marina Kaljurand noted a significant digital knowledge gap among European lawmakers, complicating policy decisions. She also raised concerns about the UK’s adequacy decision, which expires in June 2025, and worsening US-EU relations under Trump. UK Information Commissioner John Edwards emphasised AI’s disruptive impact on biometrics and tracking, while Alberto Di Felice from DIGITALEUROPE criticised excessive bureaucracy, advocating for streamlined regulatory oversight.

Beatriz de Anchorena, head of Argentina’s data protection authority, championed Convention 108+ as a global privacy standard. Argentina, the first non-European country to receive EU adequacy, has remained a leader in data protection reform.

A discussion on neuroscience and privacy, moderated by Ella Mein, explored ethical concerns surrounding brain data. Professor Marcello Ienca warned of potential ‘neuro-discrimination’ and the dangers of exploiting brain data. ECtHR Jurisconsult Anna Austin highlighted legal challenges, noting the high standards required for data waivers.

AD 4nXcD9vY3hv9j7oCdb0G0J3djLV7N9V owSFFxepiiG13uQenhtaLJAW0BQ0qTBaXJAbPEDoIusJTELxEi7NSYVqmAc87RTfHHhUgFc uamsGLzwD2VtcqroGc6UcrU5

The final panel, led by Gabriela Zanfir-Fortuna, addressed the need for stronger enforcement. Johnny Ryan of the Irish Council for Civil Liberties criticised the EU’s slow response to data misuse, while Nora Ni Loideain emphasised the GDPR’s role in giving DPAs greater enforcement power.

The event underscored the need for robust regulation, global cooperation, and better enforcement mechanisms to protect privacy in a rapidly evolving digital landscape.

Legacy media vs social media and alternative media channels

The rapid spread of digital information has transformed communication, offering opportunities and challenges. While social media and alternative platforms have democratised access to information, they have also enabled misinformation, deepfakes, and sensationalism to flourish. The tension between traditional media and these new forms of communication is at the heart of current debates on content policy and media integrity.

The case of Novak Djokovic at the 2025 Australian Open highlights this shift. After a Channel 9 journalist made derogatory remarks about him and his Serbian supporters, Djokovic refused an on-court interview and took to social media to share his perspective. His video went viral, attracting support from figures like Elon Musk, who criticised traditional media as a ‘negativity filter,’ This incident underscored the ability of social media to bypass mainstream media narratives, raising questions about journalistic objectivity, editorial oversight, and the role of direct communication in shaping public discourse.

AD 4nXehrAKIU3EadoVpFZcHaGsCRqgp5YUIbGGiFSd2bEOuE8Nbm7BqgDyG a35 XmdduVCs8BwGEoTbjQuJJmdZqfnwkza2wQmvAXSmigRGS8d7FtowkdzvZ2qMeGYb

Similarly, alternative media’s influence on political discourse was evident in Joe Rogan’s podcast, The Joe Rogan Experience. In 2024, Donald Trump’s appearance on the podcast allowed him to engage with audiences outside traditional news constraints, potentially boosting his presidential campaign. In contrast, Kamala Harris declined an invitation after requesting pre-approved questions. This difference illustrated how politicians navigate new media environments—some embracing unscripted discussions, others preferring controlled narratives. The case of Vladimir Klitschko further demonstrated how alternative media offers international figures a platform for nuanced discussions on global issues.

AD 4nXdYmGquEOcZTUg6pPP0En GQUhtXGWvKtuSBlfeE8 dsTMTOQo8yjLWFlvCN0G9I SPwW8mnfzyTj5czy 0QI72W7z XeDyXDwZfAx35khVizd0HUFL98NDtUPTxbSZdi2Q

Elon Musk’s experience with the media further highlights these dynamics. After traditional media misrepresented a gesture he made at a public event, Musk turned to X (formerly Twitter) to counter the narrative. His criticism of ‘legacy media’ as biassed and slow to adapt resonated with many, reinforcing the growing preference for direct, unfiltered communication. However, this shift presents risks, as social media and alternative platforms lack the editorial oversight that traditional outlets provide, allowing misinformation to spread more easily.

The rise of podcasts, independent media, and social networks has disrupted traditional journalism, offering new ways to engage audiences. While these platforms provide greater freedom of expression, they raise concerns about accuracy, misinformation, and accountability. The challenge remains in balancing openness with factual integrity, ensuring that media—whether traditional or alternative—serves the public responsibly in an era where the boundaries between truth and fabrication continue to blur.

US reassessment of Russian cyber threat signals strategic shift in cyber geopolitics

The Guardian reports on the shift in the USA digital diplomacy with a major impact on global cyber geopolitics. After rumours of dropping Russia as a cyber threat, the first public signal on this shift was the USA’s statement at the UN working group meeting on cybersecurity when Liesyl Franz, a US representative, did not indicate Russia as a cyber threat alongside China and Iran. It is a significant shift in the USA digital diplomacy and cyber geopolitics.

The US representative also omitted usual USA references to allies and partners in cyber politics. The Guardian reports on various concerns of this shift, including a view of James Lewis, USA cybersecurity veteran: ‘It’s incomprehensible to give a speech about threats in cyberspace and not mention Russia, and it’s delusional to think this will turn Russia and the FSB [the Russian security agency] into our friends.’

This repositioning aligns with ongoing efforts to improve US-Russia relations, contrasting starkly with European allies’ views on the threat posed by Russia. It remains to be seen if this shift relates only to cybersecurity or it the US will revisit other aspects related to AI and digital governance.

For more information on these topics, visit diplomacy.edu.