cybersecurity

New cyber rules tighten grip on China’s critical infrastructure

China has introduced one of the world’s strictest cybersecurity reporting laws, requiring major infrastructure providers to report serious cyber incidents within just one hour. The regulation, issued by the Cyberspace Administration of China, applies to all network operators working in the country and its territories.

Incidents must be graded by severity, with ‘key infrastructure’ breaches reported within 60 minutes, and ‘particularly serious’ cases, such as those threatening national security or social stability, within 30 minutes. Operators who delay or conceal information face harsh penalties under the new rules.

The directive defines major cyber incidents as those that cause large-scale paralysis, severe data loss, or the compromise of massive amounts of personal information. Even social organisations and individuals are encouraged to report significant security breaches.

Notably, attacks targeting online media or information sites that remain visible for over six hours or reach more than a million views will also be classified as widespread cyberattacks, reflecting Beijing’s tight grip on online information control.

These requirements go far beyond standards in the United States and the European Union. In the US, companies have 72 hours to report major incidents under the Cyber Incident Reporting for Critical Infrastructure Act, while the EU’s NIS2 Directive allows up to 72 hours for full notification and one month for a final report.

The move underscores China’s dual stance in cyberspace, reinforcing domestic defences while being accused of conducting aggressive cyber operations abroad. Western security agencies recently linked Chinese-backed hackers, such as the group Salt Typhoon, to breaches of US telecoms, the Treasury Department, and other key sectors.

A 2025 CrowdStrike report found China-related hacking activity surged by 150% last year, marking what analysts called an ‘inflexion point’ in Beijing’s global cyber ambitions.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Brazil advances first national cybersecurity law

Brazil is preparing to pass its first national cybersecurity law, aiming to centralise oversight and strengthen protection for citizens and companies. The Cybersecurity Legal Framework would establish a new National Cybersecurity Authority to coordinate defence efforts across government and industry.

The legislation comes after a series of high-profile cyberattacks disrupted hospitals and exposed millions of personal records, highlighting gaps in Brazil’s digital defences. The authority would create nationwide standards, replacing fragmented rules currently managed by individual ministries and agencies.

Under the bill, public procurement will require compliance with official security standards, and suppliers will share responsibility for incidents. Companies meeting the rules could be listed as trusted providers, potentially boosting competitiveness in both public and private sectors.

The framework also includes incentives: financing through the National Public Security Fund and priority for locally developed technologies. While the bill still awaits approval in Congress, its adoption would make Brazil one of Latin America’s first countries with a comprehensive cybersecurity law.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Gamers report widespread disconnections across multiple services

Several major gaming and online platforms have reportedly faced simultaneous disruptions across multiple devices and regions. Platforms like Steam and Riot Games experienced connection issues, blocking access to major titles such as Counter-Strike, Dota 2, Valorant, and League of Legends.

Some users reported issues with PlayStation Network, Epic Games, Hulu, AWS, and other services.

Experts suggest the outages may be linked to a possible DDoS attack from the Aisuru botnet. While official confirmations remain limited, reports indicate unusually high traffic, with one source claiming bandwidth levels near 30 terabits per second.

Similar activity from Aisuru has been noted in incidents dating back to 2024, targeting a range of internet-connected devices.

The botnet is thought to exploit vulnerabilities in routers, cameras, and other connected devices, potentially controlling hundreds of thousands of nodes. Researchers say the attacks are widespread across countries and industries, though their full scale and purpose remain uncertain.

Further investigations are ongoing, and platforms continue to monitor and respond to potential threats. Users are advised to remain aware of service updates and exercise caution when accessing online networks during periods of unusual activity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New bill creates National Cybersecurity Authority in Brazil

Brazil is set to approve its first comprehensive Cybersecurity Legal Framework with Bill No. 4752/2025. The legislation creates a National Cybersecurity Authority and requires compliance for government procurement, with shared responsibility for supply chain security incidents.

The framework aims to unify the country’s fragmented cybersecurity policies. Government agencies will follow ANC standards, while companies delivering services to public entities must meet minimum cybersecurity requirements.

The ANC will also publish lists of compliant suppliers, providing a form of certification that could enhance trust in both public and private partnerships.

Supply chain oversight is a key element of the bill. Public bodies must assess supplier risks, and liability will be shared in the event of breaches.

The law encourages investment in national cybersecurity technologies and offers opportunities for companies to access financing and participate in the National Cybersecurity Program.

Approval would make Brazil one of the first Latin American countries with a robust federal cybersecurity law. The framework aims to strengthen protections, encourage innovation, and boost confidence for citizens, businesses, and international partners.

Companies that prepare now will gain a competitive advantage when the law comes into effect.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Jaguar Land Rover begins gradual restart after major cyber-attack

Jaguar Land Rover (JLR) is beginning to restart production after a severe cyber-attack forced the company to shut down factories across several countries. Operations will restart at Wolverhampton, with other sites like Solihull and Halewood reopening gradually in the coming weeks.

The attack, which occurred at the end of August, halted manufacturing and paralysed the carmaker’s IT systems.

The disruption has caused significant financial strain across JLR’s supply chain, with many small businesses facing weeks without income. The government has offered a £1.5 billion loan guarantee to support suppliers, but industry leaders warn the assistance does not go far enough.

Evtec Group chairman David Roberts called the policy ‘toothless’, saying companies still struggle to cover labour and payroll costs after six weeks of zero revenue.

Experts believe recovery will take time, as restarting industrial production involves complex processes that cannot resume instantly. Former Aston Martin boss Andy Palmer warned that some suppliers may not survive the prolonged halt, risking further disruption.

JLR has confirmed its recovery programme is ‘firmly underway’ and that its global parts logistics centre is returning to normal operations, yet full production may remain weeks away.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU kicks off cybersecurity awareness campaign against phishing threats

European Cybersecurity Month (ECSM) 2025 has kicked off, with this year’s campaign centring on the growing threat of phishing attacks.

The initiative, driven by the EU Agency for Cybersecurity (ENISA) and the European Commission, seeks to raise awareness and provide practical guidance to European citizens and organisations.

Phishing is still the primary vector through which threat actors launch social engineering attacks. However, this year’s ECSM materials expand the scope to include variants like SMS phishing (smishing), QR code phishing (quishing), voice phishing (vishing), and business email compromise (BEC).

ENISA warns that as of early 2025, over 80 percent of observed social engineering activity involves using AI in their campaigns, in which language models enable more convincing and scalable scams.

To support the campaign, a variety of tiers of actors, from individual citizens to large organisations, are encouraged to engage in training, simulations, awareness sessions and public outreach under the banner #ThinkB4UClick.

A cross-institutional kick-off event is also scheduled, bringing together the EU institutions, member states and civil society to align messaging and launch coordinated activities.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

US AI models outperform Chinese rival DeepSeek

The National Institute of Standards and Technology’s Centre for AI Standards and Innovation (CAISI) found AI models from Chinese developer DeepSeek trail US models in performance, cost, security, and adoption.

Evaluations covered three DeepSeek and four leading US models, including OpenAI’s GPT-5 series and Anthropic’s Opus 4, across 19 benchmarks.

US AI models outperformed DeepSeek across nearly all benchmarks, with the most significant gaps in software engineering and cybersecurity tasks. CAISI found DeepSeek models costlier and far more vulnerable to hijacking and jailbreaking, posing risks to developers, consumers, and national security.

DeepSeek models were observed to echo inaccurate Chinese Communist Party narratives four times more often than US reference models. Despite weaknesses, DeepSeek model adoption has surged, with downloads rising nearly 1,000% since January 2025.

CAISI is a key contact for industry collaboration on AI standards and security. The evaluation aligns with the US government’s AI Action Plan, which aims to assess the capabilities and risks of foreign AI while securing American leadership in the field.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Microsoft evolves Sentinel into agentic defence platform

Microsoft is transforming Sentinel from a traditional SIEM into a unified defence platform for the agentic AI era. It now incorporates features such as a data lake, semantic graphs and a Model Context Protocol (MCP) server to enable intelligent agents to reason over security data.

Sentinel’s enhancements allow defenders to combine structured, semi-structured data into vectorised, graph-based relationships. With that, AI agents grounded in Security Copilot and custom tools can automate triage, correlate alerts, reason about attack paths, and initiate response actions, while keeping human oversight.

The platform supports extensibility through open agent APIs, enabling partners and organisations to deploy custom agents through the MCP server.

Microsoft also adds protections for AI agents, such as prompt-injection resilience, task adherence controls, PII guardrails, and identity controls for agent estates. The evolution aims to shift cybersecurity from reactive to predictive operations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Rising stress leaves cyber professionals at breaking point

Burnout is a significant challenge in the cybersecurity sector, as workers face rising threats and constant pressure to defend organisations. A BBC report highlights how professionals often feel overworked and undervalued, with stress levels leading some to take extended leave.

UK-based surveys reflect growing strain. Membership body ISC2 found that job satisfaction among cybersecurity staff dropped in 2024, with burnout cited as a key issue. Experts say demands have increased while resources remain stretched, leaving staff expected to stay on call around the clock.

Hackers are becoming more aggressive, targeting health services, retailers, and critical national infrastructure. Nation-state actors, including North Korean groups linked to large crypto thefts, are also stepping up activity. These attacks add to the psychological burden on frontline defenders.

Industry figures warn that high turnover risks weakening cyber resilience, especially in junior roles. Initiatives like Cybermindz call for better mental health support, while some argue for protections akin to those for first responders.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

US military unveils automated cybersecurity construct for modern warfare

The US Department of War has unveiled a new Cybersecurity Risk Management Construct (CSRMC), a framework designed to deliver real-time cyber defence and strengthen the military’s digital resilience.

A model that replaces outdated checklist-driven processes with automated, continuously monitored systems capable of adapting to rapidly evolving threats.

The CSRMC shifts from static, compliance-heavy assessments to dynamic and operationally relevant defence. Its five-phase lifecycle embeds cybersecurity into system design, testing, deployment, and operations, ensuring digital systems remain hardened and actively defended throughout use.

Continuous monitoring and automated authorisation replace periodic reviews, giving commanders real-time visibility of risks.

Built on ten core principles, including automation, DevSecOps, cyber survivability, and threat-informed testing, the framework represents a cultural change in military cybersecurity.

It seeks to cut duplication through enterprise services, accelerate secure capability delivery, and enable defence systems to survive in contested environments.

According to acting CIO Kattie Arrington, the construct is intended to institutionalise resilience across all domains, from land and sea to space and cyberspace. The goal is to provide US forces with the technological edge to counter increasingly sophisticated adversaries.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!