cybersecurity

BlackBerry surpasses revenue expectations, driven by cybersecurity demand

BlackBerry surpassed expectations for Q1 revenue by reporting $144 million, exceeding the estimated $134.1 million by analysts. The Canadian firm credits this achievement to a strong demand for cybersecurity services in response to rising online threats.

Looking ahead to Q2, BlackBerry forecasts revenue between $136 million and $144 million, with its cybersecurity division expected to contribute $82 million to $86 million. Furthermore, BlackBerry’s collaboration with AMD to develop robotic systems for industrial and healthcare applications indicates its diversification beyond cybersecurity.

Why does it matter?

Recent significant data breaches in sectors like automotive and healthcare have intensified the need for enhanced cybersecurity measures, benefiting companies like BlackBerry. Despite a general slowdown in tech spending, these security concerns are prompting organisations and governments to strengthen their defences, thereby boosting BlackBerry’s performance.

Central banks urged to embrace AI

The Bank for International Settlements (BIS) has advised central banks to harness the benefits of AI while cautioning against its use in replacing human decision-makers. In its first comprehensive report on AI, the BIS highlighted the technology’s potential to enhance real-time data monitoring and improve inflation predictions – capabilities that have become critical following the unforeseen inflation surges during the COVID-19 pandemic and the Ukraine crisis. While AI models could mitigate future risks, their unproven and sometimes inaccurate nature makes them unsuitable as autonomous rate setters, emphasised Cecilia Skingsley of the BIS. Human accountability remains crucial for decisions on borrowing costs, she noted.

The BIS, often termed the central bank for central banks, is already engaged in eight AI-focused projects to explore the technology’s potential. Hyun Song Shin, the BIS’s head of research, stressed that AI should not be seen as a ‘magical’ solution but acknowledged its value in detecting financial system vulnerabilities. However, he also warned of the risks associated with AI, such as new cyber threats and the possibility of exacerbating financial crises if mismanaged.

The widespread adoption of AI could significantly impact labour markets, productivity, and economic growth, with firms potentially adjusting prices more swiftly in response to economic changes, thereby influencing inflation. The BIS has called for the creation of a collaborative community of central banks to share experiences, best practices, and data to navigate the complexities and opportunities presented by AI. That collaboration aims to ensure AI’s integration into financial systems is both effective and secure, promoting resilient and responsive economic governance.

In conclusion, the BIS’s advisory underscores the importance of balancing AI’s promising capabilities with the necessity for human intervention in central banking operations. By fostering an environment for shared knowledge and collaboration among central banks, the BIS seeks to maximise AI benefits while mitigating inherent risks, thereby supporting more robust economic management in the face of technological advancements.

EU cybersecurity exercise organised to test energy sector’s cyber resilience

The 7th edition of Cyber Europe, organised by the European Union Agency for Cybersecurity (ENISA), tested the resilience of the EU energy sector, highlighting cybersecurity as an increasing threat to critical infrastructure. In 2023, over 200 cyber incidents targeted the energy sector, with more than half aimed specifically at Europe, underscoring the sector’s vulnerability due to its crucial role in the European economy.

Juhan Lepassaar, Executive Director of ENISA, highlighted the exercise’s role in enhancing preparedness and response capacities to protect critical infrastructure, essential for the single market’s stability.

According to ENISA’s Network and Information Security (NIS) Investments report, 32% of energy sector operators lack Security Operations Center (SOC) monitoring for critical Operation Technology (OT) processes, while 52% integrate OT and Information Technology (IT) under a single SOC.

This year’s Cyber Europe exercise focused on a scenario involving cyber threats to EU energy infrastructure amidst geopolitical tensions. Over two days, stakeholders from 30 national cybersecurity agencies and numerous EU bodies collaborated, developing crisis management skills and coordinating responses to simulated cyber incidents. The exercise, one of Europe’s largest, involved over thousand experts across various domains, facilitated by ENISA, which celebrates its 20th anniversary in 2024.

Japan’s space agency hit by series of cyberattacks, no sensitive data breached, officials confirm

Japan’s Chief Cabinet Secretary Yoshimasa Hayashi confirmed that Japan’s space agency, JAXA, has been targeted by several cyberattacks since late last year. The agency has been investigating the breaches, shutting down affected networks, and verifying that no classified information related to rocket and satellite operations or national security was compromised.

Hayashi also confirmed that hackers are located outside Japan and emphasised Japan’s commitment to enhancing its cybersecurity defences. Amidst increasing military developments in response to China’s growing power, Japan aims to develop a counterstrike capability, though experts believe Tokyo will still rely heavily on the United States for launching long-range missiles.

Defense Minister Minoru Kihara assured the public that the attacks have not impacted his ministry but stated that he is closely monitoring JAXA’s ongoing investigation. As part of the investigation, a portion of the affected JAXA network was temporarily shut down.

JAXA, which develops and launches satellites and is involved in advanced missions like asteroid exploration and potential lunar human exploration, has faced multiple cyber incidents since 2016. That year, it was among 200 Japanese companies and research institutes allegedly targeted by Chinese-speaking military hackers. Last year, unknown hackers also attempted to breach JAXA’s network server but failed to access information critical to the operation of rockets and satellites.

In February 2024, Japan’s cyber official Kazutaka Nakamizo highlighted the increasing cyber threats to the country’s critical infrastructure, particularly from China. However, he did not specify which attacks were believed to be linked to Beijing.

Cybersecurity measures ramp up for 2024 Olympics

Next month, athletes worldwide will converge on Paris for the eagerly awaited 2024 Summer Olympics. While competitors prepare for their chance to win coveted medals, organisers are focused on defending against cybersecurity threats. Over the past decade, cyberattacks have become more sophisticated due to the misuse of AI. However, the responsible application of AI offers a promising countermeasure.

Sports organisations are increasingly partnering with AI-driven companies like Visual Edge IT, which specializes in risk reduction. Although Visual Edge IT does not directly work with the Olympics, cybersecurity expert Peter Avery shared insights on how Olympic organisers can mitigate risks. Avery emphasised the importance of robust technical, physical, and administrative controls to protect against cyber threats. He highlighted the need for a comprehensive incident response plan and the necessity of preparing for potential disruptions, such as internet overload and infrastructure attacks.

The advent of AI has revolutionised both productivity and cybercrime. Avery noted that AI allows cybercriminals to automate attacks, making them more efficient and widespread. He stressed that a solid incident response plan and regular simulation exercises are crucial for managing cyber threats. As Avery pointed out, the question is not if a cyberattack will happen but when.

The International Olympic Committee (IOC) also embraces AI responsibly within sports. IOC President Thomas Bach announced the AI plan to identify talent, personalise training, and improve judging fairness. The Summer Olympics in Paris, which run from 26 July to 11 August, will significantly test these cybersecurity and AI initiatives.

Conclusions on the UN Security Council’s open debate on cybersecurity

The UN Security Council held an open debate on cybersecurity as part of South Korea’s presidency for the month of June. The day-long debate centred on the evolving threat landscape in cyberspace, emphasising the need for digital advancements to be directed towards positive outcomes. During the ensuing debate, nearly 70 speakers shared national perspectives on the growing threats posed by rapidly evolving technologies wielded by state and non-state actors. 

UN Secretary-General António Guterres highlighted the rapid pace of digital breakthroughs, acknowledging their ability to unite people, disseminate information rapidly, and boost economies. However, he cautioned that the connectivity that fuels these benefits also exposes individuals, institutions, and nations to significant vulnerabilities. Guterres pointed to the alarming rise of ransomware attacks, which cost an estimated $1.1 billion in ransom payments last year. Nonetheless, he noted that the implications extended beyond financial costs to impact peace, security, and overall stability.

In response to these challenges, Guterres referenced the ‘New Agenda for Peace,’ which calls for concerted efforts by states to prevent conflicts from escalating in cyberspace. He stressed the importance of upholding the rule of law in the digital realm and highlighted ongoing discussions among member states regarding a new cybercrime treaty. Recognising the interconnectedness of cyberspace with global peace and security, he urged the Security Council to incorporate cyber-related considerations into its agenda.

Stéphane Duguin, CEO of the CyberPeace Institute, briefed the council, offering valuable insights into recent cyberattacks, including the ‘AcidRain’ incident affecting Ukraine and cybercriminal activities linked to the Democratic People’s Republic of Korea. Duguin emphasised the necessity of attributing cyberattacks to perpetrators to facilitate de-escalation efforts. In turn, Nnenna Ifeanyi-Ajufo, an expert in Law and Technology, highlighted the misuse of cyber technology by terrorist groups in Africa and the risks posed by states infringing on human rights under the guise of cybersecurity. She called for enhanced mechanisms to understand the cyber threat landscape across different regions.

In deliberating the Council’s role in the cyber domain, some representatives advocated for inclusive processes within the UN, particularly under the General Assembly, to establish equitable arrangements in addressing cyber threats. Others urged the Security Council to take a more active role. Several speakers stressed the Council’s potential to lead in building a secure cyberspace, bridging with existing UN efforts in cybersecurity and ensuring Global South perspectives are considered at every step of the process.

In contrast, the representative from Russia highlighted a lack of clarity in determining which malicious digital technology use could threaten international peace and security. In this regard, Russia criticised the West for attributing cyberattacks to what they called ‘inconvenient countries.’ Moreover, the representative opposed the Council’s involvement in this matter, stating that such a move would exclude states not part of the Council from the discussion.

Why does it matter?

Highlighting the urgency of addressing cyber threats, representatives stressed the need for the Council to facilitate dialogue and support capacity-building efforts, especially in developing countries lacking the resources and expertise to combat cyber threats. 

The discussions highlighted the critical need for proactive measures to address cyber threats, promote cybersecurity, and safeguard global peace and stability in an increasingly interconnected digital landscape.

National Cyber Director stresses the need for unified cybersecurity requirements in the US

The head of the US Office of the National Cyber Director (ONCD), Harry Coker, has urged the US Congress to harmonise cross-sector baseline cybersecurity requirements in regulated industries, following years of federal and international guidance. Coker highlighted that the lack of regulatory harmonisation poses significant challenges to both cybersecurity outcomes and business competitiveness, as reported by organisations representing the majority of critical infrastructure sectors.

Harry Coker, a Navy veteran and former executive director of the NSA (2017-2019), was confirmed by the US Senate as ONCD director in December 2023, following the resignation of former ONCD Director Chris Inglis in February 2023.

In August 2023, the Office of the National Cyber Director (ONCD) sought private sector input on the state of cybersecurity regulation. Feedback was received from 11 of the 16 critical infrastructure sectors, encompassing over 15,000 businesses, states, and other organizations in the US. The summary of these responses revealed several challenges, including the absence of reciprocity between state and federal regulators and international partners. Regulatory inconsistencies that create barriers to entry, especially for small and mid-sized businesses have also been mentioned among key issues for industry. Furthermore, organizations expressed confusion about which federal agencies are responsible for regulating the defence industrial base, noting that it is unclear which federal agency acts as the clearinghouse for cyber-related regulations and requirements.

In response to the feedback, Coker announced that ONCD has initiated new harmonisation projects, including a pilot reciprocity framework within a critical infrastructure subsector. The pilot project aims to provide valuable insights for designing a comprehensive cybersecurity regulatory approach. Coker emphasized the need for Congress’s assistance to bring all relevant government agencies together to develop a cross-sector framework for harmonisation and reciprocity of baseline cybersecurity requirements. ONCD has not yet provided further details about the pilot project or other ongoing initiatives aimed at driving regulatory harmonisation.

Cisco to open cybersecurity centre in Taiwan

Cisco announced plans on Monday to establish a cybersecurity centre in Taiwan, collaborating with the government to bolster the workforce in this critical sector. The initiative comes as part of Cisco’s Taiwan Digital Acceleration Plan 3.0, aimed at addressing the global talent shortage in cybersecurity and enhancing the island’s digital infrastructure.

Taiwan, a democratically governed territory claimed by China, has faced numerous cyberattacks attributed to Beijing, targeting government officials and tech firms. Although China denies these accusations, the frequency and sophistication of such attacks have prompted significant concern. Cisco’s initiative includes partnering with tech associations to develop a security centre in Taiwan, focusing on improving threat intelligence and cyber readiness.

Guy Diedrich, Cisco’s global innovation officer, emphasised the company’s commitment to Taiwan, highlighting the flexible nature of the digital acceleration program, which encompasses areas such as AI in transport and sustainability operations at Kaohsiung port. While Diedrich did not disclose specific investment amounts, he affirmed that the program allows ongoing investment opportunities.

The launch event, attended by Taiwan’s Vice President Hsiao Bi-khim, underscored the strong partnership between Cisco and Taiwan. Vice President Hsiao expressed gratitude for Cisco’s sustained support and looked forward to potential future investments under the program.

European groups urge fairness in EU cybersecurity label for Big Tech

A proposed cybersecurity certification scheme (EUCS) for cloud services has raised concerns among 26 industry groups across Europe, who caution against potential discrimination towards major US tech firms like Amazon, Alphabet’s Google, and Microsoft. The European Commission, EU cybersecurity agency ENISA, and EU countries are set to discuss the scheme, which has seen multiple revisions since its draft release in 2020. The EUCS aims to help governments and businesses select secure and reliable cloud vendors, a critical consideration in the rapidly growing global cloud computing industry.

The latest version of the scheme, updated in March, removed stringent sovereignty requirements that would have forced US tech giants to form joint ventures or collaborate with EU-based companies to handle data within the bloc, a criterion for earning the highest EU cybersecurity label. In a joint letter, the industry groups argued for a non-discriminatory EUCS that fosters the free movement of cloud services across Europe, aligning with industry best practices and supporting Europe’s digital goals and security resilience.

The signatories, which include various chambers of commerce and industry associations from several European countries, emphasised the importance of diverse and resilient cloud technologies for their members to compete globally. They welcomed the removal of ownership controls and specific data protection requirements, arguing that these changes would ensure cloud security improvements without discriminating against non-EU companies.

EU cloud vendors like Deutsche Telekom, Orange, and Airbus have advocated for sovereignty requirements, fearing non-EU government access to European data under foreign laws. However, the industry groups contend that the inclusive approach of the revised EUCS will better serve Europe’s digital and security needs while promoting a competitive market environment.

Japanese Prime Minister urges legislation for pre-emptive cyber defense system

Japanese Prime Minister Fumio Kishida has directed his government to expedite the drafting of legislation to establish an active cyber defense system, enabling pre-emptive measures against cyberattacks. Addressing the inaugural meeting of an expert panel convened at the prime minister’s office, Kishida emphasised the pressing need to bolster the country’s cyber response capabilities.

The government of Japan aims to present the proposed legislation during the upcoming extraordinary parliamentary session scheduled for autumn. During the meeting, Digital Transformation Minister Taro Kono outlined three critical areas for discussion – enhancing information sharing between the public and private sectors, identifying servers involved in cyberattacks, and determining the extent of governmental authority.

Kono urged the panel consisting of 17 experts such as specialists on cybersecurity and lawyers to provide progress reports on these issues within the coming months, highlighting the urgency of addressing cybersecurity challenges. Kono highlighted the importance of establishing a system on par with those of the United States and European nations, while also safeguarding the rights and interests of the people.