Cisco announced plans on Monday to establish a cybersecurity centre in Taiwan, collaborating with the government to bolster the workforce in this critical sector. The initiative comes as part of Cisco’s Taiwan Digital Acceleration Plan 3.0, aimed at addressing the global talent shortage in cybersecurity and enhancing the island’s digital infrastructure.
Taiwan, a democratically governed territory claimed by China, has faced numerous cyberattacks attributed to Beijing, targeting government officials and tech firms. Although China denies these accusations, the frequency and sophistication of such attacks have prompted significant concern. Cisco’s initiative includes partnering with tech associations to develop a security centre in Taiwan, focusing on improving threat intelligence and cyber readiness.
Guy Diedrich, Cisco’s global innovation officer, emphasised the company’s commitment to Taiwan, highlighting the flexible nature of the digital acceleration program, which encompasses areas such as AI in transport and sustainability operations at Kaohsiung port. While Diedrich did not disclose specific investment amounts, he affirmed that the program allows ongoing investment opportunities.
The launch event, attended by Taiwan’s Vice President Hsiao Bi-khim, underscored the strong partnership between Cisco and Taiwan. Vice President Hsiao expressed gratitude for Cisco’s sustained support and looked forward to potential future investments under the program.
A proposed cybersecurity certification scheme (EUCS) for cloud services has raised concerns among 26 industry groups across Europe, who caution against potential discrimination towards major US tech firms like Amazon, Alphabet’s Google, and Microsoft. The European Commission, EU cybersecurity agency ENISA, and EU countries are set to discuss the scheme, which has seen multiple revisions since its draft release in 2020. The EUCS aims to help governments and businesses select secure and reliable cloud vendors, a critical consideration in the rapidly growing global cloud computing industry.
The latest version of the scheme, updated in March, removed stringent sovereignty requirements that would have forced US tech giants to form joint ventures or collaborate with EU-based companies to handle data within the bloc, a criterion for earning the highest EU cybersecurity label. In a joint letter, the industry groups argued for a non-discriminatory EUCS that fosters the free movement of cloud services across Europe, aligning with industry best practices and supporting Europe’s digital goals and security resilience.
The signatories, which include various chambers of commerce and industry associations from several European countries, emphasised the importance of diverse and resilient cloud technologies for their members to compete globally. They welcomed the removal of ownership controls and specific data protection requirements, arguing that these changes would ensure cloud security improvements without discriminating against non-EU companies.
EU cloud vendors like Deutsche Telekom, Orange, and Airbus have advocated for sovereignty requirements, fearing non-EU government access to European data under foreign laws. However, the industry groups contend that the inclusive approach of the revised EUCS will better serve Europe’s digital and security needs while promoting a competitive market environment.
The International Olympic Committee (IOC) will deploy AI to combat social media abuse directed at 15,000 athletes and officials during the Paris Olympics next month, IOC President Thomas Bach announced on Friday. With the Games set to begin on 26 July, more than 10,500 athletes will compete across 32 sports, generating over half a billion social media engagements.
The AI system aims to safeguard athletes by monitoring and automatically erasing abusive posts to provide extensive protection against cyber abuse. That initiative comes amid ongoing global conflicts, including the wars in Ukraine and Gaza, which have already led to social media abuse cases. Russian and Belarusian athletes, who will compete as neutral athletes without their national flags, are included in the protective measures. The IOC did not specify the level of access athletes would need to grant for the AI monitoring.
Despite recent political developments in France, including a snap parliamentary election called by President Emmanuel Macron, Bach assured that preparations for the Olympics remain on track. He emphasised that both the government and opposition are determined to ensure that France presents itself well during the Games.
Microsoft has decided to delay the rollout of its AI-powered ‘Recall’ feature, which tracks and stores computer usage histories, citing privacy concerns. Initially planned for launch with new computers next week, Recall will now undergo a preview phase within its Windows Insider Program (WIP) in the coming weeks rather than being widely available to Copilot+ PC users starting 18 June.
The Recall feature, designed to record everything from web browsing to voice chats for later retrieval, aims to help users remember past activities even months later. Microsoft emphasised that the delay is part of their commitment to ensuring a trusted and secure customer experience, seeking additional feedback before a broader release.
Copilot+ PCs, introduced in May, integrate AI capabilities and were set to include Recall as a key feature. The WIP, which allows enthusiastic users to test upcoming Windows features, will play a crucial role in gathering feedback on Recall before its eventual wider availability.
Privacy concerns surfaced swiftly after Recall’s announcement, with critics suggesting potential misuse for surveillance purposes. Elon Musk likened the feature to a scenario from the dystopian TV series ‘Black Mirror’, reflecting broader anxieties about the implications of pervasive technology on personal privacy and security.
OpenAI has announced the appointment of retired US Army General Paul M. Nakasone, former head of the National Security Agency (NSA), to its board of directors. Nakasone, who led the NSA from 2018 until earlier this year, will join OpenAI’s Safety and Security Committee. This committee, prioritised by CEO Sam Altman, focuses on enhancing the company’s understanding of how AI can be leveraged to improve cybersecurity by swiftly identifying and countering threats.
The addition of Nakasone follows notable departures from OpenAI related to safety concerns, including co-founder Ilya Sutskever and Jan Leike. Sutskever was involved in the controversial firing and reinstatement of CEO Sam Altman, while Leike has publicly criticised the company’s current focus on product development over safety measures.
OpenAI board chair Bret Taylor emphasised the importance of securely developing and deploying AI to realize its potential benefits for humanity. He highlighted Nakasone’s extensive experience in cybersecurity as a valuable asset to guiding the organisation toward this goal.
The current OpenAI board comprises Nakasone, Altman, Adam D’Angelo, Larry Summers, Bret Taylor, Dr Sue Desmond-Hellmann, Nicole Seligman, and Fidji Simo, with Microsoft’s Dee Templeton holding a non-voting observer position.
Lawmakers criticised Microsoft for failing to prevent these cyberattacks, which exposed federal networks to significant risk. They highlighted a report by the Cyber Safety Review Board (CSRB) that condemned Microsoft for lack of transparency regarding the China hack, labelling it preventable. Smith acknowledged the report’s findings and stated that Microsoft acted on most of its recommendations. He emphasised the growing threat posed by nations like China, Russia, North Korea, and Iran, which are increasingly sophisticated and aggressive in their cyberattacks.
During the hearing, Smith defended Microsoft’s role, saying that the US State Department’s discovery of the hack demonstrated the collaborative nature of cybersecurity. However, Congressman Bennie Thompson expressed dissatisfaction, stressing that Microsoft is responsible for detecting such breaches. Given its substantial investments there, panel members also inquired about Microsoft’s operations in China. Smith noted that the company earns around 1.5% of its revenue from China and is working to reduce its engineering presence in the country.
Despite facing significant criticism over the past year, some panel members, including Republican Congresswoman Marjorie Taylor Greene, commended Smith for accepting responsibility. In response to the CSRB’s findings, Microsoft has pledged to prioritise security above all else, launching a new cybersecurity initiative in November to bolster its defences and ensure greater transparency moving forward.
Switzerland is facing a significant rise in cyberattacks and disinformation campaigns ahead of this weekend’s summit, where representatives from 90 countries will convene to discuss the resolution of the Ukraine conflict. During a press briefing on Monday, Swiss President Viola Amherd mentioned the recent spike in cyber assaults but refrained from providing specific details. Foreign Minister Ignazio Cassis underscored the evident intention to disrupt the impending peace negotiations.
While refraining from directly attributing the incidents to any particular nation, Swiss officials have hinted at Russia as a probable suspect, given its exclusion from the summit and vocal criticism of the event’s validity, based on President Volodymyr Zelensky’s peace proposals.
The summit will take place near Lucerne and will draw participants from various regions, including Europe, the Americas, Africa, the Middle East, and Asia. In anticipation of potential threats, the Swiss National Cyber Security Centre (NCSC) has urged local organisations to bolster their security measures. Emphasising the vulnerability of large-scale international events to cyberattacks, the NCSC plans to establish an emergency centre for technical analysis and communication support. Additionally, Swiss authorities plan to deploy nearly 4,000 military personnel to ensure event security, including air transportation and surveillance support.
Despite ongoing tensions, Switzerland has refrained from expelling Russian diplomats, a measure undertaken by other European nations and the US in response to Russia’s actions in Ukraine. Swiss intelligence suggests that a significant portion of Russian diplomats may engage in intelligence activities.
Apple has declined to award a bug bounty to Kaspersky, the cybersecurity company, after disclosing four zero-day vulnerabilities in iPhone software. These vulnerabilities were reportedly exploited to spy on Kaspersky employees and diplomats from Russia. A spokesperson for Kaspersky stated that their research team believed their findings were eligible for Apple’s Bug Bounty rewards. However, upon inquiry, they received a decline from Apple’s Security team, citing the company’s policy.
Bug bounties serve as incentives for researchers to disclose vulnerabilities to companies, rather than selling them to malicious actors. Kaspersky’s disclosure last year revealed a highly sophisticated spying campaign dubbed ‘Operation Triangulation.’ Eugene Kaspersky, the company’s CEO, described it as ‘an extremely complex, professionally targeted cyberattack’ affecting several dozen iPhones of top and middle-management employees.
The campaign, suspected to be state-sponsored due to its sophistication and intelligence-focused targeting, utilised 13 separate bullet points in its attack chain. Simultaneously, Russia’s Federal Security Service (FSB) accused the United States and Apple of collaborating to spy on Russian diplomats.
The FSB’s allegations aligned with Russia’s computer security agency’s claim that both campaigns shared the same indicators of compromise. A critical concern was a vulnerability known as CVE-2023-38606, which affected an unusual hardware feature unused by iOS firmware. Kaspersky suggested it may have been included in the iPhone operating system mistakenly or for debugging purposes. Apple refuted claims of collaboration with any government to insert backdoors into its products, emphasising its commitment to user privacy and security.
The Dutch military intelligence and security service (MIVD) has raised alarms over a global Chinese cyber-espionage campaign, that successfully targeted ‘a significant number of victims’, including Western governments, international organisations and the defense industry. The Netherlands’ National Cyber Security Centre (NCSC) provided the details of this operation in the warning sharing how state-sponsored hackers exploited a vulnerability in FortiGate devices for ‘at least two months before Fortinet announced the vulnerability.’
This vulnerability, identified as CVE-2022-42475, was leveraged during a ‘zero-day period’ to compromise around 14,000 devices in Netherlands. In particular, the warning says that the had successfully breached the internal computer network of the Dutch Ministry of Defence. After gaining access, the hackers deployed a remote access trojan (RAT) named COATHANGER to perform reconnaissance and exfiltrate user account information from the Active Directory server. It, however, remains unclear how many of these systems were infected with the COATHANGER malware. The MIVD warned that identifying and removing these infections is particularly challenging.
“The NCSC and the Dutch intelligence services therefore state that it is likely that the state actor still has access to systems of a significant number of victims,” the report cautioned, emphasizing the ongoing threat posed by this extensive cyber-espionage campaign.
Japanese Prime Minister Fumio Kishida has directed his government to expedite the drafting of legislation to establish an active cyber defense system, enabling pre-emptive measures against cyberattacks. Addressing the inaugural meeting of an expert panel convened at the prime minister’s office, Kishida emphasised the pressing need to bolster the country’s cyber response capabilities.
The government of Japan aims to present the proposed legislation during the upcoming extraordinary parliamentary session scheduled for autumn. During the meeting, Digital Transformation Minister Taro Kono outlined three critical areas for discussion – enhancing information sharing between the public and private sectors, identifying servers involved in cyberattacks, and determining the extent of governmental authority.
Kono urged the panel consisting of 17 experts such as specialists on cybersecurity and lawyers to provide progress reports on these issues within the coming months, highlighting the urgency of addressing cybersecurity challenges. Kono highlighted the importance of establishing a system on par with those of the United States and European nations, while also safeguarding the rights and interests of the people.
