Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label EU. Show all posts
X
Data Breach EU Internet IT POLSA Space X

Polish Space Agency "POLSA" Suffers Breach; System Offline

Polish Space Agency "POLSA" Suffers Breach; System Offline

Systems offline to control breach

The Polish Space Agency (POLSA) suffered a cyberattack last week, it confirmed on X. The agency didn’t disclose any further information, except that it “immediately disconnected” the agency network after finding that the systems were hacked. The social media post indicates the step was taken to protect data. 

US News said “Warsaw has repeatedly accused Moscow of attempting to destabilise Poland because of its role in supplying military aid to its neighbour Ukraine, allegations Russia has dismissed.” POLSA has been offline since to control the breach of its IT infrastructure. 

Incident reported to authorities

After discovering the attack, POLSA reported the breach to concerned authorities and started an investigation to measure the impact. Regarding the cybersecurity incident, POLSA said “relevant services and institutions have been informed.”  

POLSA didn’t reveal the nature of the security attack and has not attributed the breach to any attacker. "In order to secure data after the hack, the POLSA network was immediately disconnected from the Internet. We will keep you updated."

How did the attack happen?

While no further info has been out since Sunday, internal sources told The Register that the “attack appears to be related to an internal email compromise” and that the staff “are being told to use phones for communication instead.”

POLSA is currently working with the Polish Military Computer Security Incident Response Team (CSIRT MON) and the Polish Computer Security Incident Response Team (CSIRT NASK) to patch affected services. 

Who is responsible?

Commenting on the incident, Poland's Minister of Digital Affairs, Krzysztof Gawkowski, said the “systems under attack were secured. CSIRT NASK, together with CSIRT MON, supports POLSA in activities aimed at restoring the operational functioning of the Agency.” On finding the source, he said, “Intensive operational activities are also underway to identify who is behind the cyberattack. We will publish further information on this matter on an ongoing basis.”

About POLSA

A European Space Agency (ESA) member, POLSA was established in September 2014. It aims to support the Polish space industry and strengthen Polish defense capabilities via satellite systems. The agency also helps Polish entrepreneurs get funds from ESA and also works with the EU, other ESA members and countries on different space exploration projects.  

Read more »
trending news
Cybersecurity Breach Data Breach EU News SecurityScorecard trending news

Third-Party Data Breaches Expose Cybersecurity Risks in EU's Largest Firms

A recent report by SecurityScorecard has shed light on the widespread issue of third-party data breaches among the European Union’s top companies. The study, which evaluated the cybersecurity health of the region’s 100 largest firms, revealed that 98% experienced breaches through external vendors over the past year. This alarming figure underscores the vulnerabilities posed by interconnected digital ecosystems.

Industry Disparities in Cybersecurity

While only 18% of the companies reported direct breaches, the prevalence of third-party incidents highlights hidden risks that could disrupt operations across multiple sectors. Security performance varied significantly by industry, with the transport sector standing out for its robust defenses. All companies in this sector received high cybersecurity ratings, reflecting strong proactive measures.

In contrast, the energy sector lagged behind, with 75% of firms scoring poorly, receiving cybersecurity grades of C or lower. Alarmingly, one in four energy companies reported direct breaches, further exposing their susceptibility to cyber threats.

Regional differences also emerged, with Scandinavian, British, and German firms demonstrating stronger cybersecurity postures. Meanwhile, French companies recorded the highest rates of third- and fourth-party breaches, reaching 98% and 100%, respectively.

Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence at SecurityScorecard, stressed the importance of prioritizing third-party risk management. His remarks come as the EU prepares to implement the Digital Operational Resilience Act (DORA), a regulation designed to enhance the cybersecurity infrastructure of financial institutions.

“With regulations like DORA set to reshape cybersecurity standards, European companies must prioritise third-party risk management and leverage rating systems to safeguard their ecosystems,” Sherstobitoff stated in a media briefing.

Strengthening Cybersecurity Resilience

DORA introduces stricter requirements for banks, insurance companies, and investment firms to bolster their resilience against cyberattacks and operational disruptions. As organizations gear up for the rollout of this framework, addressing third-party risks will be crucial for maintaining operational integrity and adhering to evolving cybersecurity standards.

The findings from SecurityScorecard highlight the urgent need for EU businesses to fortify their digital ecosystems and prepare for regulatory demands. By addressing third-party vulnerabilities, organizations can better safeguard their operations and protect against emerging threats.

Read more »
Protecting online travel accounts
Biometric data Data Privacy data security database EU Personal Data Privacy Privacy Invasion Protecting online travel accounts

The Intersection of Travel and Data Privacy: A Growing Concern

 

The evolving relationship between travel and data privacy is sparking significant debate among travellers and experts. A recent Spanish regulation requiring hotels and Airbnb hosts to collect personal guest data has particularly drawn criticism, with some privacy-conscious tourists likening it to invasive surveillance. This backlash highlights broader concerns about the expanding use of personal data in travel.

Privacy Concerns Across Europe

This trend is not confined to Spain. Across the European Union, regulations now mandate biometric data collection, such as fingerprints, for non-citizens entering the Schengen zone. Airports and border control points increasingly rely on these measures to streamline security and enhance surveillance. Advocates argue that such systems improve safety and efficiency, with Chris Jones of Statewatch noting their roots in international efforts to combat terrorism, driven by UN resolutions and supported by major global powers like the US, China, and Russia.

Challenges with Biometric and Algorithmic Systems

Despite their intended benefits, systems leveraging Passenger Name Record (PNR) data and biometrics often fall short of expectations. Algorithmic misidentifications can lead to unjust travel delays or outright denials. Biometric systems also face significant logistical and security challenges. While they are designed to reduce processing times at borders, system failures frequently result in delays. Additionally, storing such sensitive data introduces serious risks. For instance, the 2019 Marriott data breach exposed unencrypted passport details of millions of guests, underscoring the vulnerabilities in large-scale data storage.

The EU’s Ambitious Biometric Database

The European Union’s effort to create the world’s largest biometric database has sparked concern among privacy advocates. Such a trove of data is an attractive target for both hackers and intelligence agencies. The increasing use of facial recognition technology at airports—from Abu Dhabi’s Zayed International to London Heathrow—further complicates the privacy landscape. While some travelers appreciate the convenience, others fear the long-term implications of this data being stored and potentially misused.

Global Perspectives on Facial Recognition

Prominent figures like Elon Musk openly support these technologies, envisioning their adoption in American airports. However, critics argue that such measures often prioritize efficiency over individual privacy. In the UK, stricter regulations have limited the use of facial recognition systems at airports. Yet, alternative tracking technologies are gaining momentum, with trials at train stations exploring non-facial data to monitor passengers. This reflects ongoing innovation by technology firms seeking to navigate legal restrictions.

Privacy vs. Security: A Complex Trade-Off

According to Gus Hosein of Privacy International, borders serve as fertile ground for experiments in data-driven travel technologies, often at the expense of individual rights. These developments point to the inevitability of data-centric travel but also emphasize the need for transparent policies and safeguards. Balancing security demands with privacy concerns remains a critical challenge as these technologies evolve.

The Choice for Travelers

For travelers, the trade-off between convenience and the protection of personal information grows increasingly complex with every technological advance. As governments and companies push forward with data-driven solutions, the debate over privacy and transparency will only intensify, shaping the future of travel for years to come.

Read more »
Security Report
Cyber Security Cybersecurity measures cybersecurity research ENISA EU European Commission NIS NIS2 Directive Security Report

ENISA’s Biennial Cybersecurity Report Highlights EU Threats and Policy Needs

 

The EU Agency for Cybersecurity (ENISA) has released its inaugural biennial report under the NIS 2 Directive, offering an analysis of cybersecurity maturity and capabilities across the EU. Developed in collaboration with all 27 EU Member States and the European Commission, the report provides evidence-based insights into existing vulnerabilities, strengths, and areas requiring improvement. Juhan Lepassaar, ENISA’s Executive Director, emphasized the importance of readiness in addressing increasing cybersecurity threats, technological advancements, and complex geopolitical dynamics. Lepassaar described the report as a collective effort to bolster security and resilience across the EU.

The findings draw on multiple sources, including the EU Cybersecurity Index, the NIS Investment reports, the Foresight 2030 report, and the ENISA Threat Landscape report. A Union-wide risk assessment identified significant cyber threats, with vulnerabilities actively exploited by threat actors. While Member States share common cybersecurity objectives, variations in critical sector sizes and complexities pose challenges to implementing uniform cybersecurity measures. At the individual level, younger generations have shown improvements in cybersecurity awareness, though disparities persist in the availability and maturity of education programs across Member States.

ENISA has outlined four priority areas for policy enhancement: policy implementation, cyber crisis management, supply chain security, and skills development. The report recommends providing increased financial and technical support to EU bodies and national authorities to ensure consistent implementation of the NIS 2 Directive. Revising the EU Blueprint for managing large-scale cyber incidents is also suggested, aiming to align with evolving policies and improve resilience. Tackling the cybersecurity skills gap is a key focus, with plans to establish a unified EU training framework, evaluate future skills needs, and introduce a European attestation scheme for cybersecurity qualifications.

Additionally, the report highlights the need for a coordinated EU-wide risk assessment framework to address supply chain vulnerabilities and improve preparedness in specific sectors. Proposed mechanisms, such as the Cybersecurity Emergency Mechanism under the Cyber Solidarity Act, aim to strengthen collective resilience.

Looking to the future, ENISA anticipates increased policy attention on emerging technologies, including Artificial Intelligence (AI) and Post-Quantum Cryptography. While the EU’s cybersecurity framework provides a solid foundation, evolving threats and expanding roles for authorities present ongoing challenges. To address these, ENISA underscores the importance of enhancing situational awareness and operational cooperation, ensuring the EU remains resilient and competitive in addressing cybersecurity challenges.

Read more »
Twitter
Ai Data AI Models Cyber Security Data protection data security DPC EDPB EU Personal Data Twitter

Irish Data Protection Commission Halts AI Data Practices at X

 

The Irish Data Protection Commission (DPC) recently took a decisive step against the tech giant X, resulting in the immediate suspension of its use of personal data from European Union (EU) and European Economic Area (EEA) users to train its AI model, “Grok.” This marks a significant victory for data privacy, as it is the first time the DPC has taken such substantial action under its powers granted by the Data Protection Act of 2018. 

The DPC initially raised concerns that X’s data practices posed a considerable risk to individuals’ fundamental rights and freedoms. The use of publicly available posts to train the AI model was viewed as an unauthorized collection of sensitive personal data without explicit consent. This intervention highlights the tension between technological innovation and the necessity of safeguarding individual privacy. 

Following the DPC’s intervention, X agreed to cease its current data processing activities and commit to adhering to stricter privacy guidelines. Although the company did not acknowledge any wrongdoing, this outcome sends a strong message to other tech firms about the importance of prioritizing data privacy when developing AI technologies. The immediate halt of Grok AI’s training on data from 60 million European users came in response to mounting regulatory pressure across Europe, with at least nine GDPR complaints filed during its short stint from May 7 to August 1. 

After the suspension, Dr. Des Hogan, Chairperson of the Irish DPC, emphasized that the regulator would continue working with its EU/EEA peers to ensure compliance with GDPR standards, affirming the DPC’s commitment to safeguarding citizens’ rights. The DPC’s decision has broader implications beyond its immediate impact on X. As AI technology rapidly evolves, questions about data ethics and transparency are increasingly urgent. This decision serves as a prompt for a necessary dialogue on the responsible use of personal data in AI development.  

To further address these issues, the DPC has requested an opinion from the European Data Protection Board (EDPB) regarding the legal basis for processing personal data in AI models, the extent of data collection permitted, and the safeguards needed to protect individual rights. This guidance is anticipated to set clearer standards for the responsible use of data in AI technologies. The DPC’s actions represent a significant step in regulating AI development, aiming to ensure that these powerful technologies are deployed ethically and responsibly. By setting a precedent for data privacy in AI, the DPC is helping shape a future where innovation and individual rights coexist harmoniously.
Read more »
Technology
Chinese Tech CyberCrime Cyberhackers. Cybersecurity CyberThreat EU Germany Cyberbreach Technology

Alarm Bells Ring in Germany Over Chinese Tech Advancements

 


During the next five years, Germany will phase out components made by Chinese companies Huawei and ZTE from its 5G wireless network. This will likely worsen its already strained ties with the second-largest economy in the world, which may further strain its relations with Germany. According to the German Interior Ministry (BMI), by the end of 2026, components made by Chinese technology companies such as Huawei and ZTE will not be allowed to be used in the construction of the country's next-generation 5G mobile networks made by the German industry. 

To comply with this decision, the BMI decided that all existing components must be replaced by the year 2029. Considering 5G networks as a critical infrastructure, the German government maintains that they will have a key role to play in the energy, transportation, health care, and finance sectors in the coming years. A statement made by Huawei has been issued to CNN, stating that there has been no evidence or scenario that explicitly illustrates that its technology poses any security risks. 

A statement from the Chinese embassy in Germany said it was committed to taking whatever "necessary measures" to protect the interests of Chinese companies in Germany. According to the ban, Chinese technology companies are increasingly viewed with suspicion due to their alleged too-close ties to the government in Beijing as a result of their proliferation of investments. 

Particularly Beijing's desire to turn Huawei and ZTE into world leaders in higher-tech sectors has made Western governments wary of giving them too much influence over their national infrastructures, as it wants to establish them as the hub of the world's high-tech sector. In the meantime, another collaboration between several German and Chinese companies has created a stir in the industry. It has been announced that Luxcara, an independent asset manager based in Hamburg, Germany, has signed a contract with a Chinese company, Ming Yang, to construct wind turbines as part of a project that will be based off the coast of Germany. 

Ming Yang said in a statement on July 2 that its decision was based upon an extensive due diligence exercise that covered all aspects of the supply chain, environmental, social and governance compliance aligned with the EU taxonomy, as well as cybersecurity. It was a result of independent expertise provided by reputed international advisors. The German government also considers energy supply a critical infrastructure to generate 80% of the country's electricity by 2035 from renewable sources, which means that they will use less fossil fuels in the process. 

There is no doubt that wind power will play a significant role in the future mix of electric power sources in the world. As per official German data, during the first three months of this year, 38.5% of all electricity produced in Germany was generated by wind power, as well as 16.3% from solar energy. Among all the renewable sources of energy, wind power has seen the most significant growth. It has been important to Luxcara, according to Lars Haugwitz, senior consultant at Luxcara to select the most powerful turbines for their project to be a success. 

DW reported that only Ming Yang could deliver the unit on time with an 18.5-megawatt capacity by the end of 2028. He added that the decision was based on a thorough review of all the bids that DW had received throughout the international tender. In Europe, Vestas, a Danish offshore wind company, and Siemens Gamesa, a German-Spanish company, have held the majority of offshore wind power installations to date. The Chinese companies are now also considered by another German wind farm operator as a possible supplier for his project. 

 The German business daily Handelsblatt reports that RWE, the world's biggest energy company, is among those looking for alternatives, noting that there are limited wind turbine supplies in Europe, along with high demand. The German-based utility company recently issued a statement asserting that it currently has no Chinese suppliers within its wind energy portfolio and intends to maintain its collaboration with established European suppliers. 

However, a company spokesperson informed Deutsche Welle (DW) that the offshore wind industry must evaluate the offerings of Asian suppliers to determine if they meet the necessary standards in technology, quality, safety, and cost-effectiveness. According to Michael Tenten, managing director of Pure ISM—a company specializing in data security within the renewable energy sector—there are multiple reasons for the technological advancements of Asian companies, primarily economic. Tenten explained to DW that the swift availability of equipment is a significant factor. 

However, research conducted by the Kiel Institute for the World Economy (IfW) in Germany revealed that in 2022, over 99% of listed Chinese companies benefited from direct state subsidies. These companies also enjoyed privileged access to critical raw materials, enforced technology transfers in joint ventures, and support in public procurement processes. An example highlighted is China's car manufacturer BYD, which has emerged as the world's leading electric vehicle producer, largely due to substantial subsidies. Dirk Dohse, research director at IfW, recently told Handelsblatt that BYD has also received subsidies for battery production and component manufacturing. 

Dohse noted that while European industries often struggle to compete with Chinese pricing, without China's subsidized technology, the products essential for Germany's green transformation would be more expensive and less available. Michael Tenten of Pure ISM added that another source of mistrust towards Chinese suppliers is data security concerns. He pointed out that manufacturers typically operate their own control centres to monitor the wind farms they construct, and unless these centres are located in Germany, there remains a risk of foreign influence on operations. Lars Haugwitz of Luxcara considers this risk to be more theoretical, as there will be "no direct data link" between the German offshore wind park and the Chinese turbine manufacturer. 

Haugwitz assured that the control, operation, and maintenance of the turbines would be entirely managed within Germany. China's Ministry of Foreign Affairs issued a statement asserting that Germany’s actions severely damaged mutual trust and could affect future cooperation between China and Europe in related fields. This decision could further strain Germany’s relationship with China, its largest trading partner. Recently, Berlin blocked the sale of a Volkswagen subsidiary to a Chinese state-owned company on national security grounds, eliciting a strong response from Beijing. 

Concurrently, China is engaged in a trade dispute with the European Union, which recently increased tariffs on Chinese electric vehicles. A spokesperson for China’s Ministry of Foreign Affairs commented on Thursday that politicizing economic, trade, and technological issues would only disrupt normal technological exchanges. Germany has been deliberating for years on how to handle Huawei components in its 5G network, following the lead of the United States, the United Kingdom, Australia, and Japan, which have effectively banned the company from their 5G infrastructure due to concerns that Beijing could use Chinese tech companies to conduct espionage.
Read more »
Russia cyber threats
Cyber Attacks EU Media Media Industry NATO Poland Poland CyberSecurity Russia cyber threats

Polish State Media Targeted in Alleged Russian-Backed Cyberattack

 

In a concerning development on May 31, the Polish Press Agency (PAP), a state-run media outlet, was targeted in a cyberattack that authorities have attributed to Russian-backed operatives. This incident adds to a growing list of cyber aggression linked to Russian intelligence services, which have previously been accused of targeting Ukraine and various Western nations. 

The European Union (EU) and NATO recently condemned Russia's "malicious cyber campaign" against Germany and Czechia earlier in May, highlighting the persistent threat posed by such activities. On the morning of the attack, PAP's website displayed false messages claiming that Polish Prime Minister Donald Tusk had ordered a "partial mobilization" to begin on July 1. The swift identification of this disinformation was crucial. Deputy Prime Minister Krzysztof Gawkowski promptly declared the message as "false" and confirmed that an investigation was underway. 

He noted, "Everything points to a cyberattack and planned disinformation!" This immediate response was vital in preventing the spread of the false information. Jacek Dobrzynski, spokesperson for the Polish security service, also indicated that the attack was a "probable Russian cyberattack." Gawkowski elaborated on the intent behind the cyber operation, suggesting that it aimed to spread "disinformation before the upcoming EU parliamentary elections" and to "paralyze society." 

The false message was detected within two minutes, and Gawkowski commended the media for accurately labeling it as disinformation, thus preventing further dissemination. Gawkowski's remarks reflect a broader sentiment of heightened vigilance in Poland and across the EU regarding cyber threats. He emphasized that Poland is in a "cold war" with Russia, a stance that underscores the pervasive impact of Russian cyber activities on EU countries. 

This sentiment has been echoed by other European leaders who have called for stronger cyber defenses and increased international cooperation to counter such threats. The incident underscores the ongoing cyber conflict between Russia and Western nations, highlighting the need for robust cybersecurity measures. The EU and NATO's condemnation of Russia's cyber activities against Germany and Czechia earlier in May further illustrates the widespread nature of these threats. Poland's response to the cyberattack on PAP demonstrates the importance of rapid identification and response to disinformation campaigns. 

Gawkowski assured that Prime Minister Tusk was informed of the incident immediately, showcasing the high level of alertness among Polish authorities. As cyber threats continue to evolve, the international community must remain vigilant and proactive in defending against such attacks. This incident serves as a reminder of the critical importance of cybersecurity in safeguarding national security and public trust.
Read more »
water supply
Cyber Security Data Center Data Policies Data reports Energy EU European Commission water supply

EU Data Centers to Report Energy and Water Use Under New Rules

 

The European Union is poised to take a significant step toward regulating energy and water use in data centers. Beginning in September, all organizations operating data centers within EU nations will be required to file detailed reports on their water and energy consumption. Additionally, these organizations must outline the measures they are taking to reduce their environmental footprint. 

Data centers have been specifically targeted because they account for an estimated 2% to 3% of the total energy consumption in the EU. The increasing demand for data processing power, driven largely by the rise of AI technologies, is a major factor behind this significant energy use. Ermengarde Jabir, a senior economist at Moody’s, highlights the immense power requirements of data center hubs within the EU. 

For instance, data centers in Amsterdam demand approximately 950 megawatts of energy capacity, while those in Dublin require over 700 megawatts. Similarly, data centers in Paris and Frankfurt have comparable energy needs to Dublin. To put this in perspective, 1 megawatt of power is sufficient to power between 750 to 1,000 homes for an entire year. Notably, the world’s largest data center hub, located in northern Virginia, has a staggering capacity of 4,500 megawatts. 

The EU's new reporting rules, along with any subsequent regulations aimed at reducing energy consumption, currently apply only to data centers within EU member states. However, EU environmental regulations often serve as a model for other regions, with the notable exception of North America, according to Cándido García Molyneux, an environmental lawyer based in Brussels with the law firm Covington & Burling. “When the EU adopts these reporting requirements, it is very likely that many other countries will follow suit,” Molyneux explains. He also notes that nations aspiring to join the EU or engage in trade with the EU may need to comply with these energy regulations. 

Moreover, the EU has already implemented government procurement regulations focused on energy efficiency. Companies providing cloud or web-based services to EU residents and businesses from data centers outside the EU might also face future energy use regulations. The EU’s drive to reduce energy consumption is motivated by several factors, including the desire to phase out fossil fuels and decrease dependence on foreign energy sources, according to Moody’s Jabir. 

Although efforts to reduce energy consumption began before the conflict in Ukraine, the war has intensified the EU's resolve to cut imports of Russian oil, gas, and coal. The introduction of energy and water use reporting rules marks an early step toward broader regulation. While some energy experts believe most data center operators are prepared to comply, Molyneux anticipates challenges for certain operators. Smaller data center operators might not be aware of the new rules, and others could struggle to gather the required information in time. 

In summary, the EU’s new reporting requirements for data centers represent a crucial move toward greater transparency and accountability in energy and water use. By enforcing these regulations, the EU aims to achieve substantial reductions in energy consumption, contributing to broader environmental and sustainability goals.
Read more »
Subscribe to: Posts (Atom)