National

The Government notified telecoms to report security incidents within specified timelines

The Government of Bharat has notified the telecom through various measures, including specified timelines for telecoms to report security incidents and make disclosures. The rules will also empower government agencies to seek traffic data and any other data (other than the content of messages) from a telecom entity to ensure cyber security. It is mandated that telecoms adopt cyber security policies, which include security measures, risk management approaches, skill training, network assessment, and testing.

“The central government, or any agency authorised by the central government, may, to protect and ensure telecom cyber security, seek from a telecommunication entity, traffic data and any other data, other than the content of messages, in the form and manner as may be specified by the central government on the portal; and direct a telecommunication entity to establish necessary infrastructure and equipment for collection and provision of such data from designated points to enable its processing and storage,” read the rules incorporated under the new Telecom Act. Telecom institutions must appoint a Chief Telecommunication Security Office (CTSO) and report incidents within six hours to the Centre along with relevant details of the affected systems, including a description of incidents. ^[1]

ICRA Analytics and BitSight are looking to collaborate in the Bharatiya Cyber Security market.

Through a collaboration with BitSight— a global cyber risk management firm- ICRA Analytics Limited has announced its entry into Bharat’s $3-5 billion cyber security market. “The Indian cyber security market is estimated to be valued at approximately $3-5 billion and is expected to grow at a CAGR of 13-15 per cent over the next five years. ICRA Analytics expects this foray to support its business growth in the future,” said ICRA Analytics’ MD and CEO— Jayanta Chatterjee. Without highlighting any business projections, Chatterjee added that “our collaboration with BitSight will enable us to deliver next-generation cyber risk solutions across India. This strengthens our bouquet of offerings under the risk management platform and ensures access to superior quality cyber risk management frameworks for our clients.”^[2]

Arctic Wolf opened its first “Global Capability Centre” in Bharat.

The United States (U.S.)—based cyber security firm— Arctic Wolf opened its first Global Capability Centre (GCC) in Bengaluru, Bharat. The firm plans to recruit around 150 employees by mid-2025, mainly in core Research and Development (R&D) roles in threat intelligence and Artificial Intelligence (AI). The Centre will drive innovation and product development and enhance the firm’s security operation platform.

“Our mission is to end cyber risk for organisations of all sizes, and the research and development work that will happen out of Bharat (India) will be a major enabler in furthering this goal,” said Dan Schiappa, Chief Product and Service Officer, Arctic Wolf. ^[3]

“Cyber security safeguards in place to protect sensitive information”: Government advised on IAF-Uber MoU.

In response to a question raised on the Indian Air Force (IAF) and Uber Services’ MoU, the Minister of State of Defence— Sanjay Seth, said that “various cyber security safeguards are in place to protect sensitive information and the location of IAF personnel and their families as part of the agreement. The only data to be shared under the MoU was the e-mail, other than the official e-mail IDs of the IAF personnel.” The MoU signed between IAF-Uber MoU pertains to transportation services for personnel, veterans, and their families. The MoU and Mutual Non-Disclosure Agreement (MNDA) was signed on 17 October 2024. ^[4]

International

The Australian Government passed legislation banning teenagers below 16 years of age from using social media.

According to the first-of-its-kind law passed by the Australian Government, children and teenagers under 16 years will be banned from using social media. The new rules would not be applied for another year to allow social media companies time to comply. As per the law, anyone under 16 cannot use social media platforms, including TikTok, Snapchat, Instagram, and Facebook. The ruling Government and coalition argue that the move is necessary to protect teenagers’ mental health and well-being. The major parties had moved quickly to pass the legislation before the end of the parliamentary year, despite reservations from some Coalition MPs, the Greens and independents who called for more time and greater scrutiny.

As per the new law, social media companies could be fined up to AUD$50 million for failing to take “required” steps to keep under 16s off their platforms. However, there are no penalties for young people or parents who ignore the rules. Social media companies also won’t be able to force users to provide government identification, including the Digital ID, to assess their age. “Messaging apps,” ‘online gaming services”, and “services with the primary purpose of supporting the health and education of end-users” will not fall under the ban, as well as sites like YouTube that do not require users to log in to access the platform. ^[5]

On the back of Meta’s Llama, Chinese researchers created an AI model for military use.

In June 2024, six Chinese researchers from three institutions linked to the People’s Liberation Army (PLA) used Meta’s publicly available AI model— Llama, to develop an AI tool— “ChatBIT” for military applications. Out of three, two institutions are under PLA’s leading research unit— the Academy of Military Sciences (AMS). The researchers used an earlier Llama 13B Large Language Model (LLM) from Meta (META.O), incorporating their parameters to construct a military-focused AI tool to gather and process intelligence and offer accurate and reliable information for operational decision-making.

“ChatBIT”, an AI tool, was fine-tuned and optimised for dialogue and question-answering tasks in the military field. It outperformed some other AI models that were roughly 90 per cent as capable as OpenAI’s powerful ChatGPT-4. The researchers did not elaborate on how they defined performance or specify whether the AI model was implemented. ^[6]

North Korean hackers stole billions in crypto in a job-related scam.

According to cyber security researchers, North Korean hackers are posing as prospective employees seeking work at multinational corporations to earn money for the North Korean regime and steal corporate confidential information that benefits its weapons programme. Over the last ten years, these hackers stole billions of dollars in cryptocurrency to fund the country’s nuclear programme, dodging international sanctions. “North Korean IT workers have already infiltrated “hundreds” of organisations around the world by creating false identities while relying on U.S.-based facilitators to handle their company-issued workstations and earnings to evade the financial sanctions that apply to North Koreans,” said Microsoft’s security researcher— James Elliott. ^[7]

“Online influencers need urgent fact-checking training”: UNESCO

According to a report by the United Nations Educational, Scientific and Cultural Organisation (UNESCO), two-thirds of the content creators on social media platforms fail to verify the accuracy of their material, making them and their followers vulnerable to misinformation. “The low prevalence of fact-checking highlights their vulnerability to misinformation, which can have far-reaching consequences for public discourse and trust in media,” read the report. Six out of ten creators stated that they had not validated the accuracy of their content before sharing it with the audience, and the study discovered that creators did not typically consult or refer to official sources such as government documents and websites.

UNESCO has teamed up with the U.S.A.-based Knight Centre for Journalism in the Americas – part of the University of Texas – to offer an online course on “how to be a trusted voice online”, which includes modules on fact-checking and creating content about elections or crises. UNESCO said 9,000 influencers had already registered for the free, month-long course. ^[8]

Endnotes

^[1] PTI. “Govt notifies telecom cyber security rules; sets timelines for telecos to report security incidents”, ET Telecom, 22 November 2024, available from: https://telecom.economictimes.indiatimes.com/news/policy/govt-notifies-telecom-cyber-security-rules-sets-timelines-for-telcos-to-report-security-incidents/115565713
^[2] PTI. “ICRA Analytics enters $3-5bn Indian Cyber Security market with BitSight”, ET Telecom, 27 November 2024, available from: https://telecom.economictimes.indiatimes.com/news/internet/icra-analytics-enters-3-5bn-indian-cyber-security-market-with-bitsight/115714982
^[3] ETech. “Cyber Security firm Arctic Wolf opens first India GCC in Bengaluru”, ET Telecom, 08 October 2024, available from: https://telecom.economictimes.indiatimes.com/news/internet/cyber-security-firm-artic-wolf-opens-first-india-gcc-in-bengaluru/114049372
^[4] PTI. “Cyber Security safeguards in place to protect sensitive information: Govt on IAF-Uber MoU”, Economic Times, 27 November 2024, available from: https://economictimes.indiatimes.com/news/defence/cyber-security-safeguards-in-place-to-protect-sensitive-information-govt-on-iaf-uber-mou/articleshow/115741512.cms
^[5] Truu, Maani. “Children and teenagers under 16 to be banned from social media after parliament passes world-first laws”, ABC News, 28 November 2024, available from: https://www.abc.net.au/news/2024-11-28/social-media-age-ban-passes-parliament/104647138
^[6] Pomfret, James and Jessie Pang. “Chinese researchers develop AI model for military use on back of Meta’s Llama”, Reuters, 01 November 2024, available from: https://www.reuters.com/technology/artificial-intelligence/chinese-researchers-develop-ai-model-military-use-back-metas-llama-2024-11-01/
^[7] Whittaker, Zach. “North Korean hackers have stolen billions in crypto by posing as VCs, recruiters and IT workers”, TechCrunch, 28 November 2024, available from: https://techcrunch.com/2024/11/28/north-korean-hackers-have-stolen-billions-in-crypto-by-posing-as-vcs-recruiters-and-it-workers/
^[8] Milmo, Dan. “Online influencers need ‘urgent’ fact-checking training, warns Unesco”, The Guardian, 26 November 2024, available from: https://www.theguardian.com/media/2024/nov/26/online-influencers-need-urgent-fact-checking-training-warns-unesco