Tech
UK government renews calls to sign Cyber Resilience Pledge | Computer Weekly
As the much-vaunted Cyber Security and Resilience Bill looks set to continue its progress through parliament following the King’s Speech on Wednesday 13 May, the UK government has urged businesses to sign up to its Cyber Resilience Pledge
First trailed last month by security minister Dan Jarvis at the National Cyber Security Centre’s (NCSC’s) annual CyberUK conference, the pledge will launch later this year and sets out three concrete actions that organisations should be taking: making cyber security a board-level responsibility; signing up to the NCSC’s Early Warning Service; and requiring Cyber Essentials certification across their supply chains.
“Cyber security is now fundamental to economic growth, job creation and the resilience of the services people rely on every day,” said cyber security minister Baroness Lloyd.
“The UK has a world‑class cyber sector that is creating skilled jobs and protecting our economy – and government is doing more by investing in its own defences, legislating to require more of essential services and setting clear national standards,” she said.
“As threats evolve, businesses of all sizes need to step up and take practical action now. The Cyber Resilience Pledge is a clear call for companies to strengthen their defences, protect their customers and play their part in keeping the UK secure and competitive,” added Lloyd.
Cyber growth
The pledge forms part of a wider series of actions to shore up Britain’s cyber defences in light of fast-evolving, artificial intelligence (AI) enabled threats, and boost the nation’s cyber sector.
According to newly-released figures, the cyber security industry contributed £14.7bn to the economy in 2025, up 11%, with the number of British security firms growing by 20% to 2,063, and the number of people employed in the sector up by 2,300.
The government urged business leaders to harness the expertise and innovation of this new wave of startups to drive adoption of more secure technology – such as the use of memory safe programming languages such as Java or Rust, which can help protect against illicit memory access by bad actors. Westminster highlighted research undertaken by the AI Security Institute (AISI) and warned that traditional cyber protections alone are no longer enough.
It also highlighted the growing number of AI-centric security products and services, the availability of which grew by 68% in 2025, reinforcing the UK’s status as an innovation leader, and an early-responder to new security threats, and added that the AISI’s advanced capabilities demonstrated that the country is not standing still in response to the problem.
The government’s latest announcement on the topic comes as the International Monetary Fund (IMF) warns that AI-powered cyber attacks may precipitate a global financial crisis if left unchecked.
The organisation said that the debut of frontier models such as Mythos highlighted significant governance challenges and warned that inconsistent oversight from country to country could weaken the interconnected financial system – a risk it deemed particularly acute for emerging and developing economies.
The IMF called for more international coordination, information-sharing, and expanded capacity if global financial stability is to be preserved.
Starting today, eager customers of the US pizza restaurant chain Papa Johns living in one corner of southern North Carolina will have the opportunity to receive their food from the sky, thanks to a new collaboration with Alphabet’s drone company, Wing. But Papa Johns’ signature pizzas won’t be on offer. Instead, drone-loving North Carolinians will have to choose between three kinds of sandwiches, a newer product for the fast-food chain: Philly cheesesteak, chicken bacon ranch, or steak and mushroom varieties.
Drone deliveries are popping up in more communities across the US and the world. Questions about the long-term economics and regulatory picture around unmanned aerial vehicles persist, but Wing boasts partnerships with Walmart, Panera, and DoorDash and is delivering through the sky to customers in four metro areas: Atlanta, Charlotte, Dallas-Fort Worth, and Houston. (In 2019, Wing received the US Federal Aviation Administration’s first certificate allowing a drone delivery company to operate in the country.) Competing drone companies, including Zipline, Amazon Prime Air, and Flytrex, fly packages, medical supplies, and Chipotle burritos in select communities across countries like Ghana, Japan, and the US.
But until very recently, drone operators have struggled to fly full-size pizzas. For companies hoping to break into the food delivery space, this is unfortunate: 11 percent of the US population eats a slice on any given day, according to the US Department of Agriculture. In a fast-diversifying restaurant industry, getting them to customers is still big business. But the realities of physics, engineering, and the restaurant business conspire to make pizzas a challenge for drones.
Flying Pizzas
Traditionally, pizza is the experimental tech delivery of choice. The familiar and cheap cheese-sauce-bread combo has been loaded onto self-driving cars and autonomous sidewalk delivery vehicles and has been assembled by robots. It’s a fast and satisfying option, especially for busy families tight on time. And theoretically, a great fit for automated drones, among one of the faster delivery options—people love fresh, piping-hot pizza.
But transporting one by drone requires some extra work, says Wing CEO Adam Woodworth. “Pizza comes in a very different box, with a big, flat surface area,” he says. They’re not naturally aerodynamic. Also, “you don’t want a pizza tilted.”
Wing’s relatively lightweight drones are engineered to carry three specific package sizes; right now, pizza boxes aren’t one of them. Woodworth says a new design is on the horizon. “I want to see pizzas coming at me from the sky,” he says.
Flytrex, an Israel-based drone delivery company, announced late last month that it had finally solved the problem. In collaboration with rival pizza chain Little Caesars, the company began delivering via drone up to two large pizzas (16 inches each), plus sodas and bread, in Wylie, Texas, a suburb of Dallas. The leap comes courtesy of a much bigger new drone, capable of carrying up to 8.8 pounds for four miles.
Courtesy of Flytrex
Utility operator South Staffordshire Plc and its subsidiary South Staffordshire Water Plc have been fined a reduced rate of £964,900 by the Information Commissioner’s Office (ICO), following improvements made after a Cl0p ransomware attack that led to the personal data of over 600,000 people being leaked onto the dark web.
The cyber attack itself came to light in August 2022, and was at first the source of some confusion when the Cl0p gang misidentified its victim and claimed it was attacking and extorting Thames Water. The cyber criminals even published a lengthy rant against Thames Water and accused it of ignoring them, and not caring about its customers. The hapless cyber crooks’ erroneous claims were widely repeated across the UK media at the time.
The exposed data included personal details of South Staffordshire customers, such as full names, birthdates and gender information, account information including credentials for online services, financial data including bank account numbers and sort codes, and contact details including email and postal addresses, and phone numbers.
A small percentage of customers listed on the Priority Service Register had information exposed from which medical information may have been inferred, and a small number of employees were also affected by a leak of human resources data including National Insurance numbers.
The ICO said the incident exposed “significant failures” in its approaches to data security, and left both its customers and employees vulnerable for years.
“Customers do not have the choice over which water company serves them – they are required to share their personal information and place their trust in that provider,” said Ian Hulme, ICO interim executive director for regulatory supervision.
“It is therefore essential that water companies honour that trust by taking their data protection responsibilities seriously.”
Lying low
Although the cyber attack itself took place in 2022, the incident in fact dates back to 2020, when an individual at South Staffordshire fell for a phishing email that enabled the threat actors to install malware on its systems undetected.
Though it is unclear whether or not Cl0p first hacked South Staffordshire’s systems itself or obtained the keys through an initial access broker (IAB), by May of 2022 – 20 months later – the gang started to move laterally through South Staffordshire’s network and was able to compromise domain administrator privileges. However, Cl0p’s presence was not detected until the middle of July, when IT performance issues prompted an internal investigation.
On 26 July 2022, South Staffordshire’s IT teams reported a personal data breach to the ICO – then, two days later, discovered a ransom note that Cl0p had tried to distribute to staff members – apparently without success.
However, the extent of the data leak did not become apparent for another four months, when South Staffordshire discovered that over 4.1 terabytes of data had been published.
In the course of its probe, the ICO said it had found South Staffordshire had not implemented appropriate security controls required of it in UK law. Failings included limited controls that enabled Cl0p to elevate its privileges, inadequate monitoring and logging that failed to detect its activity, the use of obsolete software – including Windows Server 2003, and inadequate vulnerability management, with systems left unpatched, and internal and external security scanning not undertaken.
“The steps that South Staffordshire failed to take are established, widely understood and effective controls to protect computer networks,” said Hulme. “The ICO expects all organisations – and particularly those handling large volumes of personal information as part of critical national infrastructure – to have these in place.
“Waiting for performance issues or a ransom note to discover a breach is not acceptable,” he added. “Proactive security is a legal requirement, not an optional extra.”
Cyber improvements
The ICO said the total fine of just under a million pounds – which is a 40% reduction on the initial amount proposed – was a voluntary settlement that reflected South Staffordshire’s representations and accounted for various improvements made in the wake of the incident, as well as the proactive support the organisation offered to those affected, and its engagement with regulators and the National Cyber Security Settlement.
It added that South Staffordshire had made an early admission of liability, and in accepting its findings, agreed to pay the penalty without further appeal.
“We welcome South Staffordshire’s early admission and cooperation in this case, allowing us to reach a voluntary settlement and save resources,” noted Hulme.
South Staffordshire has been contacted for comment but had not responded to our inquiries at the time of publication.
A major oil company is seeking a state tax break in Texas worth hundreds of millions of dollars to build a massive power plant. The energy won’t be going to residential customers, though. Instead, the gas plant will be used to power a data center whose eventual tenant could be Microsoft.
Chevron subsidiary Energy Forge One has filed an application with the State Comptroller’s board to obtain a tax abatement for a power plant it’s building in West Texas. In late January, the comptroller’s office made a recommendation to support the application’s approval—the first such approval under the program for a power plant intended solely for data center use.
In March, following news reports that Microsoft was looking into purchasing power from the Energy Forge project, Chevron said that it had entered into an “exclusivity agreement” with Microsoft and Engine 1, an investment fund involved in the project. In January, Microsoft pledged to be a “good neighbor” in communities where it is building data centers, including promising to pay a “full and fair share of local property taxes.”
The potential tax abatement for the project comes as big tech companies are battling rising public fury about data centers and electricity costs. It also comes as lawmakers start to cast a more critical eye on ballooning incentives for data centers, some of which have cost some states—including Texas—$1 billion or more each year.
Chevron spokesperson Paula Beasley told WIRED in an email that all tax incentives under consideration for the Energy Forge project “apply solely to the power generation facility” to “support new energy infrastructure, and do not extend to any future data center facilities that may be served.” Beasley also said that there is currently “no definitive agreement” with Microsoft for this power plant.
“Microsoft is in discussions with Chevron,” Rima Alaily, Microsoft’s corporate vice president and general counsel for infrastructure, said in a statement to WIRED. “No commercial terms have been finalized, and there is no definitive agreement at this time.”
Chevron is applying for a tax abatement for the project under Texas’ Jobs, Energy, Technology, and Innovation (JETI) Act. Passed in 2023, the program is intended to incentivize businesses to build large infrastructure projects in the state in exchange for guarantees to bring jobs and revenue. Accepted projects get a cap set on the amount of taxable property they can be charged through local school district taxes.
The Pecos-Barstow-Toyah school board approved the project’s application at a meeting in February. The state pays for the tax abatement, so the school district itself does not lose out on any money.
According to documents from the state, the Chevron project could net more than $227 million in savings for the company over a 10-year period, depending on the eventual size of the project and investment. The application says the plant will provide “over 25 permanent, full-time jobs,” though there’s no requirement to do so because it’s considered an electricity generation facility.
The planned gas plant won’t connect to the grid, instead providing “electricity for direct consumption by a data center,” according to its application. So-called behind-the-meter gas plants have become increasingly popular for data center developers facing yearslong waits to connect to the grid. According to data from nonprofit Global Energy Monitor, the US at the start of the year had nearly 100 gigawatts of gas-fired power in the development pipeline solely to power data centers, with several more massive gas projects announced since the data was published.
A WIRED analysis of less than a dozen power plants being constructed to explicitly serve data centers, including the Chevron project, found that these power plants are permitted to emit more greenhouse gases than many small- to medium-size countries. The Energy Forge plant alone could emit more than 11.5 million tons of CO2 equivalent annually—more than the country of Jamaica emitted in 2024. Beasley told WIRED that the plant “is being designed to comply with applicable environmental regulations, including all applicable federal and state air quality standards.”
GM cutting hundreds of salaried IT workers as it trims costs, evaluates needs
SIMA hails India’s ECLGS 5.0 support amid West Asia crisis
Prince William backs Villa at James’ Place as Istanbul final plans loom
-
Politics1 week agoIran weighs US reply delivered via Pakistan as Trump signals opposition to deal terms
-
Fashion1 week agoUS cotton export sales show strong recovery, Upland rise 36%
-
Sports1 week agoSajid Ali Sadpara summits world’s fifth-highest peak
-
Tech1 week agoDHS Demanded Google Surrender Data on Canadian’s Activity, Location Over Anti-ICE Posts
-
Business1 week agoHeineken to invest £44.5m in hundreds of pubs creating 850 jobs
-
Business1 week agoGovernment notifies FDI changes on China funds – The Times of India
-
Fashion1 week agoMiddle East conflict clouds India’s FY27 GDP forecast of 7-7.4%: Govt
-
Business1 week agoUK airlines to be allowed to cancel flights in advance over fuel shortages