Hello and welcome back to Citizen Tech, InformationWeek’s monthly policy roundup. This month we’re looking into cyber incident reporting for banks, the semiconductor chip shortage, the European Union’s battle with Big Tech, President Biden’s broadband plans, and more.
Banks Must Report Cyber Incidents
On November 18, the FDIC announced a new rule for cyber incident reporting for banks. As of May 1, 2022, a financial institution will have 36 hours to notify its primary federal regulator of any significant cybersecurity incident, and to notify customers as soon as possible of any disruption of service that lasts four or more hours.
The rule covers all bank functions and services, as defined by the Bank Service Company Act. It will likely include fintech firms.
Every discussion of cybersecurity regulation in the United States seems to find its way back to notification protocols — mostly that they don’t exist. The FDIC’s announcement is an important step toward the creation of a cohesive, cross-industry reporting framework.
Still, expect resistance from companies. The FDIC’s announcement acknowledges that the 36-hour rule was controversial, with many banks arguing that it was too narrow a window to identify the problem and react.
Biden Buoys, Bungles Broadband
After months of argument and promises, President Biden’s Infrastructure Investment and Jobs Act passed into law, with major significance for the tech sector.
NextGov noted that a massive $42.45 billion will go to the Broadband Equity, Access, and Deployment Program, with each state receiving $100 million. The plan is to bring broadband access to underserved parts of the US, particularly rural areas. Almost $6 billion will go to similar programs.
All this sounds like welcome news, but POLITICO was quick to disagree, saying the bill makes a dog’s breakfast of meaningfully closing the digital divide. At fault are maps: The FCC and state governments can’t reliably locate broadband dead spots. One regulator has claimed that the federal estimate on broadband availability is off by an incredible 80% in one rural Mississippi county.
According to Pew Research data released in August, rural Americans tend to lag behind their city compatriots by about 8% to 10% percent in key technology markers. So whereas 89% of urban Americans own a smartphone, only 80% of rural Americans have one. Home broadband is at 72% in the countryside, but the urban and suburban figures aren’t much better: Seventy-seven percent and 79%, respectively. (There’s an ethnic divide, too: Only 65% of self-identified Hispanic adults have home broadband.)
These low figures are a serious vulnerability, as the shift to remote work and online school made clear last year.
More Chips for Everyone
Anyone who thought technology had conquered geography has finally learned their lesson. As ships and trucks sit idle, the Chinese semiconductors that industries like electrical car manufacturing rely on are becoming scarce.
Both the Biden administration and the European Commission have made efforts this month to boost domestic chip production. American lawmakers are made significant progress this month toward passing the CHIPS Act, which would incentivize semiconductor manufacturing in the US. The Senate’s bill would give $52 billion to semiconductor production alone.
The Biden administration, in the person of commerce secretary Gina Raimondo, has encouraged the drive to wean American industry off foreign chips, as has a bipartisan group of nine governors. Prominent among these governors is Michigan’s Gretchen Whitmer, a reminder that the future of the automotive industry is electric and depends on a consistent supply of semiconductors.
Said Raimondo to reporters ahead of an appearance at the Detroit Economic Club (via The Detroit News), “We’re at an inflection point and we have to make choices. If we’re serious about restoring American leadership in the global economy, we have to start by rebuilding our semiconductor industry so we can meet the demands of this moment.”
Meanwhile, in Brussels, the Van Der Leyen Commission is considering its own CHIPS Act to raise European chip production from 10% to 20% of the global supply. Margrethe Vestager, longtime commissioner for competition, announced this month that the Commission would not be averse to pumping money into chip production in Europe, reports Reuters.
Of course there are objections to this, and of course the objections break down along geographical lines. French president Emmanuel Macron (channeling De Gaulle) has urged for more generous subsidies from Brussels, while Dutch and Irish lawmakers have wagged their fingers at any potential antitrust violation.
“Each case for the supply of semiconductors will be rigorously assessed based on their respective merits, so as to ensure that a project has a European nature and of course avoid a subsidy race within the union and beyond,” said Vestager.
Reuters quotes management consulting firm Kearney’s estimate that one “mega-semiconductor factory” could add up to 85 billion euro to European GDP over the next decade.
EU’s Digital Decade
Expect more and more tech news from the EU. On November 10 the European Commission announced the adoption of three new campaigns for its Digital Europe Programme, to the tune of 2 billion euro. The biggest of these new programs will fund investment in everything from artificial intelligence to cloud and quantum infrastructure, with 1.38 billion euro to last until the end of 2022. The other two pump money into cybersecurity and a network of “digital innovation hubs.”
The Commission’s press release stresses that the new data spaces created by these programs will not be restricted by borders, and will favor (at least in theory) small- to medium-sized businesses and startups. Funding for digital skills training is also included.
A fact sheet on the Digital Europe Programme is available on the Commission’s website.
The announcement comes, perhaps unsurprisingly, on the heels of the European Parliament’s rebuke of American Big Tech firms. On November 8, MEPs invited Facebook whistleblower Frances Haugen to Strasbourg as part of the deliberations over a proposed Digital Services Act, which would counter targeted advertising, opaque algorithms, unaccountability, and illegal web content. Cough, cough.
POLITICO walked through the implications of the Digital Services Act, including child protection measures and an attempt to keep smaller, European tech firms from being squashed.
Make no mistake: the narrative in Brussels and Strasbourg has good guys and bad guys, and the bad guys are exclusively American and Chinese (TikTok especially). A shocking POLITICO graphic, drawn from 2020 NASDAQ and World Bank data, shows that they may have something of a point: Apple’s market capitalization is slightly greater than France’s total GDP. Facebook is worth more than Holland.
US, UK, and Australia Denounce Iranian-Sponsored Cyber Attacks
On November 17, security agencies from the United States (FBI and CISA), the United Kingdom (NCSC), and Australia (ACSC) released a
joint advisory identifying a new advanced persistent threat (APT), a criminal organization sponsored by the Islamic Republic of Iran.
The advisory claims that this new threat, which includes actors like the Fox Kitten group, is responsible for a number of infrastructure attacks in the US and Australia, including in the public health sector, throughout 2021. They seem to focus on known vulnerabilities, chinks in the armor of Microsoft Exchange ProxyShell and Fortinet among others, to deploy ransomware.
The advisory warns that follow-on operations can include or have included data exfiltration or encryption, as well as the (by now normal) ransomware.
Crypto in India: Don’t Expect a War
It’s not a secret that cryptocurrencies make central banks nervous: Bitcoin and the like exist to flout regulation and control. So far, few national governments have dared ban cryptocurrency outright; we’ve seen a few years of cold war, with the American Securities and Exchange Commission publicly sniping at Terraform Labs, for example, and many governments mulling a ban on mixers.
Turkey, whose lira is in freefall, is moving toward an outright ban. Nigeria attempted a ban, but remains the second-largest Bitcoin market in the world. In Russia, the Kremlin’s stance is ambiguous, as rumors of a CryptoRuble make the rounds. But China is the only major international power to successfully outlaw crypto transactions by its citizens, full stop.
Now, India may be joining them. A new bill, the Cryptocurrency and Regulation of Official Digital Currency Bill, 2021, “seeks to prohibit all private cryptocurrencies in India, however, it allows for certain exceptions to promote the underlying technology of cryptocurrency and its uses.”
According to the BBC, the news caused rather small waves in the crypto markets: Bitcoin fell 13% in India, and Dogecoin dropped by 15%. There was no dramatic fall, particularly for the infamously volatile crypto market.
This suggests that the Indian Mutiny may not be as serious as it sounds. India’s Financial Express points to the many failed bans (see Nigeria) and shrugs its shoulders. The wording of the bill, too, waters down the ban a bit. What are the “certain exceptions,” and for whom do they apply?
What to Read Next:
Cyber Conflict Between US and Iran Heats Up (from Dark Reading)