Take on tech: Cyber rules and the DOJ, internet providers and FCC, and a dreaded spider

Our irregular roundup of developments in cybersecurity, AI, and other eye-catching tech initiatives.

Last week, Jessica Rosenworcel, chairwoman of the Federal Communications Commission (FCC), announced the formation of a cross-agency Task Force to Prevent Digital Discrimination that focuses on creating rules and policies to combat digital discrimination. It also aims to promote equal access to broadband throughout the United States.

The policies will enable the agency to review and investigate instances of discrimination by broadband providers to different communities based on income, race, ethnicity and other protected classes by examining how those providers built, upgraded or maintained internet access there.

The task force will create a framework for the FCC to surveil and put an end to a range of digital inequities, including disparities in the investment of services among different neighborhoods, and the complete lack of internet access some communities experience due to socioeconomic inequality.

Congress required the agency to adopt rules addressing digital discrimination after passing bipartisan infrastructure legislation at the start of the Biden administration.

SEC’s cyber rules and DOJ’s role

The SEC’s new cybersecurity rules go into effect next month, and the Department of Justice (DOJ) plans to issue details about how it sees its role vis-à-vis the SEC in enforcing them. A top SEC official spoke about the agency’s plans at the Aspen Cyber Summit last week

The SEC’s rules mandate that publicly traded companies disclose a material cyber incident within four business days via an 8-K filing. But the rules note that companies can delay such disclosure for up to 30 business days if the attorney general determines the event poses a national security risk.

That’s the part the DOJ needs to more fully explain. How can the DOJ make that determination within that four-day window, and how can it encourage companies to come forward quickly enough to do it.

CISA’s guidance to healthcare orgs

The Cybersecurity and Infrastructure Security Agency (CISA) has a new plan for healthcare organizations and hospitals trying to fend off ransomware and nation-state cyberattacks, which it issued last month. Last week, it released a document with specific mitigation guidance for healthcare and public health organizations that spells out how to beef up their cybersecurity practices, from basic multifactor authentication for logins, to better tracking of employee access, to implementing advanced encryption standards.

The report includes practical advice and helps organizations prioritize risks. It’s all voluntary, but after suffering increasingly numerous and destructive cyber attacks in recent years, the healthcare sector might be particularly ready to read and use the guidance.

(Also: New York plans to issue cybersecurity regulations for hospitals, after a series of attacks crippled operations at medical facilities, Governor Kathy Hochul announced last week.)

That persistent Scattered Spider

The FBI confirmed last week that it is actively investigating Scattered Spider, which is presumed still to be attacking US businesses. But the Bureau said it cannot not effectively do its job because not enough companies are coming forward to disclose the hacks.

Scattered Spider is a major hacking group presumed to be behind the attacks on a number of major US corporations in recent months, including MGM Resorts, Clorox, and Caesars Entertainment.

The FBI, along with CISA, released an advisory last Thursday detailing how Scattered Spider typically launch their attacks so businesses could be more prepared.

It is not clear what more the FBI can do to make companies come forward with this information; the Bureau has already said it will not disclose the company’s identity when it comes forward. But that does not mean companies want the FBI digging around in their networks – or want to open another avenue to litigation as multiple investigations ensue.

Direct air capture

In climate tech news, a group of large US businesses have joined forces to offer financing to companies that provide direct air capture (DAC) technology.

Those large businesses include Stripe, Alphabet, Shopify, Meta, McKinsey and JPMorgan Chase. And the DAC companies are Heirloom and CarbonCapture, which are using different methods to absorb CO2 gas and release it safely in another state or otherwise completely remove it.

The large firms funding the initiative have pointed out that they are carefully vetting the startups and their removal methods, and not just throwing cash at the project.

Speaking of climate tech, companies offering such products and services raised an impressive $16.6 billion in the third quarter of 2023, the highest quarterly total in almost two years, according to a new Energy Transition Investment Trends report offered by BloombergNEF.

The report noted that funding from venture capitalists and private equity firms for such projects increased more than 60% from the second quarter, with companies focused on decarbonizing the environment seeing the greatest growth in investments.