Feeds

SEC mulls how to save markets from hackers: How about a CRACK TEAM... of advisers?

Regulator also debates stricter disclosure rules on attacks

Internet Security Threat Report 2014

The Securities and Exchange Commission (SEC) invited security and finance experts to Washington yesterday to discuss cybersecurity issues and whether companies and stock markets should be required to immediately disclose attacks and invest in protecting their systems.

SEC commissioner Luis Aguilar said that the agency needed to set up its own cybersecurity task force, particularly in light of the recent high-profile attacks on companies like Target in the US. The team should be "composed of representatives from each division that will regularly meet and communicate with one another to discuss these issues, and, importantly, advise the Commission as appropriate", he said.

The SEC already requires public companies to disclose information on cybersecurity risks and cyber incidents, though this mostly comes in annual reports rather than on a case-by=case basis – and they only need to speak up if the attack could cause financial damage to the firm. But lawmakers, including Senator Jay Rockefeller, have called for the agency to make these disclosures mandatory.

“This is information every investor has a right to know,” Rockefeller said in a statement to Bloomberg. “Routinely providing this information should be a regular part of practicing business in the era of ‘big data'.”

SEC chair Mary Jo White said before the meeting in Washington that since the guidance on cybersecurity was introduced in 2011, her staff has continued to look at disclosure requirements and what it would take to protect critical infrastructure and these issues would be discussed at the roundtable.

She also said that she expected the SEC to move forward with a new proposed rule, Regulation Systems, Compliance and Integrity, this year. The rule would require stock markets and trading systems under its jurisdiction to test their automated systems for vulnerabilities and inform the commission of cyber attacks, as well as being able to recover their trading operations after technical difficulties within specific time frames.

Commissioner Aguilar pointed out that attacks on stock exchanges were rising: "According to a 2012 global survey of securities exchanges, 89 per cent identified cyber-crime as a potential systemic risk and 53 per cent reported experiencing a cyber-attack in the previous year," he said.

"The risks facing the capital market infrastructure and regulated entities are of particular concern to the SEC. For instance, a cyber-attack on an exchange or other critical market participant can have broad consequences that impact a large number of public companies and their investors.

"Indeed, given the extent to which the capital markets have become increasingly dependent upon sophisticated and interconnected technological systems, there is a substantial risk that a cyber-attack could cause significant and wide-ranging market disruptions and investor harm," he warned. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
NSA mass spying reform KILLED by US Senators
Democrats needed just TWO more votes to keep alive bill reining in some surveillance
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.