Blog

To stay informed of the latest Security and Exchange Commission’s (SEC) cyber security rules, read this comprehensive article from Alex Sharpe. Links to resources included. 

SEC Adoption of Cyber Security Rules – the Bigger Picture and Their Significance

It was hard to miss the SEC’s passing of the first of three proposed Cyber Rule (File Number S7-09-22) last week. A lot has been written about the specifics but very little has been written about the bigger picture, its impact on senior leadership, and the long-term significance.

To quote Niels Bohr in the movie “Oppenheimer.”

“The important thing isn’t can you read the music, it’s can you hear it.”

While this article focuses on the bigger picture, along with the significance to senior leadership and to national security the mechanics are important. Additional reading and a list of resources is provided at the end to help you with the implementation.

The passing of this rule is one piece of a much larger mosaic.

The National Cyber Security Strategy released by the Office of the National Cyber Director, The White House “Cyber Czar” in March 2023 is all about Responsibility and Regulation. It is also about fostering tighter public/ private partnerships. The cyber rule recently passed by the SEC is an example of that strategy. This strategy can also be seen in the recently released National Cyber Security Strategy Implementation Plan along with actions from US Congress, the Federal Trade Commission, the U.S. Department of Energy (DOE), and the Transportation Security Administration (TSA).

Recent events demonstrate the National Cyber Security Strategy is more than just words on a page.

We are living through the most sweeping regulatory changes since Sarbanes-Oxley and Dodd-Frank.

The Wells Letters sent to past and present executives at SolarWinds is the first time ever a CISO has been advised the SEC is planning to bring enforcement action against a CISO.

We are seeing product vendors and service providers being held accountable for the security of their offerings. The chair of the powerful , Senator Ron Wyden (D-Oregon), sent a letter demanding the U.S. Department of Justice, Cybersecurity and Infrastructure Security Agency, and the Federal Trade Commission open separate probes into Microsoft’s “negligent cybersecurity practices” that led to high-level intelligence gathering activities against the U.S. President’s cabinet and potentially other western Allies.[1][2]

Key points include:

• Negligent cybersecurity practices
• Fostering tighter public/ private partnerships
• Public/ Private Partnership

Read the full article, SEC Cyber Security Rules – More Than Regulations and Transparency, on LinkedIn.