United States: SEC Unveils New Cybersecurity Initiatives, SEC Chair Updates Senate Committee On EDGAR System Breach

The SEC introduced two new initiatives that will enhance efforts of the Enforcement Division to monitor and address issues related to cybersecurity.

First, the SEC announced the creation of a Cyber Unit, which will "focus the Enforcement Division's substantial cyber-related expertise on targeting cyber-related misconduct." The new Cyber Unit will address:

• market manipulation schemes including the spread of false information through social media;
• hacking;
• violations related to distributed ledger technology (i.e., blockchain) and initial coin offering;
• dark web-related misconduct;
• interference in retail brokerage accounts; and
• cyber threats to trading platforms.

The Cyber Unit will be led by Robert A. Cohen, who most recently served as the Co-Chief of the Market Abuse Unit.

Second, the SEC announced the creation of a Retail Strategy Task Force. The task force will "develop proactive, targeted initiatives to identify misconduct impacting retail investors." The task force will utilize data analytics and technology to uncover significant misconduct in this area.

The SEC announcement comes on the heels of the recent disclosure by the agency that its own EDGAR filing system had been breached in 2016 and that hackers might have used stolen material nonpublic information to engage in trading (see  previous coverage). In recent testimony before the U.S. Senate Banking Committee, SEC Chair Jay Clayton provided an update on the 2016 SEC EDGAR system cybersecurity breach. He detailed the SEC response to the 2016 cybersecurity attack on the SEC EDGAR system. Chair Clayton stated that the incident was reported immediately to Homeland Security. He reported that the results of an internal review provisionally indicate that remediation efforts have been successful and that personally identifiable information was not accessed. The ongoing investigation consists of two parts: (i) determination of the scope and effects of the intrusion, subsequent response efforts and any related vulnerabilities, and (ii) investigation of the potential subsequent illicit trading of information exposed via the breach. In his testimony, Chair Clayton committed to improving internal cybersecurity controls to prevent future incidents.

Commentary / Joseph Facciponti

The creation of a dedicated Cyber Unit within the SEC should be viewed as a positive development among those who are worried that malicious hackers and cybercriminals are becoming a serious threat to investors and markets. One hopes that the SEC's Cyber Unit will be a valuable ally and resource for financial services firms seeking to prevent those hackers from defrauding investors and disrupting markets.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.