October 13, 2017

Edgar Vulnerable to “Denial of Service Attacks”!

Recently, I blogged how the SEC’s Edgar is critical to a transparent financial market – and how the recent hack of Edgar is serious business. This Reuters article notes that Edgar could be at risk from “denial of service” attacks. Even worse news comes from this excerpt:

The memo shows that even an unintentional error by a company, and not just hackers with malicious intentions, could bring the system down. Even the submission of a large “invalid” form could overwhelm the system’s memory.

Hopefully, Congress will do the reasonable thing and give the SEC more resources (they need it in all sorts of areas – including to investigate when it is hacked, as noted in this article). Edgar arguably is held together with duct tape and no one should act surprised that it was hacked. The NSA can’t even avoid getting hacked.

By the way, this new bill that would subject credit bureaus – like Equifax – to federal cybersecurity reviews cracks me up. As if the federal government will be using its best cyber resources to review the security of outside entities – it can’t even protect its own systems…

Your Sensitive Information Was Accessed in a Government Hack? No Remedy?

This Davis Polk blog notes that those who have their personal information stolen during a hack of a government database are unlikely to have a remedy. And this Davis Polk blog wonders whether the hack of Edgar will result in a delay of the Consolidated Audit Trail (which will consist of a central repository for SROs and broker-dealers to submit extensive information in standardized formats regarding securities trading activity)…

The SEC’s New “Cyber” Unit: Getting the Band Back Together!

Last week, I blogged about the challenges that the SEC will face hiring cybersecurity experts given the extreme shortage of that resource. On a lighter note, it is interesting that the SEC’s Division of Enforcement disbanded its “Office of Internet Enforcement” in 2009, recognizing that the entire Division really should have expertise in that area. Now with the SEC creating a similar “Cyber” unit, John Reed Stark shared this great pic of his former office on LinkedIn:

Broc Romanek