At a glance.
- SEC proposes new cybersecurity rules for broker-dealers.
- US calls for ByteDance to sell TikTok.
SEC proposes new cybersecurity rules for broker-dealers.
The US Securities and Exchange Commission (SEC) voted yesterday to propose three new rules focused on protecting consumer financial data and defending stock exchanges from hackers. The policies state that broker-dealers and money managers must maintain cybersecurity programs to prevent intrusions, and must notify impacted customers within thirty days of an attack. Broker-dealers, securities exchanges, and other entities will also be required to inform the SEC "immediately" of any "significant" incidents. Reuters notes that SEC Chairman Gary Gensler, in his prepared remarks, alluded to the headline-making implosion of lender Silicon Valley Bank while underlining the Commission's devotion to bolstering market resiliency. He also called the proposals "the first explicitly to address cybersecurity practices for the majority of these market entities." As these measures follow a slew of other SEC rules recently introduced under Gensler, proponents might argue that Gensler’s SEC is overly focused on rulemaking. The immediate notice rule could also provoke criticism, given the difficult nature of detecting and reporting such incidents quickly.
Chris Dorman, CTO of Cado Security, provided the following commentary, thinks this isn't a one-off regulatory move. "We are already seeing the SEC come down harder on public companies and banks that are not following proper cybersecurity disclosure processes to alert both consumers and key stakeholders," Dorman wrote. "With these new SEC cyber proposals, public companies and financial institutions will have to build a comprehensive incident response program that extends beyond the perimeter to the cloud. The insights that will be gleaned from the forensics of an incident will inevitably help the entire industry and allow the SEC to have better visibility into how these entities are or are not protecting themselves."
US calls for ByteDance to sell TikTok.
The battle between the US and TikTok continues as US officials demand that ByteDance, the Beijing-based company that owns the video-sharing app, sell its stakes. If it doesn’t, the Wall Street Journal reports, the White House is threatening to ban the app in the US. Insiders say the demands come from The Committee on Foreign Investment, a multiagency federal task force under the Treasury Department that evaluates national security risks in cross-border investments. The New York Times notes that the ultimatum signals a hardening of the Biden administration’s approach reminiscent of tactics used during the regime of former President Donald Trump.
TikTok spokesperson Brook Oberwetter responded by saying that selling the company wouldn’t actually remediate any potential security risk. “If protecting national security is the objective, divestment doesn’t solve the problem: a change in ownership would not impose any new restrictions on data flows or access,” Oberwetter stated. "The best way to address concerns about national security is with the transparent, U.S.-based protection of U.S. user data and systems, with robust third-party monitoring, vetting and verification, which we are already implementing.” The platform has pledged to fund a $1.5 billion program aimed at protecting US users from Chinese government access and preventing Chinese influence over US content, The plan involves storing all US user data in the US, and it would give American company Oracle Corp access to the company’s algorithmic code in order to suss out any potential security risks. Shou Zi Chew, TikTok’s chief executive, is expected to testify before the House Energy and Commerce Committee next week, where he’ll address concerns about the platform’s possible connections to China and harmful content directed at minors.
Caitlin Chin, a fellow at the Center for Strategic and International Studies (CSIS), told Nikkei Asia that even if ByteDance agrees to sell TikTok, it will be tough to find a buyer. Chin explained, "Very few companies are large and wealthy enough to purchase TikTok, and any technology giant that does have the capability to purchase it also likely has a strategic reason to do so.” She added that if an American social media giant like Meta or YouTube were to want to make the purchase, it could lead to antitrust issues, and it would likely not remedy all security issues given that American apps are largely unregulated.