Skip to main content
banner image
venafi logo

U.S. Steps Up Cybersecurity Push: SEC Proposes New Rules While State Department Establishes Cyberspace Bureau

U.S. Steps Up Cybersecurity Push: SEC Proposes New Rules While State Department Establishes Cyberspace Bureau

sec-state-department-step-up-cybersecurity
April 8, 2022 | Brooke Crothers

Two separate announcements from the U.S. Securities and Exchange Commission and the U.S. State Department demonstrate that the government is taking a more active role in cybersecurity oversight and enforcement.

Why are TLS certificates such a hot commodity on the dark web? Read the report to find out!
">
SEC Proposes new cybersecurity rules for public companies

The Securities and Exchange Commission has proposed amendments to its rules to enhance and standardize cybersecurity disclosures for public companies (via National Law Review).

This announcement follows proposed SEC rules for cybersecurity risk management aimed at investment advisers, investment companies and business development companies (funds), announced back in February.

The proposed mandates are designed to...emphasize the increasing importance of cybersecurity as a dimension of corporate governance,” according to the National Law Review.

The aim is to provide “consistent, comparable, and decision-useful” information to investors, the SEC said in a statement. “[The amendments] are designed to better inform investors about material cybersecurity risks and incidents on a timely basis and…assessment, governance, and management of those risks,” the statement continued.

The proposed amendments would require, among other things:

Current reporting about material cybersecurity incidents and periodic reporting to provide updates about previously reported cybersecurity incidents.

Periodic reporting about a registrant’s policies and procedures to identify and manage cybersecurity risks; the registrant’s board of directors' oversight of cybersecurity risk; and management’s role and expertise in assessing and managing cybersecurity risk and implementing cybersecurity policies and procedures.

Annual reporting or certain proxy disclosure about the board of directors’ cybersecurity expertise, if any.

--SEC Proposes Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies, March 9, 2022

Underreporting concern

Reporting of cybersecurity incidents on Form 8-K would be required, due to a growing concern that material cybersecurity incidents are underreported and that existing reporting may not be sufficiently timely, the SEC said (PDF) in a 129-page document titled “Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure.”

The agency would require disclosure of material cybersecurity incidents on Form 8-K within four business days after determining a material cybersecurity incident.

Another proposed item would require organizations to disclose policies and procedures to identify and manage cybersecurity risks and threats, including operational risk, intellectual property theft, fraud, extortion, harm to employees or customers, and violation of privacy laws.

State Department establishes of Bureau of Cyberspace and Digital Policy

The State Department is also expanding its role in the cybsersecurity space, launching the Bureau of Cyberspace and Digital Policy (CDP) on April 4, 2022.

The CDP bureau includes three policy units: International Cyberspace Security, International Information and Communications Policy, and Digital Freedom.

As part of Secretary Antony Blinken’s modernization agenda, the CDP bureau will “address the national security challenges, economic opportunities, and implications for U.S. values associated with cyberspace, digital technologies, and digital policy,” according to the the State Department announcement.

“The Bureau of Cyberspace and Digital Policy leads and coordinates the Department’s work on cyberspace and digital diplomacy to encourage responsible state behavior in cyberspace and advance policies that protect the integrity and security of the infrastructure of the Internet, serve U.S. interests, promote competitiveness, and uphold democratic values,” the State Department said.

Jennifer Bachus, a career member of the Senior Foreign Service, is serving as Principal Deputy Assistant Secretary for the CDP bureau.

The Trump administration had proposed a unified bureau to streamline the diplomatic structure back in 2018. Under that plan, the Office of the Cybersecurity Coordinator and the Bureau of Economic Affairs’ Office of International Communications and Information Policy would have been unified to form the proposed Bureau for Cyberspace and the Digital Economy.

This effectively reverses that proposal.

Related Posts

Like this blog? We think you will love this.
ukraine-russia-cyber-war
Featured Blog

Ukraine-Russia Cyber ‘Trench’ Warfare Intensifies

Russian offensive persists though not at scale expected

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Brooke Crothers
Brooke Crothers
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more