A major security breach at the US Securities and Exchange Commission threatens to disrupt the SEC’s business, the company’s president says
SEC chief Scott Scholz said on Monday the breach at his agency’s website has the potential to “disrupt the SEC” and “hampers its ability to enforce its rules.”
Scholz, speaking at the Association of American Securities Administrators (AAESA) annual meeting in Washington, DC, also said the company has not yet received any reports of customer data being compromised.
“The issue is that we’ve got nothing yet to indicate that there’s been any unauthorized access,” Scholzz said.
“But I’m confident that we will.”
Schulz said the SEC has a plan to secure the site for the next three months.
The company’s SEC website will remain offline for 24 hours from 8 p.m. to 8 a.m., according to the SEC.
The website is now accessible from the company website.
Scholzz added that the company will continue to offer security updates and other enhancements to its website, which are being tested with customers.
Schulzz said he did not know if there were other incidents similar to the one at the SEC website.
The SEC’s website was breached on Dec. 3, according to an SEC report from the time.
A person using a login provided to Recode said that he was not the person that accessed the site.
The breach was discovered after the SEC contacted the U.S. Department of Homeland Security and requested assistance from the agency, Scholff said.
The department provided the SEC with information on the intrusion and offered assistance, he said.
The agency said in a statement on Monday that it was “actively monitoring” the situation.
Scholsz also said that the SEC will continue working to help customers.
“It’s going to take some time, but I think that we’ll be able to continue to work with our customers to do what we can to help them recover,” Schulz told reporters.
SchOLZZ: The SEC has not received any unauthorized attempts to access the SECs SEC website yet.
We’ve taken some steps to protect our website.
— SEC (@SEC) December 4, 2017Scholzik said that, unlike other security breaches that have affected websites, the SEC does not believe it is related to any specific breach of the SEC or other entities.
Scholarship to protect against cyberthreatsSchulzes response to the breach follows comments made by former SEC chairman and CEO Richard W. Evans in a Washington Post op-ed on Monday.
Evans wrote that the government should invest more in cybersecurity in order to prevent cyberattacks.
Schulz said that Evans’s comments are “not accurate” and that the U-S-A had made strides to protect its cyber infrastructure.
Schutz, in his remarks, said the U’s efforts have been focused on cyberattacks by foreign adversaries.
He said that while the SEC may not have been prepared for a breach at its website due to the lack of a specific threat, the agency’s efforts to safeguard its information have “been more than adequate.”
Schulz also said a plan is being developed to offer grants to universities to help students develop and implement cybersecurity strategies.
The money would go toward programs that support cybersecurity in college.
Schultz also said he expects the SEC to begin using a technology called Trustwave, a secure messaging service that allows a company to send encrypted messages and photos to a group of people without the user’s knowledge.
The service has been tested on the SEC site.
Schuliz also spoke about a possible threat from the NSA.
“We have a very aggressive capability here at the agency,” he said, citing a joint mission with the NSA and the Department of Defense.
Schlisz said that there is “no way that we can prevent the NSA from using its capability.”
“They are going to be able [to] take advantage of any breach to steal sensitive information and use that information to spy on the entire world,” he added.