- Brits are sharing their ‘awfully British Amazon reviews’ on Twitter 4 Years Ago
- How to stream Mexico vs. Panama in Concacaf Nations League play Today 3:38 PM
- How to stream U.S. vs. Canada in the Concacaf Nations League tournament Today 3:21 PM
- Fortnite’s black hole launches conspiracy theories and memes Today 3:19 PM
- WeWork pulls phone booths over formaldehyde concerns Today 3:06 PM
- Mark Zuckerberg is reportedly having private meetings with prominent conservatives Today 3:03 PM
- Firework is a social video app with a literal twist Today 2:46 PM
- Pro-Trump meme comedian Carpe Donktum suspended by Twitter (updated) Today 1:35 PM
- Here are all of the Disney+ titles available to stream at launch Today 12:52 PM
- Rumor: Apple to release $399 iPhone SE follow-up next year Today 12:44 PM
- Sulli, K-pop star who spoke against cyberbullying, dead at 25 Today 12:37 PM
- The latest front in Turkey’s digital war against the Kurds? Google reviews Today 12:19 PM
- Slow iPhone got you down? Here’s how to speed it back up Today 11:49 AM
- Andy Ngo smears antifa activist killed in hit-and-run Today 11:25 AM
- ‘Succession’ but with M&Ms is a pitch-perfect parody Today 11:12 AM
Washington wants corporations to disclose their boards’ cyber expertise
Everyone agrees that companies need cyber defenses. But is this the right approach?
Two senators want to make corporations reveal how much their leaders know about cybersecurity.
The Cybersecurity Disclosure Act, from Sens. Susan Collins (R-Maine) and Jack Reed (D-R.I.), would require companies to detail the cyber expertise of their top officers, including boards of directors and general partners.
If passed, the bill would direct the Securities and Exchange Commission to issue rules requiring public companies to report their top employees’ cybersecurity knowledge in their annual SEC filings.
Such reporting would include “whether any member of the governing body, such as the board of directors or general partner, of the reporting company has expertise or experience in cybersecurity and in such detail as necessary to fully describe the nature of the expertise or experience.”
If no one in these positions at a company has cybersecurity knowledge, that company would have to explain how its cybersecurity posture factored into decisions about board member selection.
“What we’re trying to do is have public companies recognize the need to have a cyber expert on their board or accessible to their board,” Reed told the Hill.
The bill leaves a key definition up to the SEC.
No one would dispute the need for companies to improve their cyberdefenses across the board, but it’s unclear whether requiring SEC-defined “experience in cybersecurity” at the board level will bring about security improvements.
Dave Weinstein, New Jersey’s first cybersecurity adviser, said he worried that the bill would become “another exercise in checking boxes at the board level when it comes to cybersecurity while exerting artificial regulatory pressures.”
“I think board emphasis is really important but… Congress is naive when it comes to standards for expertise or even experience,” Weinstein said in an interview conducted via Twitter direct message. “We should leave it up to companies to differentiate themselves voluntarily by implementing different levels of board focus.”
Weinstein said that he supported new legislation to bolster cybersecurity but urged Congress to focus on transparency instead of corporate leadership structure. He suggested that Congress require the disclosure of more information about data breaches, which have grown more destructive in the last few years.
“It’s ironic to me that Congress is so uninformed about this subject,” Weinstein said, “yet they want to mandate controls on companies around experience and expertise, whether it’s at the board or IT level.”
Congress began paying close attention to cybersecurity after last spring’s Office of Personnel Management data breach. Lawmakers pushed through a controversial bill to encourage companies to share cyber threat data with the government, and one of the bill’s lead authors promised to hold regular hearings to monitor its implementation.
H/T the Hill | Illustration via Max Fleishman
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.