- Cooking Mama’s return whips up a fresh batch of memes Tuesday 8:18 PM
- Influencer body-shames model, Photoshops photo of self to ‘prove point’ Tuesday 7:27 PM
- Boosie Badazz goes on transphobic rant about Dwyane Wade’s daughter Tuesday 6:34 PM
- Royal Family’s website accidentally links to porn instead of charity Tuesday 5:39 PM
- Republican senator spreads false conspiracy about coronavirus Tuesday 5:11 PM
- New DNA technology could help exonerate Black man serving life sentence Tuesday 4:24 PM
- ‘SNL’s’ Kenan Thompson to host the White House Correspondents’ Dinner Tuesday 3:58 PM
- Singer Summer Walker dragged for insensitive HIV comments Tuesday 2:39 PM
- This video of a teddy bear getting steam cleaned makes a perfect meme Tuesday 2:27 PM
- Ted Cruz goes on Twitter tirade over proposed vasectomy bill Tuesday 2:22 PM
- Billie Eilish says she’s stopped reading Instagram comments Tuesday 2:13 PM
- Christian group blames satanists for Twitter poll results Tuesday 1:41 PM
- Coronavirus has pandemic-themed video games topping charts Tuesday 12:58 PM
- Bloomberg said kids are drawn to socialism because they think it involves social media Tuesday 12:55 PM
- Jake Paul gives ill-informed advice on how to deal with anxiety Tuesday 12:25 PM
Washington wants corporations to disclose their boards’ cyber expertise
Everyone agrees that companies need cyber defenses. But is this the right approach?
Two senators want to make corporations reveal how much their leaders know about cybersecurity.
The Cybersecurity Disclosure Act, from Sens. Susan Collins (R-Maine) and Jack Reed (D-R.I.), would require companies to detail the cyber expertise of their top officers, including boards of directors and general partners.
If passed, the bill would direct the Securities and Exchange Commission to issue rules requiring public companies to report their top employees’ cybersecurity knowledge in their annual SEC filings.
Such reporting would include “whether any member of the governing body, such as the board of directors or general partner, of the reporting company has expertise or experience in cybersecurity and in such detail as necessary to fully describe the nature of the expertise or experience.”
If no one in these positions at a company has cybersecurity knowledge, that company would have to explain how its cybersecurity posture factored into decisions about board member selection.
“What we’re trying to do is have public companies recognize the need to have a cyber expert on their board or accessible to their board,” Reed told the Hill.
The bill leaves a key definition up to the SEC.
No one would dispute the need for companies to improve their cyberdefenses across the board, but it’s unclear whether requiring SEC-defined “experience in cybersecurity” at the board level will bring about security improvements.
Dave Weinstein, New Jersey’s first cybersecurity adviser, said he worried that the bill would become “another exercise in checking boxes at the board level when it comes to cybersecurity while exerting artificial regulatory pressures.”
“I think board emphasis is really important but… Congress is naive when it comes to standards for expertise or even experience,” Weinstein said in an interview conducted via Twitter direct message. “We should leave it up to companies to differentiate themselves voluntarily by implementing different levels of board focus.”
Weinstein said that he supported new legislation to bolster cybersecurity but urged Congress to focus on transparency instead of corporate leadership structure. He suggested that Congress require the disclosure of more information about data breaches, which have grown more destructive in the last few years.
“It’s ironic to me that Congress is so uninformed about this subject,” Weinstein said, “yet they want to mandate controls on companies around experience and expertise, whether it’s at the board or IT level.”
Congress began paying close attention to cybersecurity after last spring’s Office of Personnel Management data breach. Lawmakers pushed through a controversial bill to encourage companies to share cyber threat data with the government, and one of the bill’s lead authors promised to hold regular hearings to monitor its implementation.
H/T the Hill | Illustration via Max Fleishman
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.