[ad_1]
In their letter, Vance and Tillis set a deadline of Jan. 23 for the SEC to clarify its plans to investigate what happened, among other things.
In a statement, the SEC said it “will work with law enforcement and our partners across government to investigate the matter and determine appropriate next steps related to both the unauthorized access and any related misconduct,” but did not provide further details. .
In practice, there is likely to be an “alphabet soup of investigations,” according to John Stark, who worked for 18 years as a lawyer at the SEC. Those investigations are likely to involve separate investigations by the SEC itself, the US Department of Justice (which will focus on identifying the hacker), and potentially other regulatory bodies. The Justice Department did not respond to a request for comment.
The SEC’s internal investigation, Stark says, will likely be conducted by the Office of Inspector General, independent of the rest of the agency, and will focus instead on any “staff misconduct” that might have enabled the security breach. The results of what will likely be a “robust investigation” will be delivered to Congress, he says, but not for several months.
In July, the SEC imposed new rules on companies that register with the agency, requiring them to disclose significant cybersecurity incidents and their “nature, scope and opportunity” within four business days. The SEC did not respond when asked if it would make such a preliminary disclosure.
In the wake of the security breach, Gensler, something of a cartoon villain in crypto circles due to his agency’s strategy. aggression towards the industry—has faced mockery and asks for his resignation among crypto personalities at X.
However, it is unlikely, says industry analyst Noelle Acheson, formerly of cryptocurrency brokerage Genesis, that Gensler will be forced to resign. “I can’t imagine him leaving the job,” she says, “unless I take it off his hands.”
“Twitterverse has been calling for Gensler’s resignation forever. But this is not the kind of thing you quit for,” Stark says. “In the worst case scenario, SEC staff will be found guilty of the same thing as many companies: carelessness regarding cybersecurity.”
Although an organization like the SEC should be expected to maintain strict security standards, says Stark, who currently works as a cybersecurity consultant, it is impossible to prevent all breaches. “You can do everything you can to stop them,” he says. “But sooner or later, someone screws up.”
[ad_2]