Sept. 20, 2017
Effective management of internal cybersecurity risk is critical to the SEC achieving its mission and to protecting the nonpublic information that is entrusted to this agency. I commend Chairman Clayton for initiating an assessment of the SEC's internal cybersecurity risk profile and approach to cybersecurity from a regulatory perspective. In connection with that review, I was recently informed for the first time that an intrusion occurred in 2016 in the SEC's Electronic Data Gathering, Analysis, and Retrieval ("EDGAR") system.[1] I fully support Chairman Clayton and Commission staff in their efforts to conduct a comprehensive investigation to understand the full scope of the intrusion and how to better manage cybersecurity risks related to the SEC's operations.
[1] See https://www.sec.gov/news/public-statement/statement-clayton-2017-09-20.