During a House Appropriations Committee hearing last week, Rep. Ashley Hinson (R-IA) spoke about cyberattacks on SEC databases by foreign adversaries.
Category
🗞
NewsTranscript
00:00Mr. Chairman, I thank you.
00:01Thank you very much.
00:02The chair now recognizes the gentle lady from Iowa for any questions she may have in the second round.
00:07Just a few more, Mr. Chairman.
00:08Thank you again for being here.
00:10Last week, the SEC announced that certain confidential information filed by investment managers on form N-Port was accidentally made public.
00:19In 2022, SEC enforcement staff inappropriately accessed documents in administrative law cases being considered by the SEC.
00:26And then in 2016, a foreign hacker gained access to the SEC database, and we know that they were able to result in $4.1 million in illegal profits as a result of that hack.
00:38So these are just a couple of the examples, certainly where that trust for American investors is put at risk and violated.
00:46So how will you plan to address some of those concerns about the retention of data, some of these bigger cybersecurity vulnerabilities?
00:54We know we have many adversaries who are looking to exploit those weaknesses, and then the potential misuse of sensitive investor information as a result of that.
01:04Well, thank you, Congressman.
01:06I completely share your concern, and, you know, this is, it dumbfounds me that this sort of thing happens.
01:14And so we at the SEC take very, very seriously the information and the obligations that we have to disseminate information, the information that we collect,
01:24and especially on the confidentiality of what supposedly is confidential.
01:29So we're looking into that, and that's one reason why I really, you know, am happy for the help to look at our information technology system.
01:39It's time for a good scrubbing and spring cleaning to see, you know, where the gaps are, how we can, you know, undergird it and, you know, make it better.
01:50Because I had, you know, the SEC's database was for personnel information was hacked by, I think, the Chinese, something probably about 20 years ago, 15 years ago, something like that.
02:02So my own information is out there.
02:05So with that in mind, I, you know, I feel that obviously we need to come to a good understanding of how we can improve.
02:15And we'll be discussing with you and the administration about, you know, what may be necessary to do that.
02:21Yeah, it's certainly alarming when your own information is compromised, right?
02:26Obviously, as a member of Congress, ours was compromising the D.C. Health link hack a few years ago, too.
02:31So I certainly feel that on a personal level.
02:33Just want to zoom in a little bit on the consolidated auto trail, CAT, the largest repository of investor information that's literally ever been created and likely also one of the least secure.
02:44And as you're aware, the CAT did collect a lot of sensitive information, personally identifiable information on every single American investor,
02:51making that information particularly vulnerable to cyber criminals who then want to steal identities.
02:57Or as you mentioned, China hacking many of our foreign adversaries who will seek to potentially even blackmail Americans with that data, manipulate our markets.
03:06I mean, this could be really, really egregious for the American economy.
03:09So, you know, you talk a little bit about some of the IT improvements that you might need.
03:13But what steps are you taking to really protect American investors and our markets from some of these vulnerabilities presented by CAT right now?
03:22Well, as I mentioned before, we're reviewing, plan to review the consolidated auto trail for, you know, its benefits and the costs and the potential vulnerabilities.
03:35So, all that's under, will be under consideration.
03:39But again, as far as shoring up the defenses and the integrity of our systems, that's incredibly critical, obviously, especially with all the information that the SEC handles.
03:51And so, I, that's, I, I pledge to really focus on that and get the best minds to work on how we can do it and, and how to maybe restructure things around that.
04:03Do you think Doge could be helpful in that case?
04:04I know they've been coming in and finding in, in many cases, there's duplicative technologies, again, a need for investment in specific places.
04:11Have you been able to work with them and their team on, on some suggestions maybe for what might be improved?
04:17They already have been inside and at work in.
04:21So now, as they've looked at overlapping contracts and, and efficiencies, I think the savings is up to $90 million of, that they've identified.
04:30So that's, that's a great start and they're not finished yet.
04:34Let's redirect that $90 million to better IT practices.
04:37I think that's a good, good approach.
04:38Thank you, Mr. Chairman.
04:39Amen.
04:39I yield that.
04:43The, now recognize the gentleman from North Carolina, Mr. Edwards, for any second round questions he may have.
04:50Yeah, thank you, Mr. Chair.
04:51I get another chance.
04:52Chairman Atkins, earlier this month you stated.