Daily Management Review

SEC’s EDGAR database vulnerable to cyber threats


10/06/2017


The SEC has admitted to the existence of vulnerabilities in its EDGAR database, a repository which houses millions of filing of corporate America, not only in its internal memo, but also during a Congressional hearing. As a result, the implementation of the new rules that were adopted in 2016 for the $18 trillion U.S. mutual fund industry, is likely to be delayed.



As per an internal memo from the SEC, Wall Street’s top regular, the Securities and Exchange Commission (SEC), has discovered that its corporate filing database has vulnerabilities which could be exploited to cause a system collapse.

The SEC’s internal memo dated September 22, discloses that its EDGAR database, which contains details of financial performance of U.S. public limited companies and mutual funds, could be at risk of a “denial of service” (DOS) attack, which essentially floods the network with packets to such an extent that it overwhelms it and forces it to shutdown.

The SEC made this discovery while testing EDGAR’s ability to absorb monthly and annual financial filings required under new rules adopted in 2016 for the $18 trillion mutual fund industry.

As per the internal memo, even an unintentional error by a company, such as filing an “invalid” form, could overwhelm the system’s memory and bring down the entire system.

The finding of the vulnerability comes in the wake of SEC’s admission last month that hackers had been able to breach the EDGAR database in 2016 and had money money from the mined data.

The discovery lays further doubt on the SEC’s network capabilities and whether the agency has adequately addressed cyber threats.

It has been a while since the mutual fund industry has had concerns that the market-sensitive data that it needs to submit could be exploited in the wrong hands.

As a result, the industry has redoubled its efforts to stall and delay the data-reporting rules, which are set to go into effect in June 2018, until it is reassured that the information that it provides is secured.

Clearly, the SEC should postpone implementation of its data reporting rule until the security of those systems is thoroughly tested and assessed by independent third parties,” said Mike McNamee, chief public communications officer of The Investment Company Institute (ICI), whose members manage $20 trillion worth of assets in the United States.

We are confident Chairman Clayton will live up to his pledge that the SEC will take whatever steps are necessary to ensure the security of its systems and the data it collects.”

An SEC spokesman declined to comment.

Rules adopted in 2016, require asset managers to file monthly and annual reports vis-a-vis their portfolio holdings; the rules were designed to protect the mutual fund industry in the event of a market crisis by showing the SEC and investors that they have enough liquidity to cover a rush of redemptions.

On Wednesday, in a Congressional hearing, SEC Chairman Jay Clayton testified that the agency was weighing its options to delay the rules in light of emerging cyber concerns. Incidentally, he did not mention about EDGAR’s vulnerability to the DOS attack.


 


 


 

Source:

http://uk.reuters.com


 

 







Science & Technology

Germany Introduces The First Ever Train To Run On 100% Hydrogen

Germany Plans On Cyber Security Research To End Reliance On U.S. Tech

Fuchsia will kill Android by 2023: Top 5 facts about the new OS

New Study Finds Goats Interact More With Happy People

More than 32 thousand "smart" houses under threat of hacker attack

Internet addiction and children: Global plague

Apple takes up to develop Apple Watch for health monitoring

Hyperloop is growing in Europe

Analysts: US gamers prefer mobile games

Google Assistant Winner Of Head-To-Head Test Of Digital Assistants, Beats Siri And Alexa

World Politics

World & Politics

Ex-Brexit Minister Said A ‘Reset’ Is Needed For Brexit Talks

10 countries with the best healthcare systems

Foreign Experts To Be Allowed By North Korea For Permanent Destruction Of Missile Sites

Ireland recovers €14.3 billion from Apple

Is China going to cancel its birth limit policy?

The US is ready to start negotiations with China

US and China start 5G race

Is Czech Republic posing a threat to the European Union?