Government Report Uncovers SEC’s Ineffective Cybersecurity Programs Prior to X Hack: Fox

SEC Cybersecurity Concerns

The United States Securities and Exchange Commission (SEC) faced scrutiny over its cybersecurity program following a report from the Office of Inspector General (OIG). The report, received just two weeks before the commission’s X account was hacked on January 9, raised significant concerns.

Report Findings and Recommendations

The OIG report, conducted by contractor Cotton & Company Assurance and Advisor, highlighted various security weaknesses within the SEC. Recommendations included:

• Improving information security program
• Addressing potential risk areas
• Maintaining vulnerability disclosure policy
• Logging meeting requirements

Response from SEC

In response to the report, the SEC’s Chief Information Officer, David Bottom, acknowledged the need for improvements. He stated that the Office of Information Technology (OIT) was working on enhancing security protocols, focusing on risk management, supply chain, security training, and continuous monitoring.

X Account Hack and Market Impact

The SEC’s vulnerabilities came to light when an authorized party hacked the X account on January 9, posting a fake spot Bitcoin ETF approval announcement. This incident led to market manipulation concerns and resulted in $90 million in liquidations.

Market Manipulation Concerns

Following the hack, there were calls for transparency and accountability. Congresswoman Anne Wagner expressed concern over market manipulation that impacted investors, while Senator Cynthia Lummis emphasized the need for clarity on the incident.

Security Flaws and Response

It was later revealed that the SEC had not enabled two-factor authentication, allowing unauthorized access via a SIM-swapping attack. The SEC clarified that the breach occurred through the telecom carrier and not its systems. Despite the vulnerabilities, it remains uncertain if the commission will face repercussions for the security breach.