Kyle Alspach reports:
As the chief information security officer of a large, publicly traded tech company, Drew Simonis has been keeping a close eye on the SEC’s proposed rules to require reporting of major cyberattacks.
Simonis, who works at Juniper Networks, has some serious concerns shared by many executives in U.S. private industry. Some of the proposed cyber incident reporting rules seem like they’d be counterproductive to the goal of creating transparency, and would likely just increase confusion for corporate shareholders, he said. Overall, by requiring public disclosure of major cyber incidents within four business days, the approach seems to lack a basic understanding of the “fluid nature of security events,” Simonis said.
Read more at Protocol.