House panel advances measure to dissolve SEC cyber disclosure rule
Rep. Andrew Garbarino, R-N.Y., shown here on the Capitol steps in July 2021, is looking to overturn cyber incident disclosure regulations put in place by the Securities and Exchange Commission. Bill Clark/CQ-Roll Call, Inc via Getty Images
The White House has said the president would veto any legislative effort to revoke the rule.
The House Financial Services Committee on Thursday advanced a resolution to undo an SEC rule requiring publicly traded companies to openly disclose cybersecurity incidents within four business days of discovery.
The contested authority, approved by the SEC last July, was issued on grounds that investors should know how cyberattacks impact companies’ bottom lines. But opponents argue the mandate forces firms to reveal sensitive information about their businesses and publicize their vulnerabilities, which could draw unwanted attention from other hackers.
The resolution to remove the SEC rule was advanced on a party line vote.
“Disclosing such information potentially compromises the confidentiality of a company’s cybersecurity programs and reveal details such as the scope and frequency of testing, nature of third-party systems and specific remediation activities,” said Rep. Andrew Garbarino, R-N.Y., a member of the GOP-led finance panel who also heads House Homeland’s cybersecurity subcommittee.
Garbarino, who has led the initiative on the House side, said earlier this month he was working to get the resolution added to a slate of other items on the committee’s docket, Nextgov/FCW first reported.
The White House in January affirmed its commitment to the directive and said President Joe Biden will veto any efforts to shutter the agency regulation, but Garbarino at the time said the private sector’s views of the rule may force the executive branch to rethink its position. He also cited remarks from his Democratic counterpart on the House Homeland Security Committee’s cyber panel.
The disclosure requirements have led to several well-known companies, including Microsoft, Hewlett Packard and UnitedHealth, coming forward through SEC 8-K filings to reveal hacking incidents that have compromised their systems.
The fate of the resolution remains unclear in the near-term. It now awaits a full vote on the House floor, as the resolution would require both House and Senate passage before proceeding to President Biden’s desk. The White House has also not signaled any renewed interest in the matter.