美國銀行業和金融行業倡導組織已向美國證券交易委員會請願，以廢除其網絡安全事件的公開披露要求。

美國銀行家協會領導的五個美國銀行集團要求監管機構在5月22日的信中刪除其規則

American banking and financial industry advocacy groups have petitioned the Securities and Exchange Commission to repeal its cybersecurity incident public disclosure requirements.

美國銀行業和金融行業倡導組織已向美國證券交易委員會請願，以廢除其網絡安全事件的公開披露要求。

Five US banking groups asked the regulator to remove the rule in a May 22 letter, arguing that disclosing cybersecurity incidents “directly conflicts with confidential reporting requirements intended to protect critical infrastructure and warn potential victims.”

美國五個銀行集團要求監管機構在5月22日的一封信中刪除該規則，並認為披露網絡安全事件“直接與旨在保護關鍵基礎設施並警告潛在受害者的機密報告要求直接衝突。”

The group, which also included the Securities Industry and Financial Markets Association, the Bank Policy Institute, Independent Community Bankers of America and the Institute of International Bankers, claimed that the rule compromises regulatory efforts to enhance national cybersecurity.

該集團還包括證券行業和金融市場協會，銀行政策研究所，美國獨立社區銀行家和國際銀行家研究所，該組織聲稱該規則損害了加強國家網絡安全的監管努力。

The SEC’s Cybersecurity Risk Management rule, published in July 2023, requires companies to rapidly disclose cybersecurity incidents such as data breaches or hacks. However, the banking groups argue this rule was flawed from the start and has proven problematic in practice since taking effect.

SEC的網絡安全風險管理規則於2023年7月發布，要求公司迅速披露網絡安全事件，例如數據洩露或黑客。但是，銀行團體認為這一規則從一開始就存在缺陷，自從生效以來，實際上證明了有問題的問題。

The banking bodies said that the “complex and narrow disclosure delay mechanism” interferes with incident response and law enforcement and creates “market confusion” between mandatory and voluntary disclosures.

銀行機構說，“複雜而狹窄的披露延遲機制”會干擾事件反應和執法部門，並在強制性和自願披露之間造成“市場混亂”。

Public disclosure has also been “weaponized as an extortion method by ransomware criminals to further malicious objectives,” and premature disclosures worsen insurance and liability issues for companies and “risks chilling candid internal communications and routine information sharing,” the group claimed.

該集團聲稱，公眾披露也已被“被勒索軟件犯罪分子作為勒索方法武器化，以進一步惡意目標”，過早的披露使公司的保險和責任問題惡化，並“冒著寒冷的坦率內部通訊和常規信息共享的風險”。

The groups specifically want “Item 1.05” to be rescinded from the SEC’s rules for Form 8-K reporting and parallel reporting requirements applicable to Form 6-K.

這些小組特別希望從SEC的8-K報告和平行報告要求的“項目1.05”中取消，適用於表格6-K。

Form 8-K is used to publicly notify investors in US public companies of specified events, including cybersecurity incidents, that may be important to shareholders or the SEC.

8-K表格用於公開通知美國上市公司的投資者，其中包括網絡安全事件在內，這對於股東或SEC可能很重要。

“Critically, without Item 1.05, investor interests will still be protected, and we believe they would be better served through the pre-existing disclosure framework for reporting material information, which may include material cybersecurity incidents,” the groups stated.

這些小組說：“在沒有項目1.05的情況下，投資者的利益仍然會受到保護，我們認為通過預先存在的披露框架來報告物質信息，他們將更好地為它們提供服務，其中可能包括材料網絡安全事件。”

Related: Hackers using fake Ledger Live app to steal seed phrases and drain crypto

相關：黑客使用Fake Ledger Live應用程序竊取種子短語並排幹加密

The full petition included examples of confusion from participants, specific incidents of ransomware attacks and documented regulatory conflicts.

完整的請願書包括參與者的混亂，勒索軟件攻擊的具體事件以及有記錄的監管衝突的例子。

Public crypto companies impacted

公共加密公司影響了

The requirement also impacts publicly listed crypto companies such as Coinbase, which disclosed earlier this month that hackers had bribed its support staff to leak its user data.

該要求還影響了Coinbase等公開列出的加密公司，該公司本月初透露，黑客賄賂其支持人員以洩露其用戶數據。

The disclosure saw the company hit with at least seven lawsuits over the requirement.

披露使該公司至少涉及七項訴訟。

Coinbase said that it rejected a $20 million ransom demand after staff leaked user data in a major phishing attack, which the exchange said could cost it up to $400 million in damages.

Coinbase表示，在員工在大型網絡釣魚襲擊中洩漏了用戶數據後，它拒絕了2000萬美元的贖金需求，該交易所表示，這可能使其損失高達4億美元。

If the SEC rescinds the requirement, it may give firms such as Coinbase more time to disclose cybersecurity incidents to the public.

如果SEC撤銷了要求，它可能會使Coinbase之類的公司有更多時間向公眾披露網絡安全事件。