美国银行业和金融行业倡导组织已向美国证券交易委员会请愿，以废除其网络安全事件的公开披露要求。

美国银行家协会领导的五个美国银行集团要求监管机构在5月22日的信中删除其规则

American banking and financial industry advocacy groups have petitioned the Securities and Exchange Commission to repeal its cybersecurity incident public disclosure requirements.

美国银行业和金融行业倡导组织已向美国证券交易委员会请愿，以废除其网络安全事件的公开披露要求。

Five US banking groups asked the regulator to remove the rule in a May 22 letter, arguing that disclosing cybersecurity incidents “directly conflicts with confidential reporting requirements intended to protect critical infrastructure and warn potential victims.”

美国五个银行集团要求监管机构在5月22日的一封信中删除该规则，并认为披露网络安全事件“直接与旨在保护关键基础设施并警告潜在受害者的机密报告要求直接冲突。”

The group, which also included the Securities Industry and Financial Markets Association, the Bank Policy Institute, Independent Community Bankers of America and the Institute of International Bankers, claimed that the rule compromises regulatory efforts to enhance national cybersecurity.

该集团还包括证券行业和金融市场协会，银行政策研究所，美国独立社区银行家和国际银行家研究所，该组织声称该规则损害了加强国家网络安全的监管努力。

The SEC’s Cybersecurity Risk Management rule, published in July 2023, requires companies to rapidly disclose cybersecurity incidents such as data breaches or hacks. However, the banking groups argue this rule was flawed from the start and has proven problematic in practice since taking effect.

SEC的网络安全风险管理规则于2023年7月发布，要求公司迅速披露网络安全事件，例如数据泄露或黑客。但是，银行团体认为这一规则从一开始就存在缺陷，自从生效以来，实际上证明了有问题的问题。

The banking bodies said that the “complex and narrow disclosure delay mechanism” interferes with incident response and law enforcement and creates “market confusion” between mandatory and voluntary disclosures.

银行机构说，“复杂而狭窄的披露延迟机制”会干扰事件反应和执法部门，并在强制性和自愿披露之间造成“市场混乱”。

Public disclosure has also been “weaponized as an extortion method by ransomware criminals to further malicious objectives,” and premature disclosures worsen insurance and liability issues for companies and “risks chilling candid internal communications and routine information sharing,” the group claimed.

该集团声称，公众披露也已被“被勒索软件犯罪分子作为勒索方法武器化，以进一步恶意目标”，过早的披露使公司的保险和责任问题恶化，并“冒着寒冷的坦率内部通讯和常规信息共享的风险”。

The groups specifically want “Item 1.05” to be rescinded from the SEC’s rules for Form 8-K reporting and parallel reporting requirements applicable to Form 6-K.

这些小组特别希望从SEC的8-K报告和平行报告要求的“项目1.05”中取消，适用于表格6-K。

Form 8-K is used to publicly notify investors in US public companies of specified events, including cybersecurity incidents, that may be important to shareholders or the SEC.

8-K表格用于公开通知美国上市公司的投资者，其中包括网络安全事件在内，这对于股东或SEC可能很重要。

“Critically, without Item 1.05, investor interests will still be protected, and we believe they would be better served through the pre-existing disclosure framework for reporting material information, which may include material cybersecurity incidents,” the groups stated.

这些小组说：“在没有项目1.05的情况下，投资者的利益仍然会受到保护，我们认为通过预先存在的披露框架来报告物质信息，他们将更好地为它们提供服务，其中可能包括材料网络安全事件。”

Related: Hackers using fake Ledger Live app to steal seed phrases and drain crypto

相关：黑客使用Fake Ledger Live应用程序窃取种子短语并排干加密

The full petition included examples of confusion from participants, specific incidents of ransomware attacks and documented regulatory conflicts.

完整的请愿书包括参与者的混乱，勒索软件攻击的具体事件以及有记录的监管冲突的例子。

Public crypto companies impacted

公共加密公司影响了

The requirement also impacts publicly listed crypto companies such as Coinbase, which disclosed earlier this month that hackers had bribed its support staff to leak its user data.

该要求还影响了Coinbase等公开列出的加密公司，该公司本月初透露，黑客贿赂其支持人员以泄露其用户数据。

The disclosure saw the company hit with at least seven lawsuits over the requirement.

披露使该公司至少涉及七项诉讼。

Coinbase said that it rejected a $20 million ransom demand after staff leaked user data in a major phishing attack, which the exchange said could cost it up to $400 million in damages.

Coinbase表示，在员工在大型网络钓鱼袭击中泄漏了用户数据后，它拒绝了2000万美元的赎金需求，该交易所表示，这可能使其损失高达4亿美元。

If the SEC rescinds the requirement, it may give firms such as Coinbase more time to disclose cybersecurity incidents to the public.

如果SEC撤销了要求，它可能会使Coinbase之类的公司有更多时间向公众披露网络安全事件。