SEC Issues Proposed Cyber Rule, Including 48-Hour Breach Reporting Requirement

National Law Review: The Securities and Exchange Commission (SEC) has proposed a set of rules to hopefully strengthen the financial sector’s defense against cyberattacks. The proposal aims to standardize disclosures of cybersecurity incidents and increase clarity around company’s risk management and governance policies around cybersecurity. If the proposal goes into effect in the future, companies may find it very challenging to disclose significant cybersecurity incidents within 4 days, unless they have proper protocols and assessments in place.

Google Paid Record $8.7 Million to Bug Hunters in 2021

Dark Reading:  Last year almost 700 third-party bug hunters from 62 countries were paid an astonishing $8.7 million in rewards from Google. They discovered and reported thousands of vulnerabilities in the company’s technologies such as Chrome and Android. Google paid 30% more in rewards from 2020 and some of the increase was due to certain kinds of bug discoveries.

C.I.A. Is Collecting in Bulk Certain Data Affecting Americans, Senators Warn 

NYTimes ($): Two US senators on the Senate Intelligence Committee are concerned that the CIA has a secret data library that includes information about its citizens. Senators Ron Wyden of Oregon and Martin Heinrich of New Mexico sent a letter to intelligence officials calling for program details to be declassified. There have always been concerns about what our intelligence community collects on US citizens and the CIA and the National Security Agency are generally barred from investigating Americans.