
SEC announces 'Cyber Unit' - newman8r
https://www.sec.gov/news/press-release/2017-176
======
thephyber
The organizational structure of many US government organizations still seems
strange to me.

The DHS's restructure after 9/11 seemed to make sense (from my viewpoint as an
outsider) even if it looks like they outsourced the branding of it to the 3rd
Reich.

The Secret Service has dual roles of protection of certain officials and their
families and investigating financial crimes. I understand the Secret Service's
history as a sub-department of the Department of the Treasury made sense, but
it still seems weird to have two very different, yet very specialized roles.

And then there's this weird new requirement that very many US Government
departments have their own tactical officer squads. Can't we just have a
National Police (a merged FBI, US Marshals, etc)? The current silo system
reeks of each silo budget hoarding.

All of this to say: The SEC now needs to compete with the other branches of
government to hire the best InfoSec people at a time when companies are
investing more in the same space. If only the NSA was more focused on
defending our government's systems, we could free up other government
resources to work on the non-redundant functions.

~~~
Top19
One criticism of having a centralized national police force, a common feature
in developing countries, is it makes corruption easier and more attractive. In
a sense you’ve also centralized corruption and given it just as many
efficiencies. That being said I don’t have a full solution to this issue, just
a quick point from the other side.

EDIT: I think a while ago (2-3 years maybe) it came out that the EPA had their
own SWAT team, which seemed pretty funny.

~~~
semi-extrinsic
Apart from the US, what industrialised countries don't have a centralized
national police force?

~~~
alexasmyths
The French have their national Police and also 'Gendarmes' which are like
police, but I think a branch of the Armed forces.

I'm not so sure of the history, but it's not so crazy that there are 'two' so
long as roles are clear etc..

Nation states are funny things. They change slowly :)

One thing is for certain: there should be more control over who gets to be a
'cop' and the training and ultimate badge authority should be centralized at
least at the state level.

This idea of 'Universities' hiring their own cops ... with authority to arrest
... who is in charge of them exactly?

I mean, in France they have 'two systems' but as far as I remember that covers
_everything_ and there are only 2 kinds of police uniforms that I ever saw. If
there is one goofball cop/gendarme, his case will go pretty high up. Not to
the 'dean' of the local college or whatever. Or to 'an elected guy' from some
village.

~~~
vinay427
University cops, assuming we are talking about those that are actual police
departments, are authorized by their respective states to perform that duty.
It operates similarly to any other police department, which means they have
the rights and responsibilities of any other police officer. In my state, they
are also required to have a public oversight committee with elected
representatives, and I assume this is not uncommon in other states.

In most, and perhaps all, states, there are state-level commissions to handle
cases of problem cops. However, I will be the first to admit that they don't
always work as intended.

~~~
KekDemaga
They do also have their own kangaroo courts that lack due process for some
unexplained reason though: [https://www.washingtonpost.com/news/volokh-
conspiracy/wp/201...](https://www.washingtonpost.com/news/volokh-
conspiracy/wp/2017/01/30/the-dangers-of-gutting-due-process-in-campus-sexual-
assault-cases/?utm_term=.c4770734e241)

~~~
rtkwe
I'm not sure there's going to ever be a good happy ground on sexual assault
cases that'll please everyone, just due to the nature of the crime. Ultimately
a lot of the cases are going to boil down to a he said she said even with
evidence that something actually happened. Given all that though there were
definitely big issues with how cases were handled before though, as a reaction
there's been perhaps an over correction.

------
newman8r
Interesting bullet points include:

'false information spread through electronic and social media'

'violations involving distributed ledger technology and initial coin
offerings'

~~~
thephyber
> 'false information spread through electronic and social media'

I was about to make a "Ministry of Truth" kind of comment until I re-checked
the article: "Market manipulation schemes involving false information spread
through electronic and social media"

~~~
newman8r
yeah I should have included the full context, but I think it could end up
being a gray line. It's something to keep an eye on because the difference
between market manipulation and trolling/FUD could be hard to distinguish.

~~~
toomuchtodo
> but I think it could end up being a gray line.

The SEC can and does monitor social media, correlate it to trade data, and
takes action based on that data.

[http://nypost.com/2017/09/07/ex-amazon-employee-pleads-
guilt...](http://nypost.com/2017/09/07/ex-amazon-employee-pleads-guilty-on-
insider-trading-charges/)

Credit to Matt Levine's Money Stuff Bloomberg article where I originally read
about this, but cannot find the article with a bit of Google searching.

------
firloop
Off topic but the word/prefix "cyber" is so cool. I wish it was used more,
like the "e-" prefix for internet applications.

~~~
83457
Cyber is short for cybersex in some minds which makes official statements and
words sound funny.

Was just thinking about how cool it must be for Gibson to have pulled a term
like cyberspace out of his head years ago and for it to be such a widely used
term now.

Edit, found video interview...
[https://youtu.be/ae3z7Oe3XF4](https://youtu.be/ae3z7Oe3XF4)

~~~
richardknop
What? I was not aware that cyber is short for cybersex. That's strange. I
thought cybersecurity, cyberspace, cyberpunk are what most people would
imagine if they hear "cyber". When I hear "cyber" the mental image I get is
some sort of a scene from Matrix where Neo plugs a wire into his brain and
goes into virtual world.

~~~
83457
Cyber is an adjective essentially meaning computer. It is well known from the
word cybernetics and later cyberspace. However I was pointing out that it used
to be common to use the word "cyber" in phrases in place of cybersex like
"want to cyber?". Maybe it was just a late-90/eary-2000s thing.

~~~
vertex-four
It's mostly been replaced by RP ("roleplay") or ERP ("erotic roleplay"), the
latter of which can make business process discussions interesting.

------
nickysielicki
Should I take this to mean that cryptocurrencies are all scams that demand SEC
intervention, or that cryptocurrencies are legitimate and here to stay?

~~~
wmf
Most crypto _currencies_ are regulated by the CFTC instead of the SEC, but
DACs/DAOs and ICOs are within the SEC's remit. They recently announced a
crackdown on some but not all ICOs: [https://www.sec.gov/oiea/investor-alerts-
and-bulletins/ib_co...](https://www.sec.gov/oiea/investor-alerts-and-
bulletins/ib_coinofferings)

------
paulie_a
So not that I am looking but where do I submit my application to this new
division...Actually scratch that: "I am happy to announce my new security
consulting firm to aid the SEC Cyber Unit called joshing.io"

------
mtgx
Whatever happened to the Cybersecurity Act (also called CISA) surveillance-
bill-in-disguise championed so heavily by Dianne Feinstein and Obama that was
supposed to help the NSA protect American individuals and companies against
data breaches?

This is why any such legislation needs to come with annual reviews. If it
doesn't work as expected after a few years, then it should be repealed.

But of course many of us know that the law was not about cybersecurity at all,
despite its misleading name, but about allowing the NSA more direct access to
companies' data.

------
unstatusthequo
Its 2017 and they are just thinking about this after their embarrassing
failure. Asleep at the wheel

~~~
sullivanmatt
This is the EDGAR system that was breached:
[https://www.edgarfiling.sec.gov/Welcome/EDGARLogin.htm](https://www.edgarfiling.sec.gov/Welcome/EDGARLogin.htm)

Up until two years ago, that page used to recommend a minimum browser of
either IE 5 or Netscape Navigator 3. If you look at the source and use of
'htm' extension, all signals point towards it being created using an extremely
old version of Microsoft FrontPage (2000?). And that's not particularly
uncommon on the government systems for unsexy tasks like filing regulatory
reports. Limited IT staff and budget, paired with an unimaginable amount of
red tape, lead to this type of breach. Also good InfoSec talent usually
doesn't stay at the Federal space long. Anyone with strong skills within 50mi
of the beltway can make $25k+ more per year by going private sector. Finally,
let's not forget a much more limited talent pool is available because, in many
situations, these jobs require you to be a U.S. citizen.

I would argue that the SEC breach is only a symptom of a much more systemic
problem with IT at the Federal level. To fix it will be extremely costly and
painful. To do nothing will be extremely costly and painful.

~~~
thephyber
> To fix it will be extremely costly and painful.

The last few years of the Obama administration, the White House proposed
budget included an interesting and useful (IMHO) line item to address this.
The gist of it was that any department could draw up a plan to take a loan
against their future budgets to pay down IT efficiency projects (including
streamlining of processes and improvements to cybersecurity posture). I doubt
a Republican Congress would go for larger federal spending now for future
savings, but I hope that all "government should be small and efficient"
advocates would give this kind of proposal serious thought.

------
EGreg
Violations OF WHAT? Where are the rules for ICOs so far?

------
sdfgelgh43oito3
The SEC is a dept with teeth. I expect the SEC Cyber Unit to catch many an
internet scammer, likely to be more effective than regular law enforcement.

This is good news for your average citizen, and bad news for financial
criminals.

~~~
txcwpalpha
Based on the press release, this really seems to be focused specifically on
cybercrimes related to taking advantage of stock markets, such as stealing
non-public trading information or using exploits in trading software to
trigger market fluctuations and profiting from it. I really doubt this SEC
"Cyber Unit" is going to have anything to do with stopping your average
phishing scam or even stealing things like SSNs.

~~~
KGIII
Well no, they wouldn't do those things. They are concerned primarily with
securities.

------
justinzollars
Can't continue to have an inflation tax (our government outspends what it
takes in year after year after year) if the population moves to
cryptocurrencies.

~~~
millstone
How do cryptocurrencies prevent the government from borrowing?

~~~
justinzollars
It doesn't. But using non fiat currencies prevents value from being extracted
from your dollars value. A 6 nuclear aircraft carrier armada and hundreds of
military bases across the earth isn't free.

