Tales From the Crypto Bill: From Cyber Risks to Sandboxes

Securities Enforcement Defense attorney Scott Mascianica spoke with Law360 about a landmark congressional bill proposal that would regulate cryptocurrencies and give regulatory power to the Commodity Futures Trading Commission (CFTC). The proposal would give the CFTC authority to regulate the bulk of crypto by market cap, including the popular bitcoin and ether coins. The legislation deems those "ancillary" assets stores of value, and thus commodities, while the U.S. Securities and Exchange Commission (SEC) would take authority over digital assets that mimic securities. Within 18 months of the bill's approval, the SEC and CFTC would need to develop "comprehensive, principles-based" guidance relating to cybersecurity for entities acting as "digital asset intermediaries," according to Section 808 of the proposal.

Given the slew of cyberattacks that have involved crypto in recent years, Mr. Mascianica commented that it's of "little surprise" to see the topic of cybersecurity measures addressed in the bill. He also noted that the co-sponsors of the bill seem to have done their homework in laying the groundwork for a comprehensive cyber risk plan. He commented that the guidance areas are "broadly framed and will likely cover much of the cybersecurity waterfront for entities qualifying as digital asset intermediaries."

"These features — such as threat identification, risk mitigation, incident response, penetration testing, organizational and governance policies — are critical components of a comprehensive cybersecurity program," he said. "Both prophylactic and reactive measures are necessary."

READ: Tales from the Crypto Bill: from Cyber Risks to Sandboxes (subscription required)