May 24, 2023
Dear Chair Gensler, I write this email in my capacity as an academic expert on the intersection of securities regulation and cybersecurity/information security – a topic I have taught and written about for two decades. In reviewing the public comments on the proposed Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule [Release No. 33-11038; 34-94382; IC-34529; File No. S7-09-22], I have noticed a significant number of material misstatements and key omissions in the comments. I hereby request to meet with you/your team to offer my comments on strengthening the current draft of this proposed rule. This request and the comments contained herein do not reflect the views of any federal agency to which I am currently appointed or with which I collaborate; they are made solely in my capacity as a concerned academic subject matter expert. Thanks, Andrea --- Andrea M. Matwyshyn https://andreamm.com Professor/ Assoc. Dean of Innovation, Penn State Law Professor, SEDI, Penn State Engineering Founding Faculty Director, Penn State Policy Innovation Lab of Tomorrow (PILOT) https://www.pilotlab.org/ Founding Faculty Director, Manglona Lab for Gender and Economic Equity https://www.manglonalab.org/