CUNA letter on National Cybersecurity and Critical Infrastructure Protection Act
(January 13, 2014) —
The Honorable Michael McCaul
Chairman, Committee on Homeland Security U.S. House of Representatives
131 Cannon House Office Building Washington, DC 20515
The Honorable Bennie Thompson
Ranking Member, Committee on Homeland Security U.S. House of Representatives
2466 Rayburn HOB
Washington, D.C. 20515
Dear Chairman McCaul and Ranking Member Thompson:
The undersigned organizations, representing the financial services industry, appreciate your efforts to introduce H.R. 3696, the National Cybersecurity and Critical Infrastructure Protection Act. We welcome your leadership in this crucial fight against cyber threats and your work in forging this commonsense, bipartisan legislation.
While Congress considers much needed legislative action, our associations and the financial services industry have taken major steps to address the cybersecurity threats facing the Nation’s critical infrastructure. The financial services sector continues to invest in our infrastructure, has improved coordination among institutions of all sizes, and is continually enhancing our partnerships with government.
H.R. 3696 recognizes the necessary partnership between the private and public sectors that is required to better protect our Nation’s cybersecurity infrastructure. Among other provisions, this bill would strengthen existing mechanisms such as the Financial Services Sector Coordinating Council (FSSCC) and the Financial Services Information Sharing and Analysis Center (FS-ISAC) that help our sector identify threats, respond to cyber incidents and coordinate with government partners. These organizations work closely with partners throughout the government, including our sector specific agency, the Department of Treasury, as well as the Department of Homeland Security. Each agency has a civilian mission and plays a unique role in sector cybersecurity efforts and both work to strengthen the sector’s understanding of the threat environment.
Additionally H.R. 3696 seeks to improve the provisioning of security clearances for those involved in cybersecurity information sharing. Your recognition that this is a system that demands improvement is strongly supported by our industry and we further encourage the expansion of this to specifically include individuals within critical infrastructure responsible for key aspects of network defense or
mitigation. It is essential that all sizes of institutions within critical infrastructure receive access to classified threat information in a timely manner.
Finally, H.R. 3696 expands the existing Support Anti-Terrorism by Fostering Effective Technologies Act (SAFETY Act) to provide important legal liability protections for providers and users of certified cybersecurity technology in the event of a qualified Cybersecurity incident. We urge Congress to work with the Department of Homeland Security to ensure that, should this provision be adopted, the expanded SAFETY Act is implemented in a manner that does not duplicate or conflict with existing regulatory requirements, mandatory standards, or the evolving voluntary National Institute for Standards and Technology (NIST) Cybersecurity Framework. An expansion of the program must be coupled with additional funding to enable DHS to handle the increased scope of program and subsequent increase in applicants. Further, it is incumbent that an expansion enables DHS to streamline its SAFETY Act review and approval process so as not to discourage participation in the program.
Our sector has actively engaged in the implementation of Executive Order 13636 and the development by the National Institute of Standards and Technology of a Cybersecurity Framework. We believe the process outlined in H.R. 3696 should reflect the Framework developed through this cross-sector collaborative process.
Each of our organizations and respective member firms have made cybersecurity a top priority. We are committed to working with you as you lead in this crucial fight for cybersecurity of critical infrastructure.
American Bankers Association
The Clearing House
Consumer Bankers Association
Credit Union National Association (CUNA)
Electronic Funds Transfer Association
Financial Services – Information Sharing and Analysis Center (FS-ISAC) Financial Services Roundtable
Independent Community Bankers Association (ICBA) Investment Company Institute
NACHA-The Electronic Payments Association
National Association of Federal Credit Unions (NAFCU) Securities Industry and Financial Markets Association (SIFMA)
Cc: House Committee on Homeland Security