Joint Industry Trade Letter on today’s mark-up of cybersecurity bill, H.R. 3696
February 4, 2014
The Honorable Michael McCaul Chairman
Committee on Homeland Security
U.S. House of Representatives
131 Cannon House Office Building Washington, DC 20515
The Honorable Bennie Thompson
Ranking Member, Committee on Homeland Security
U.S. House of Representatives
2466 Rayburn HOB Washington, D.C. 20515
Dear Chairman McCaul and Ranking Member Thompson:
The undersigned organizations, representing the financial services industry, appreciate your efforts on H.R. 3696, the National Cybersecurity and Critical Infrastructure Protection Act as currently drafted. We welcome your leadership in this crucial fight against cyber threats and your work in forging this commonsense, bipartisan legislation.
While Congress considers much needed legislative action, our associations and their member firms in the financial services industry have taken major steps to address the cybersecurity threats facing the Nation’s critical infrastructure. The financial services sector continues to invest in our infrastructure, has improved coordination among institutions of all sizes, and is continually enhancing our partnerships with government.
H.R. 3696 recognizes the necessary partnership between the private and public sectors required to better protect our Nation’s cybersecurity infrastructure. Among other provisions, this bill would strengthen existing mechanisms such as the Financial Services Sector Coordinating Council (FSSCC) and the Financial Services Information Sharing and Analysis Center (FS-ISAC) that help our sector identify threats, respond to cyber incidents and coordinate with government partners. These organizations work closely with partners throughout the government, including our sector specific agency, the Department of Treasury, as well as the Department of Homeland Security. Each agency has a civilian mission and plays a unique role in sector cybersecurity efforts and both work to strengthen the sector’s understanding of the threat environment.
Additionally H.R. 3696 seeks to improve the provisioning of security clearances for those involved in cybersecurity information sharing. We welcome the language accepted in subcommittee to ensure the appropriate individuals throughout critical infrastructure receive necessary information to understand the growing cyber threat.
The financial services sector recognizes the need for consumer privacy in implementing security techniques. We urge the Committee to ensure the bill provides the appropriate balance to protect privacy, while allowing financial institutions to evaluate information for cybersecurity threats. Specifically, we recommend targeting Section 205 to ensure financial institutions can continue to perform the necessary efforts to protect consumers and the nation from cybersecurity threats. Finally, H.R. 3696 expands the existing Support Anti-Terrorism by Fostering Effective Technologies Act (SAFETY Act) to provide important legal liability protections for providers and users of certified cybersecurity technology in the event of a qualified cybersecurity incident. We urge Congress to work with the Department of Homeland Security to ensure that, should this provision be adopted, the expanded SAFETY Act is implemented in a manner that does not duplicate or conflict with existing regulatory requirements, mandatory standards, or the evolving voluntary National Institute for Standards and Technology (NIST) Cybersecurity Framework. An expansion of the program must be coupled with additional funding to enable DHS to handle the increased scope of program and subsequent increase in applicants. Further, it is incumbent that an expansion enables DHS to streamline its SAFETY Act review and approval process so as not to discourage participation in the program.
Our sector has actively engaged in the implementation of Executive Order 13636 and the development by the National Institute of Standards and Technology of a Cybersecurity Framework. We believe the process outlined in H.R. 3696 should reflect the Framework developed through this cross-sector collaborative process.
Each of our organizations and respective member firms have made cybersecurity a top priority. We are committed to working with you as you lead in this crucial fight for cybersecurity of critical infrastructure.
American Bankers Association
The Clearing House
Credit Union National Association (CUNA)
Financial Services – Information Sharing and Analysis Center (FS-ISAC)
Financial Services Roundtable
Independent Community Bankers Association (ICBA)
Investment Company Institute
NACHA-The Electronic Payments Association
National Association of Federal Credit Unions (NAFCU)
Securities Industry and Financial Markets Association (SIFMA)
Cc: House Committee on Homeland Security