-
The White House issued an executive order on Tuesday that aims to strengthen protection of the nation's critical infrastructure against cyberattack.
February 12 -
The best incentive banks have to strengthen their cyber defenses? To preserve customer trust.
April 29 -
The nation's biggest banks have a message for the government on efforts to bolster cybersecurity protections: We're already facing plenty of standards.
April 11 -
The White House says the nation needs new laws to reinforce its cyber defenses but that the push should not come at the cost of privacy.
May 2
The U.S. government's push to fortify the nation's cyber defenses should complement industry efforts, bank and credit union lobbying groups are expected to tell Congress on Tuesday.
Financial networks are already subject to significant laws, regulations and standards that tie to cybersecurity, the American Bankers Association said in testimony prepared for a hearing before the House Energy and Commerce Committee.
The hearing, at which the panel is expected to take testimony from the financial, energy, telecommunications and defense industries, comes amid a push by the White House for a voluntary system that would encourage sharing of information about pending threats among the government and owners of critical infrastructure. The hearing also follows a
An
"ABA believes it is particularly important that NIST's efforts complement and build upon existing cybersecurity standards adopted by the U.S. financial services industry," Charles Blauner, Citigroup's (NYSE:C) global head of information security, wrote in prepared testimony on behalf of the trade group.
The ABA supports both the Obama administration's development of the framework and the Cyber Intelligence Sharing and Protection Act, or CISPA, a bill the House passed in April that would authorize U.S. intelligence agencies to share cyber threats with private-sector firms, according to Blauner, who also chairs the Financial Services Sector Coordinating Council.
The council's members include JPMorgan Chase (JPM), Bank of America (BAC), Wells Fargo (WFC), Fannie Mae, Freddie Mac, MasterCard (MA), PayPal, Visa (NYSE:V) and roughly 48 other companies, associations and exchanges.
The National Association of Federal Credit Unions, which also belongs to the council, urged the committee separately on Monday to shield credit unions from some of the costs of data breaches such as those that occurred in 2011 when thieves stole credit card information from retailer Michael's Stores and Sony.
"It is the credit union or other financial institution that must notify its account holders, issue new cards, replenish stolen funds, change account numbers and accommodate increased customer service demands that inevitably follow a major data breach," Dan Berger, NAFCU's head of government affairs, wrote in a letter to the committee. "The negligent entity that caused these expenses by failing to protect consumer data loses nothing and is often undisclosed to the consumer."
The ABA urged the committee to let each industry spearhead development of a framework that makes sense for its members.
"We strongly recommend that each sector coordinating council take the lead in developing a framework that is specific to that sector so that critical infrastructure can be identified in a manner that is repeatable, transparent and predictable," wrote Blauner.
Blauner added that the framework should build upon current regulatory oversight and avoid duplicative audits, as well as include incentives "compelling enough to affect corporate investment behavior."
The framework also will demand trust, said Blauner, who noted that the ABA, the council and the Financial Service Information Sharing and Analysis Center, or FS-ISAC, have worked to promote trust among financial services firms, regulators, law enforcement and intelligence agencies.
"Trust cannot be legislated, trust must be earned and we cannot afford to do anything that damages the levels of trust that have already been established," Blauner wrote.