Following the JP Morgan data breach over the summer and “60 Minutes” calling 2014 the “year of the data breach” last week, Congress is getting serious about the cyber threats facing the financial industry.
The Senate Banking Committee held a hearing Wednesday on coordinating efforts between the private and public sectors to best prevent cyber hacks and respond quickly when a breach occurs.
“Responsible management of cyber risks by financial institutions is important for consumer protection, financial stability, privacy, and national security,” said Tim Johnson (D-SD), the Banking Committee’s chairman. “Not only are financial institutions frequent targets of cyber crime, they are uniquely interconnected with major sectors of the economy. Cyberattacks may cause damage to the financial system without directly attacking a bank, including through third party providers.”
The Securities Industry and Financial Markets Association submitted testimony of its efforts to identify vulnerabilities, improve cybersecurity and prepare individual firms to respond to a cyber attack. The letter urged policymakers to continue government participation in cybersecurity exercises and to harmonize regulations to make them more effective.
“Industry looks to the government to help identify uniform standards, promote accountability across the entire critical infrastructure, and provide access to essential information,” SIFMA said in its testimony. SIFMA referenced its own “Principles for Effective Cybersecurity Regulatory Guidance” as a guide for creating regulations that encourage collaboration between industry and government.
Sharing information about cyber threats was a major focus of the hearing, and SIFMA supported implementing Soltra Edge, a program from the Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Depository Trust and Clearing Corporation (DTCC), as the industry standard for collecting and sharing cyber threat information. SIFMA also promoted the NIST Cybersecurity Framework as a starting point to building a security infrastructure.
Brian Peretti, the director of the Treasury’s Office of Critical Infrastructure Protection and Compliance Policy, seconded the benefits of the NIST Cybersecurity Framework in his witness testimony and said that the Treasury encouraged financial services firms of all sizes to utilize it. Peretti also praised the efforts of SIFMA in developing auditable standards for the Framework.
SIFMA urged Congress to pass the Cybersecurity Information Sharing Act of 2014, saying it would be the best place “for Congress to engage more productively in this effort to improve our cybersecurity.”
“Congress should move swiftly,” SIFMA said. “We cannot wait for the next attack to legislate, but must remain vigilant and proactive and provide the private sector with laws that will enable us to better protect ourselves and collaborate with out government partners.”
The hearing marked the last for chairman Johnson, who chose not to seek re-election in November. In his opening remarks, he urged ranking member Mike Crapo (R-Idado) and members of the next Congress to act quickly to address cybersecurity concerns.