December 3, 2014
Dear Congressional Leaders:
As the co-chairs of the Merchant and Financial Associations Cybersecurity Partnership, we are writing on behalf of all of the 19 participating trade association members to share consensus principles that we encourage Congress to adopt in considering cybersecurity information sharing legislation. The Partnership was launched in February in response to several high profile breaches. Over the past eight months, we have collaborated to enhance security in order to protect customers and their data from cyber threats and to bolster consumer confidence in the payments system.
As you know, retailers and financial institutions face constant attacks from cybercriminals. While we are generally successful at repelling these attacks, recent history shows that even the best protected networks can be breached. Over the past year, the partnership has worked to address these threats through a variety of means. One way to prevent attacks is by having better information sharing between and among industry and government. This is critical, as attackers become more sophisticated, we must have the ability to learn from each other to better protect consumers. Working together, the merchant and financial services communities support federal legislation that would increase the current level of voluntary cybersecurity information sharing, while recognizing and responding to key privacy concerns, by:
- Modifying current constraints to allow for improved information sharing;
- Enabling existing information sharing and analysis through flexible mechanisms to gain access to important cyber threat information;
- Increasing threat information sharing between the public and private sectors and within and between private sectors by providing a safe harbor from liability concerning the accuracy of and use of that shared information;
- Increasing funding for government for research to develop and test next generation security controls;
- Updating the criminal code to adequately include cybercrime; and
- Enhancing law enforcement capabilities to investigate and prosecute criminals internationally.
We believe that federal legislation that embodies these principles will materially improve the security of all of our systems and ultimately consumers. In cooperation with the relevant Congressional Committees we have often worked toward these goals already. But now we must all unite and pass comprehensive legislation that will allow us to share information to better combat cybercriminals.
Please do not hesitate to contact us if we can answer any questions on this important issue. We stand ready to brief you at any time on this issue and our response to it.
The Honorable Tim Pawlenty
Chief Executive Officer
Financial Services Roundtable
Sandra L. Kennedy
Retail Industry Leaders Association
Partnership Members: American Bankers Association, American Hotel and Lodging Association, Consumer Bankers Association, Electronic Transactions Association, Financial Services Forum, Financial Services Roundtable, Food Marketing Institute, Independent Community Bankers of America, International Council of Shopping Centers, International Franchise Association, Merchant Advisory Group, NACHA, National Association of Chain Drug Stores, National Association of Convenience Stores, National Grocers Association, National Restaurant Association, National Retail Federation, Retail Industry Leaders Association, The Clearing House