In a letter to Senate Majority Leader Mitch McConnell (R-KY) and Minority Leader Harry Reid (D-NV) today the Retail Industry Leaders Association (RILA), along with the Food Marketing Institute (FMI), National Association of Convenience Stores (NACS), and the National Retail Federation (NRF), expressed support for an amendment by Senator Tom Cotton to the Cybersecurity Information Sharing Act (CISA), bipartisan legislation designed to combat cyber threats and increase information sharing among companies and federal entities.The Cotton Amendment would grant liability protection for electronic sharing of cyber threat indicators with the FBI and Secret Service outside of the DHS portal, mirroring liability protections passed in the House earlier this year with an overwhelming bipartisan majority.
"Protecting the business community from frivolous lawsuits when sharing threat indicators and defensive measures is essential for collaboration across industries and is a key component in our defense against the growing sophistication and ongoing threat of hackers and cyber-attacks," said Nicholas Ahrens, vice president, privacy & cybersecurity. "By enhancing public and private information sharing, CISA will help improve the overall cyber hygiene and data security practices of businesses nationwide and keep sensitive information secure."
The Cybersecurity Information Sharing Act (CISA) introduced by Sens. Richard Burr (R-NC) and Dianne Feinstein (D-CA) establishes a standard procedure of sharing information between the federal government and private entities regarding cyber threat indicators.
"Retailers are deeply committed to passage of the Cotton Amendment and CISA to strengthen our cyber defense and give companies the legal protections they need. Cyber-attacks are not going away, and we urge the Senate to act without delay.," said Ahrens.
Full letter text below.
RILA is the trade association of the world's largest and most innovative retail companies. RILA members include more than 200 retailers, product manufacturers, and service suppliers, which together account for more than $1.5 trillion in annual sales, millions of American jobs and more than 100,000 stores, manufacturing facilities and distribution centers domestically and abroad.
August 3, 2015
The Honorable Mitch McConnell The Honorable Harry Reid
Majority Leader Minority Leader
United States Senate United States Senate
Washington, DC 20510 Washington, DC 20510
Dear Majority Leader McConnell and Minority Leader Reid:
On behalf of the undersigned associations, we write to express our strong support for an amendment by Senator Tom Cotton to S. 754, the Cybersecurity Information Sharing Act of 2015 (CISA), extending liability protection for the electronic sharing of cyber threat indicators with the FBI and Secret Service. We urge immediate consideration and passage by the full Senate.
Our associations embrace innovative technology to provide American consumers with unparalleled services and products online, through mobile applications, and in stores. While technology presents great opportunity, nation states, criminal organizations, and other bad actors are using it to attack businesses, institutions, and governments. As we have seen, no organization is immune from attack and no security system is invulnerable. We understand that defense against cyberattacks must be an ongoing effort, evolving to address the changing nature of the threat.
Remove the Roadblocks to Cyber Defense
A major barrier that prevents the business community from working together to combat these unprecedented attacks is the risk of costly frivolous lawsuits. We believe that Congress should enact legislation that gives businesses legal certainty that they have safe harbor against frivolous lawsuits when voluntarily sharing and receiving real time threat indicators and defensive measures and taking actions to mitigate cyberattacks. We urge the Senate to take up CISA to remove this roadblock to cyber defense.
Cotton Amendment Responsibly Enhances Real Time Sharing
Additionally, our associations believe that CISA would be improved by an amendment being offered by Senator Tom Cotton that grants liability protection for electronic sharing of cyber threat indicators with the FBI and Secret Service outside of the DHS portal. This amendment recognizes the reality that for non-critical infrastructure sectors, the FBI and Secret Service are our longstanding partners and primary points of contact in fighting cyberattacks. Anything that hinders essential real time communication cedes the field to our nation's adversaries and weakens our economic security.
Earlier this year, the House of Representatives passed, H.R. 1560, the Protecting Cyber Networks Act (PCNA), with an overwhelming bipartisan majority. That bill contained liability protections for electronic sharing of information with the FBI and Secret Service. The Cotton Amendment similarly would allow companies to be protected when sharing narrowly defined cyber threat indicators with law enforcement without altering sound privacy protective compromises that have been made to limit sharing with the national security apparatus. We call on the Senate to adopt this common sense fix to CISA to improve the bill and strengthen America's cybersecurity posture.
Our associations are deeply committed to working with you and your colleagues to pass CISA and the Cotton Amendment in order to strengthen our cyber defense and give companies the legal protections they need. Cyberattacks are not going away and we urge the Senate to act without delay.
Food Marketing Institute
National Association of Convenience Stores
National Retail Federation
Retail Industry Leaders Association