In a letter sent to Senate Majority Leader Mitch McConnell (R-KY) and Minority Leader Harry Reid (D-NV) today the Retail Industry Leaders Association (RILA), along with the Electronic Transactions Association (ETA), Food Marketing Institute (FMI), Healthcare Information Management Systems Society (HIMSS), National Association of Convenience Stores (NACS), National Association of Mutual Insurance Companies (NAMIC), National Council of Chain Restaurants (NCCR), National Grocers Association (NGA), National Retail Federation (NRF), and the Security Industry Association (SIA), expressed support for an amendment offered by Senator Tom Cotton (R-AR) to the Cybersecurity Information Sharing Act of 2015 (CISA). The amendment would extend liability protection for electronic sharing of cyber threat indicators with the Federal Bureau of Investigations (FBI) and United States Secret Service.
“Information sharing is a crucial component in combating cyberattacks and protecting consumer information. In order to rapidly share threat indicators and defensive measures in real time, businesses need to know they are doing so without the risk of frivolous lawsuits,” said Nicholas Ahrens, vice president of privacy and cybersecurity. “CISA addresses this by allowing safer and smarter collaboration across industries to strengthen our overall cyber defense.”
The Cybersecurity Information Sharing Act (CISA) introduced by Sens. Richard Burr (R-NC) and Dianne Feinstein (D-CA) establishes a strong legal framework for sharing information between the federal government and private entities regarding cyber threat indicators. Earlier this year, the House passed the Protecting Cyber Networks Act (PCNA), bipartisan legislation that similarly allows companies liability protections when sharing narrowly defined cyber threat indicators with the FBI and Secret Service.
“Cybercriminals are growing more sophisticated every day. Retailers remain committed to strengthening our cyber defense to protect consumers’ sensitive information and privacy,” said Ahrens. “We urge the Senate to pass both CISA and the Cotton Amendment without delay.”
Full letter text below.
RILA is the trade association of the world's largest and most innovative retail companies. RILA members include more than 200 retailers, product manufacturers, and service suppliers, which together account for more than $1.5 trillion in annual sales, millions of American jobs and more than 100,000 stores, manufacturing facilities and distribution centers domestically and abroad.
October 21, 2015
The Honorable Mitch McConnell The Honorable Harry Reid
Majority Leader Minority Leader
United States Senate United States Senate
Washington, DC 20510 Washington, DC 20510
Dear Majority Leader McConnell and Minority Leader Reid:
On behalf of the undersigned associations, we write to express our strong support for an amendment by Senator Tom Cotton to S. 754, the Cybersecurity Information Sharing Act of 2015 (CISA), extending liability protection for the electronic sharing of cyber threat indicators with the Federal Bureau of Investigations (FBI) and United States Secret Service. We urge immediate consideration and passage by the full Senate.
Our associations embrace innovative technology to provide American consumers with unparalleled services and products online, through mobile applications, and in stores. While technology presents great opportunity, nation states, criminal organizations, and other bad actors are using it to attack businesses, institutions, and governments. As we have seen, no organization is immune from attack and no security system is invulnerable. We understand that defense against cyberattacks must be an ongoing effort, evolving to address the changing nature of the threat.
Remove the Roadblocks to Cyber Defense
A major barrier that prevents the business community from working together to combat these unprecedented attacks is the risk of costly frivolous lawsuits. We believe that Congress should enact legislation that gives businesses legal certainty that they have safe harbor against frivolous lawsuits when voluntarily sharing and receiving real time threat indicators and defensive measures and taking actions to mitigate cyberattacks. We urge the Senate to take up CISA to remove this roadblock to cyber defense.
Cotton Amendment Responsibly Enhances Real Time Sharing
Additionally, our associations believe that CISA would be improved by an amendment being offered by Senator Cotton that grants liability protection for electronic sharing of cyber threat indicators with the FBI and Secret Service outside of the DHS portal. This amendment recognizes the reality that for non-critical infrastructure sectors, the FBI and Secret Service are our longstanding partners and primary points of contact in fighting cyberattacks. Anything that hinders essential real time communication cedes the field to our nation’s adversaries and weakens our economic security.
Earlier this year, the House of Representatives passed, H.R. 1560, the Protecting Cyber Networks Act (PCNA), with an overwhelming bipartisan majority. That bill contained liability protections for electronic sharing of information with the FBI and Secret Service. The Cotton Amendment similarly would allow companies to be protected when sharing narrowly defined cyber threat indicators with law enforcement without altering sound privacy protective compromises that have been made to limit sharing with the national security apparatus. We call on the Senate to adopt this common sense fix to CISA to improve the bill and strengthen America’s cybersecurity posture.
Our associations are deeply committed to working with you and your colleagues to pass CISA and the Cotton Amendment in order to strengthen our cyber defense and give companies the legal protections they need. Cyberattacks are not going away and we urge the Senate to act without delay.
Electronic Transactions Association (ETA)
Food Marketing Institute (FMI)
Healthcare Information and Management Systems Society (HIMSS)
National Association of Convenience Stores (NACS)
National Association of Mutual Insurance Companies (NAMIC)
National Council of Chain Restaurants (NCCR)
National Grocers Association (NGA)
National Retail Federation (NRF)
Retail Industry Leaders Association (RILA)
Security Industry Association (SIA)
cc: Members of the U.S. Senate