Congress & President: Quit stalling on cyber threat information sharing legislation
Tim Pawlenty is the CEO of the Financial Services Roundtable
Financial institutions have been the targets of cyberattacks since the dawn of the internet. They fully recognize what cyberattacks could mean for customers, businesses and the economy.
Financial institutions haven’t taken anything for granted and have been dedicating massive resources to efforts to stay ahead of the attackers.
Secretary Lew’s recent remarks to the Alpha Conference suggested more needs to be done to encourage reporting of cyber attacks — and we fully agree. However, the Administration and Congress have not removed key barriers to improved threat information sharing. They should.
As noted by the Secretary in his remarks, the financial industry has enjoyed a close and open working relationship with the federal government on developing things like the NIST standards. For more than 15 years, the industry has worked with the government and law enforcement to share threat information in an effort to better prepare against cyber threats. But more clearly needs to be done.
Specifically, Congress needs to pass, and the President needs to sign, cyber threat information sharing legislation. Such legislation would encourage and enable companies to better share threat information with other companies and with the government. Such threat information sharing will improve cyber defenses and responses to attacks.
The U.S. House passed common-sense legislation to enable this kind of threat information sharing last year. The Senate has been considering similar legislation. But the longer we wait, the greater the risk to cyber systems.
The Administration issued a statement regarding the House legislation that included a veto threat. That threat, along with the Snowden revelations, have slowed the political will to act on cyber threat information sharing legislation. But Congress and the Administration shouldn’t wait for another large-scale attack like the attacks last year against some retailers to act.
Cyberattackers are highly coordinated in their attacks. Our cyber defenses should be even better coordinated. That is far less likely to happen if Congress and the Administration fail to pass and sign into law threat information sharing legislation. The time to act is overdue.