FSSCC urges NIST to focus on privacy
Dec. 16, 2013 – The Financial Services Sector Coordinating Council, of which NAFCU is a founding member, last week applauded the National Institute of Standards and Technology for its engagement with the financial sector in developing its cybersecurity framework but urged that it give more weight to privacy considerations.
“The FSSCC believes that critical to successful adoption and implementation of this Framework is a clear risk-based methodology that strengthens cybersecurity programs, appropriately highlights privacy considerations, takes into account existing requirements, and supports continued innovation and effective business management strategies, regardless of sector,” the letter says.
The council specifically recommends that the Framework guide implementing companies to consider the privacy implications of network security interactions and focus on the privacy issues affected by an organization’s cybersecurity measures. It suggests an “Alternative Methodology to Protect Privacy for a Cybersecurity Program” in an appendix to the letter.
NAFCU President and CEO Dan Berger on Friday noted efforts underway to ensure credit unions are prepared for cyberattacks. “NAFCU is keenly aware of the cyber threats facing credit unions and our nation,” he said. “We are not only closely involved in policy development, both with Congress and the Administration, but are greatly expanding our education efforts.”
The letter from FSSCC praises the framework’s use of a risk-based approach. It makes suggestions for a future roadmap for the framework relating to supply chain risk management, threat indicators and other issues.
Richard Clarke, an expert in cybersecurity and CEO of Good Harbor Security Risk Management, will provide a keynote address, “Cyber War: Threat Level Elevated,” at NAFCU’s CEOs and Senior Executives Conference, which takes place April 1-3 in Charleston, S.C. Clarke worked at the White House under three consecutive presidents and taught at the Harvard Kennedy School of Government.