March 14, 2013 – The need for a legislative solution that goes beyond what the president’s executive order on cybersecurity establishes was a key focus of a hearing held Wednesday by the House Committee on Homeland Security.
Jane Holl Lute, deputy secretary of the Department of Homeland Security, testified about what the DHS is doing to implement the information sharing component of the executive order, which was signed Feb. 12. The executive order requires the agency to work with the Attorney General to establish a process for disseminating information about a cyber threat to targeted private entities within 120 days.
When President Obama signed the executive order, he noted that more work needed to be done and called on Congress to act.
NAFCU agrees that legislation is needed. Prior to the hearing, NAFCU Vice President of Legislative Affairs Brad Thaler urged leaders of the committee to support NAFCU-backed data security measures as outlined in the association’s five-point plan for regulatory reform, which include: national standards for data security, liability if such standards are not met and immediate notification to financial institutions and their account holders when breaches occur.
Lute said Congress should pass legislation that creates a national data breach notification law that will guide companies on when they need to report intrusions into their computer networks and systems. He also said legislation should include measures to improve information sharing about cyber threats, protect privacy, affirm the department's role in leading the federal government's cybersecurity efforts, and establish a framework of cybersecurity standards.
Homeland Security Committee Chairman Michael McCaul, R-Texas, emphasized the need for Congress to build consensus around legislation in order to prevent another major disaster. “We cannot allow turf battles to hinder us from developing the defenses necessary to prevent cyber attacks,” he said.