Newsroom

November 15, 2017

WH heeds NAFC's call for transparency in cybersecurity efforts

The Presidential Cybersecurity Commission yesterday announced steps it is taking to increase transparency in its Vulnerabilities Equities Process (VEP). This is welcome news to NAFCU, a leading advocate for improved national data security standards that has urged clarification of the VEP's scope to better understand its impact on financial sector cybersecurity.

NAFCU Director of Regulatory Affairs Alexander Monterrubio, in a letter last year regarding cybersecurity in a digital economy, offered several recommendations to improve the collaboration among the National Institute of Standards and Technology (NIST), other stakeholders and financial regulators.

One recommendation was to have the commission "clarify the scope of the [VEP] and how it impacts financial regulation."

White House Cybersecurity Coordinator Rob Joyce, in a blog post published yesterday titled "Improving and Making the Vulnerability Equities Process Transparent is the Right Thing to Do," described the VEP's role as "balancing whether to disclose vulnerability information to the vendor with expectation that they will patch the vulnerability, or temporarily restrict knowledge of the vulnerability so that it can be used for national security or law enforcement purposes."

Joyce also outlined steps the commission is taking to reduce national security risks related to cybersecurity and hold bad actors accountable.

"NAFCU believes that more transparent procedures for determining when the government will publicly announce flaws it discovers in financial sector infrastructure would greatly improve consumer confidence in the safety of both banks and credit unions," Monterrubio wrote last year.

NAFCU will continue to monitor White House efforts to strengthen the country's cybersecurity and encourage communication to ensure stakeholders are responsibly informed about vulnerabilities.