WASHINGTON (7/31/12)--The Credit Union National Association (CUNA) and a coalition of partners, including the Banking Industry Technology Secretariat, continue to evaluate a recently introduced U.S. Senate cybersecurity bill, with that legislation set for discussion and a possible vote this week.
The bill, known as the Cybersecurity Act of 2012 (S. 3414), would establish voluntary cybersecurity standards in a bid to improve critical information protections.
CUNA and others are concerned that the voluntary security standards could eventually become mandatory, thus imposing a new burden on financial institutions.
CUNA has repeatedly said that the data security standards followed by credit unions and other financial institutions are strong, and the addition of new potentially duplicative data security standards could create issues for credit unions.
S. 3414 would also establish a National Cybersecurity Council, which would include appointed representatives from the Department of Commerce, Department of Defense, Department of Justice, the intelligence community, and various "sector-specific" federal agencies, as appropriate.
The council, according to a White House release, would "coordinate the identification of voluntary cybersecurity practices for critical cyber infrastructure." The council would also present yearly assessments of the state of the nation's cybersecurity to various congressional committees.
Amendments are expected to be offered once the bill comes up for debate prior to a vote. CUNA has worked with senators on data security amendments, and those may be offered as part of the amendment process.
Sen. Joe Lieberman (I-Ct.), a sponsor of the bill, noted in a release that the number of cyber-attacks increased 17-fold between 2009 and 2011, and added that many of those attacks targeted critical infrastructure.
"Defense of our most critical networks, largely owned by the private sector, is vital to our national security and economic prosperity," Lieberman said in a joint release with fellow cosponsor Sen. Susan Collins (R-Maine). The senators urged their colleagues to approve the new cybersecurity legislation.
If the Senate passes a cybersecurity bill, that body will have to work out any differences between its bill and a bill approved earlier this year by the U.S. House before new rules can become law.
The Cyber Intelligence Sharing and Protection Act (CISPA), which passed the House this spring, would task an Office of the Director of National Intelligence with developing cyber-threat information sharing guidelines between public- and private-sector organizations.
The bill would also provide privacy protections for consumers by limiting the inclusion of consumer data in shared threat information.