Coalition of 10 associations led by NRF sent a letter to Senate in support of an amendment of the Cybersecurity Information Sharing Act of 2015

WASHINGTON, 2015-10-22 — /EPR Retail News/ — A broad-based coalition of 10 associations led by the National Retail Federation sent a letter today to Senate leadership in support of an amendment by Senator Tom Cotton to S. 754, the Cybersecurity Information Sharing Act of 2015, that would give liability protection to businesses that share cyber threats with the Federal Bureau of Investigations and the U.S. Secret Service rather than just the Department of Homeland Security.

“NRF is leading the fight against data theft because the retailer-consumer relationship depends on trust, and cyberattacks erode that trust,” said Senior Vice President for Government Relations David French. “Hackers target a wide variety of businesses, but data thefts committed against retailers draw attention because retail stores are names consumers know and places where they shop every day. We are committed to stopping this criminal threat to our customers and the industry.”

Noting in its letter that “A major barrier that prevents the business community from working to combat these unprecedented attacks is the risk of costly frivolous lawsuits,” the coalition urged the Senate to pass CISA and “remove this roadblock to cyber defense.”

The coalition also wrote that CISA would be improved by the amendment offered by Cotton. As written, the legislation would provide liability protection only when threats are shared with DHS. Under Cotton’s amendment, the protection would be extended to cover sharing with all three agencies. “This amendment recognizes the reality that for non-critical infrastructure sectors, the FBI and Secret Service are our longstanding partners and primary points of contact in fighting cyberattacks,” wrote the coalition. “Anything that hinders essential real-time communication cedes the field to our nation’s adversaries and weakens our economic security.”

NRF has led a sustained campaign over the past decade to address data security and protect retail customers. In addition to advocating for information-sharing legislation like today’s Senate bill, NRF has supported passage of a uniform federal data breach notification law to replace separate laws in 47 states and the District of Columbia. Notification legislation has been a top priority in Congress during 2015, and NRF testified before a Senate hearing in February that a federal law should cover banks, card processors and all entities that handle sensitive consumer data, not just retailers.

To help fight cybersecurity threats to retailers’ systems, NRF has also created the Information Technology Security Council, which keeps retailers up to date on the latest news, information and threats and has more than 150 actively-involved retail companies.

NRF is the world’s largest retail trade association, representing discount and department stores, home goods and specialty stores, Main Street merchants, grocers, wholesalers, chain restaurants and Internet retailers from the United States and more than 45 countries. Retail is the nation’s largest private sector employer, supporting one in four U.S. jobs – 42 million working Americans. Contributing $2.6 trillion to annual GDP, retail is a daily barometer for the nation’s economy. NRF’s This is Retail campaign highlights the industry’s opportunities for life-long careers, how retailers strengthen communities, and the critical role that retail plays in driving innovation. nrf.com

J. Craig Shearman
(202) 626-8134
press@nrf.com
(855) NRF-Press

RILA: Retailers express support for amendment offered by Senator Tom Cotton (R-AR) to the Cybersecurity Information Sharing Act of 2015 (CISA)

Arlington , VA,  2015-10-22 — /EPR Retail News/ —In a letter sent to Senate Majority Leader Mitch McConnell (R-KY) and Minority Leader Harry Reid (D-NV) today the Retail Industry Leaders Association (RILA), along with the Electronic Transactions Association (ETA), Food Marketing Institute (FMI), Healthcare Information Management Systems Society (HIMSS), National Association of Convenience Stores (NACS), National Association of Mutual Insurance Companies (NAMIC), National Council of Chain Restaurants (NCCR), National Grocers Association (NGA), National Retail Federation (NRF), and the Security Industry Association (SIA), expressed support for an amendment offered by Senator Tom Cotton (R-AR) to the Cybersecurity Information Sharing Act of 2015 (CISA). The amendment would extend liability protection for electronic sharing of cyber threat indicators with the Federal Bureau of Investigations (FBI) and United States Secret Service.

“Information sharing is a crucial component in combating cyberattacks and protecting consumer information. In order to rapidly share threat indicators and defensive measures in real time, businesses need to know they are doing so without the risk of frivolous lawsuits,” said Nicholas Ahrens, vice president of privacy and cybersecurity. “CISA addresses this by allowing safer and smarter collaboration across industries to strengthen our overall cyber defense.”

The Cybersecurity Information Sharing Act (CISA) introduced by Sens. Richard Burr (R-NC) and Dianne Feinstein (D-CA) establishes a strong legal framework for sharing information between the federal government and private entities regarding cyber threat indicators. Earlier this year, the House passed the Protecting Cyber Networks Act (PCNA), bipartisan legislation that similarly allows companies liability protections when sharing narrowly defined cyber threat indicators with the FBI and Secret Service.

“Cybercriminals are growing more sophisticated every day. Retailers remain committed to strengthening our cyber defense to protect consumers’ sensitive information and privacy,” said Ahrens. “We urge the Senate to pass both CISA and the Cotton Amendment without delay.”

Full letter text below.

RILA is the trade association of the world’s largest and most innovative retail companies. RILA members include more than 200 retailers, product manufacturers, and service suppliers, which together account for more than $1.5 trillion in annual sales, millions of American jobs and more than 100,000 stores, manufacturing facilities and distribution centers domestically and abroad.

###

 

October 21, 2015

The Honorable Mitch McConnell     The Honorable Harry Reid
Majority Leader                              Minority Leader
United States Senate                     United States Senate
Washington, DC 20510                  Washington, DC 20510

Dear Majority Leader McConnell and Minority Leader Reid:

On behalf of the undersigned associations, we write to express our strong support for an amendment by Senator Tom Cotton to S. 754, the Cybersecurity Information Sharing Act of 2015 (CISA), extending liability protection for the electronic sharing of cyber threat indicators with the Federal Bureau of Investigations (FBI) and United States Secret Service. We urge immediate consideration and passage by the full Senate.

Our associations embrace innovative technology to provide American consumers with unparalleled services and products online, through mobile applications, and in stores. While technology presents great opportunity, nation states, criminal organizations, and other bad actors are using it to attack businesses, institutions, and governments. As we have seen, no organization is immune from attack and no security system is invulnerable. We understand that defense against cyberattacks must be an ongoing effort, evolving to address the changing nature of the threat.

Remove the Roadblocks to Cyber Defense

A major barrier that prevents the business community from working together to combat these unprecedented attacks is the risk of costly frivolous lawsuits. We believe that Congress should enact legislation that gives businesses legal certainty that they have safe harbor against frivolous lawsuits when voluntarily sharing and receiving real time threat indicators and defensive measures and taking actions to mitigate cyberattacks. We urge the Senate to take up CISA to remove this roadblock to cyber defense.

Cotton Amendment Responsibly Enhances Real Time Sharing

Additionally, our associations believe that CISA would be improved by an amendment being offered by Senator Cotton that grants liability protection for electronic sharing of cyber threat indicators with the FBI and Secret Service outside of the DHS portal. This amendment recognizes the reality that for non-critical infrastructure sectors, the FBI and Secret Service are our longstanding partners and primary points of contact in fighting cyberattacks. Anything that hinders essential real time communication cedes the field to our nation’s adversaries and weakens our economic security.

Earlier this year, the House of Representatives passed, H.R. 1560, the Protecting Cyber Networks Act (PCNA), with an overwhelming bipartisan majority. That bill contained liability protections for electronic sharing of information with the FBI and Secret Service. The Cotton Amendment similarly would allow companies to be protected when sharing narrowly defined cyber threat indicators with law enforcement without altering sound privacy protective compromises that have been made to limit sharing with the national security apparatus. We call on the Senate to adopt this common sense fix to CISA to improve the bill and strengthen America’s cybersecurity posture.

Our associations are deeply committed to working with you and your colleagues to pass CISA and the Cotton Amendment in order to strengthen our cyber defense and give companies the legal protections they need. Cyberattacks are not going away and we urge the Senate to act without delay.
Sincerely,

Electronic Transactions Association (ETA)

Food Marketing Institute (FMI)

Healthcare Information and Management Systems Society (HIMSS)

National Association of Convenience Stores (NACS)

National Association of Mutual Insurance Companies (NAMIC)

National Council of Chain Restaurants (NCCR)

National Grocers Association (NGA)

National Retail Federation (NRF)

Retail Industry Leaders Association (RILA)

Security Industry Association (SIA)

cc: Members of the U.S. Senate​

Jason Brewer
Senior Vice President, Communications and Advocacy
Phone: 703-600-2050
Email: jason.brewer@rila.org

SOURCE: Retail Industry Leaders Association