Addressing weak links in a cyber world

We live in a cyber world with a vast array of technologies used by industries, organizations, governments, and people. This reliance on technology saves time and provides cost efficiencies to consumers and businesses, including businesses critical to our national infrastructure. However, the ever-growing scope, sophistication, and organization of cyber attacks demands that government, businesses and American consumers take an active role in cybersecurity.

The connectivity provided by the Internet has benefits and drawbacks, and both demand understanding and action from each stakeholder to ensure the overall system is protected. Without holistic implementation of security principles, bad actors and criminals will simply exploit the weakest link.

Because of this, Congress, in its debate over cybersecurity legislation, should take a comprehensive approach, to determine appropriate security standards for all businesses, and as a result, provide more effective protection to consumers.

Financial services companies are committed to protecting the safety and soundness of the industry and consumer data. The industry’s current cyber protections and proactive approach underscore this commitment. The industry continuously implements new techniques to respond to existing and emerging cyber threats. For example, the industry has worked and continues to work to increase controls to authenticate customers, encrypt sensitive customer data, monitor customers’ accounts for unusual activity, and use secure processes to store and transmit communications.

The industry’s voluntary efforts are strengthened by a multitude of regulations enforced by numerous agencies specific to financial services. The combination of these voluntary efforts and regulatory requirements contribute to a safer cyber environment for financial services, but, given the interconnected nature of the Internet, unfortunately, weak links remain.

Congress has the opportunity to strengthen cybersecurity for all market participants and should:

-    Improve information sharing to allow the private sector and government to share real-time information on threats and solutions, while protecting consumers privacy and the information shared,
-    Build upon existing initiatives by encouraging voluntary participation of all sector participants in risk assessments and security requirements,
-    Recognize the depth of experience of the financial services industry and allow current financial services regulators to build upon the effective, existing security protocols,
-    Increase funding for government to research to develop and test next generation security controls, and
-    Update the criminal code to adequately include cyber crime and enhance law enforcement capabilities to investigate and prosecute criminals internationally.

We all play a critical role in the cyber landscape and rely on each other in the digital marketplace. Our nation’s cybersecurity demands active participation of the government, business and every consumer. The financial services industry is committed to evolving our cybersecurity practices, and we ask Congress to provide the most effective framework to strengthen cybersecurity.

Smocer is president of BITS, the technology policy division of the Financial Services Roundtable.

---