Retailers seeking cyber head for industry group

A group of retailers is hunting for an executive director to run their collective cybersecurity information sharing center, hoping to have the process wrapped up by January.

The director will assist the cybersecurity efforts of a number major retailers, including American Eagle, Gap, Home Depot, JC Penney, Lowe's, Nike, Safeway, Target, and Walgreens.

ADVERTISEMENT

According to a job description, the center’s head “will actively engage private sector stakeholders and government agencies to facilitate information sharing and strengthen the retail industry's capability and capacity to detect, prevent, respond to, and mitigate computerized attacks on retail networks.”

It’s the next step in the development of the center, known as the Retail Cyber Intelligence Sharing Center, or R-CISC. The Retail Industry Leaders Association (RILA) is backing the group.

A RILA spokesperson shared the group's anticipated R-CISC timeline with The Hill.

Since it’s May launch, the center has established its board of directors and gotten roughly 100 companies to participate in the info swap.

The private sector has been ramping up efforts to share information about cyber threats they are monitoring. Major U.S. banks recently revealed a cyber-threat-sharing software to give financial institutions a single location to report cyber threat information collected from myriad sources.

In November, the retail and financial industries teamed up with the Secret Service to issue guidelines on securing credit card readers during the busy holiday shopping season, which normally sees a spike in cyber attacks. Target’s breach occurred from a hack that infiltrated its payment machines during the 2013 holiday season.

The retail sector has been hit hard by cyber thieves in 2014. Executives at Target and Home Depot have been dragged before Congress following breaches that exposed the personal information of over 100 million customers. Target’s CEO even resigned in the wake of the breach.

In response, Congress has debated a number of bills that would require minimum levels of data security requirement for all companies handling personal information. Nothing has come close to passing.