In an effort to prevent future data breaches on the scale seen over the last few years, cyber-security experts, along with card issuers like MasterCard and American Express, have gone to Washington in the hopes of drumming up support for legislation to make sharing information on cyber threats between companies and the federal government more reliable, according to The Hill.
Representatives from the government and card issuing companies have been at odds in the past over the nature of the relationship that has existed, or should exist, in regards to preventing fraud, but both share a common goal of reducing cyber attacks as more commerce becomes digitized and regulatory changes place a premium on card security with the new EMV rollout. A law to make cyber info sharing easier has been pushed by security and banking officials for years, but earlier versions were plagued by privacy concerns over government surveillance. One example was CISA, a bill that nearly passed the Senate last year, but raised concerns among privacy advocates over a provision that would require companies to share their data with the NSA, sparking a backlash over a possible loss of civil liberties. Last week, the White House proposed a similar piece of legislation to CISA, but would have the Department of Homeland Security deal with the public-private information network instead.
Spearheading the hearings on possible legislation are Sen. Ron Johnson (R-Wisconsin), chairman of the Senate Homeland Security and Governmental Affairs, as well as ranking member Sen. Tom Carper (D-Delaware), who both seem confident that getting a bill on President Barack Obama’s desk is attainable given the heightened focus on cybersecurity this year.
“If we concentrate on the shared goal of enhancing the economic and national security of America, and in this case trying to provide some measure of additional cybersecurity, I think that’s what’s going to bring this across the goal line,” Johnson said to reporters.
While neither senator would divulge too much on what that legislation would look like, witnesses at the Senate committee say that the industry needs to have government-granted liability protections before being able to share information, citing security and regulatory risks as well as potential blows to company reputations among their customers who trust them with their most confidential information. At the moment, the risks are too high to share data with the government, despite the need for stronger protections from hackers.