SIFMA Makes Pitch for New Public-Private Alliance on Cybersecurity
In a document published this week, the Securities Industry and Financial Markets Association offered the federal government 10 principles it says should drive decision-making on cybersecurity issues facing the financial industry. Among them: a new working group that would allow federal agencies to coordinate with the financial sector.
The Securities Industry and Financial Markets Association isn’t afraid to offer its two cents in the discussion on the growing challenge of cybersecurity.
This week SIFMA released “Principles for Effective Cybersecurity Regulatory Guidance,” a document offering 10 suggestions meant to frame further federal action on the issue. It comes a few months after the industry group reportedly suggested the establishment of a public-private cyber-war council.
“The 10 principles articulated here are designed to facilitate next steps to further build and solidify a collaborative approach to cybersecurity that can foster innovation and strengthen efforts to combat cyber threats to the financial infrastructure,” the document states. “As regulators work on new and updated regulatory guidance, these principles can serve as guideposts to focus attention, highlight points of common concern, and underscore issues that may result in unintentional harm to the financial sector.”
Among SIFMA’s recommendations:
- The government should permit public-private collaboration in developing agency guidance.
- Cybersecurity guidance should be consistent across agencies to prevent a duplication of efforts and overlapping standards.
- Coordinated crisis response, in which companies and regulators work together to cut off access to information and systems and to inform key partners immediately in the event of a threat, should be a priority.
- The government should cultivate a policy of greater information sharing on cybersecurity matters between federal agencies and financial firms so that threat patterns can be detected more quickly, and this cooperation should be ruled by strict privacy protections and rigorous oversight.
Most notable, however, may be a recommendation that the government launch a working group “that can facilitate coordination across the agencies, including independent agencies and SROs [self-regulatory organizations], and receive industry feedback on suggested approaches to cybersecurity.”
“Effective and consistent regulatory guidance is a critical component of the broader cyber defense effort, as it promotes best practices and accountability across the financial sector,” SIFMA President and CEO Kenneth E. Bentsen said of the proposal in a news release.
As Reuters reported, the new proposal comes just weeks after JPMorgan Chase announced that a data breach at its firm affected 83 million of its customers, exposing names, addresses, email addresses, and phone numbers.