WASHINGTON (4/10/13)--Credit unions are already subject to robust data security requirements and standards, and should not be subject to additional regulations, Credit Union National Association Assistant General Counsel Dennis Tsang wrote in a comment letter filed with the National Institute of Standards and Technology (NIST).
The CUNA letter follows an NIST request for information on developing a framework to improve cybersecurity for critical infrastructure.
While a limited number of credit unions and other financial institutions have been the subject of cyberattacks and data breaches, "these problems do not mean that more regulation in this area is required for financial institutions," Tsang noted. "On the contrary, financial institution systems have been tested like few others, and are probably ahead of some other sectors in the evolution and adoption of defensive measures," he wrote.
NIST should instead "focus on maximizing the ability of the federal government to address communications and other gaps that undermine the ability of sectors such as financial institutions to protect themselves" and fully assess whether new or revised security standards are needed for non-financial entities. Increased coordination between national enforcement and intelligence-gathering agencies could help to more quickly identify potential threats, the CUNA letter added.
Tsang in the letter suggested that NIST coordinate any critical Infrastructure cybersecurity initiatives it undertakes with both public and private stakeholders going forward, and also protect business confidentiality, individual privacy and civil liberties.
"By working with the Department of Homeland Security and national intelligence agencies, sector-specific agencies, including the U.S. Treasury, [National Credit Union Administration] and other regulators; the Financial Services Sector Coordinating Council (FSSCC) and other sector-coordinating councils, and CUNA and other trade associations, NIST will be better able to identify, refine, and guide the many interrelated cybersecurity considerations from all key sectors," he wrote.
CUNA is a member of the FSSCC, which is comprised of more than 50 financial services entities and associations and works closely with the Financial and Banking Information Infrastructure Committee. That group coordinates the government's critical infrastructure efforts. The NCUA and U.S. Treasury are members of the group.
For the full CUNA comment letter, use the resource link.