WASHINGTON, DC - The Subcommittee on Commerce, Manufacturing, and Trade, chaired by Rep. Lee Terry (R-NE), today held a hearing on “Protecting Consumer Information: Can Data Breaches Be Prevented?" In light of recent high-profile criminal attacks capturing the personal and financial information of millions of Americans, the subcommittee questioned witnesses from the government and private sector about what is currently being done to protect consumer data and ways to strengthen safeguards for sensitive information.
“We need to be realistic and recognize there is no ‘silver bullet’ that is going to fix this issue overnight. If we are to seriously address the problems surrounding consumer data security, it will take thoughtful and deliberate actions at all stages of the payment chain," said Chairman Terry. “I do not believe that we can solve this whole problem by codifying detailed, technical standards or with overly cumbersome mandates. Flexibility, quickness, and nimbleness are all attributes that are absolutely necessary in cyber security but run contrary to government’s abilities."
The Secret Service is one of the federal law enforcement agencies responsible for proactively investigating cyber crimes and they are often the first to notify victim companies that data has been compromised. William Noonan, Deputy Special Agent in Charge at the Cyber Operations Branch, explained that “the Secret Service has observed a marked increase in the quality, quantity, and complexity of cyber crimes targeting private industry and critical infrastructure." To help successfully respond to these evolving and sophisticated threats, Noonan urged greater information sharing among law enforcement and the public and private sector.
Lawrence Zelvin, Director of the National Cyber Security and Communications Integration Center at the Department of Homeland Security, also stressed the need for enhanced collaboration to address the sophisticated threat. He expressed, “Now, more than ever, there is a need for a civilian-government capability to engage not only with affected entities but with other critical infrastructure sectors and companies that also are at risk."
Target and Neiman Marcus were both victims of major breaches that are currently under federal investigation, and executives of the companies agreed to testify today about the attacks and their response. “Updating payment card technology and strengthening protections for American consumers is a shared responsibility and requires a collective and coordinated response. On behalf of Target, I am committing that we will be an active part of that solution," expressed Target Executive Vice President and Chief Financial Officer John Mulligan.
Payment Card Industry Security Standards Council General Manager Bob Russo explained that “the development of standards to protect payment card data is something the private sector, and PCI specifically, is uniquely qualified to do. It is unlikely any government agency could duplicate the expansive reach, expertise, and decisiveness of PCI." He also expressed the need for a “multi-layered" approach to help strengthen security, stating, “A complex problem cannot be solved by any single technology, standard, mandate, or regulation. It cannot be solved by a single sector of society-business, standards-setting bodies, policymakers, and law enforcement must work together to protect the financial and privacy interests of consumers."
Full committee Chairman Fred Upton (R-MI) concluded, “In short, the title of today’s hearing is an appropriate question to ask: ‘Can Data Breaches be Prevented?’ This is the right venue to discuss what businesses can reasonably do to protect data. Equally important, we need to find ways to minimize or eliminate the ability of criminals to commit fraud with data they acquire. Americans deserve to have the peace of mind that the government, law enforcement officials, and private industry are doing everything necessary to protect the public from future breaches."
