WASHINGTON—NAFCU President and CEO Dan Berger – on behalf of the association's Cybersecurity and Payments Committee – has written a letter to President Donald Trump supporting his executive order directing the strengthening of the federal government's cybersecurity.
The executive order requires federal agencies to adopt the National Institute of Standards and Technology's cybersecurity framework for managing cybersecurity risks.
"NAFCU anticipates that federal adoption of the Framework will improve our nation's cybersecurity posture, ensure that agencies and stakeholders are speaking the same language when it comes to cybersecurity, and yield new insights regarding effective risk management," the letter said.
"Since the Framework was released in 2014," the letter continued, "the coordinated efforts of prudential regulators, NIST, and other information sharing and analysis centers (ISACs) in the financial sector have demonstrated that financial institutions are capable of voluntarily implementing cybersecurity best practices."
The NAFCU committee is made up of representatives from member credit unions. Berger, on behalf of the committee, noted the seriousness of recent ransomware attacks and emphasized the importance of government and private sector cooperation.
The letter also urged that any "best practices" not be allowed to turn into "de facto regulation" or to use a "one size fits all" approach, which would not benefit credit unions. Berger urged that any framework remain voluntary.
Many NAFCU member credit unions have used and benefited from NIST's cybersecurity framework. The association has encouraged NIST to work with other regulators and industry stakeholders to clarify how its framework should be used or adopted, while emphasizing that there is no one-size-fits-all approach to cybersecurity.
NAFCU added that it continues to push for Congress to pass a strong national data security standard for retailers that would hold them to the same standards credit unions already follow under the Gramm-Leach-Bliley Act.