Last week, the Missouri Credit Union Association (MCUA) submitted a comment letter to the National Institute of Standards and Technology (NIST), highlighting that credit unions and financial institutions are already subject to robust data security requirements and standards, and should not be subject to additional regulations. NIST had issued an information request on developing a framework to improve cybersecurity for “critical infrastructure,” as one of the initial steps to implement the White House Executive Order and Presidential Policy Directive (PPD) on U.S. cybersecurity issued by the President in February 2013. MCUA believes NIST should focus on maximizing the ability of the federal government to address communications and other gaps that undermine the ability of sectors such as financial institutions to protect themselves and fully assess whether new or revised security standards are needed for non-financial entities.
Also, MCUA believes increased coordination between national enforcement and intelligence-gathering agencies could help to more quickly identify potential threats. We believe NIST should coordinate any “critical infrastructure” cybersecurity initiatives it undertakes with both public and private stakeholders going forward, and also protect business confidentiality, individual privacy, and civil liberties.