[ISN] Congress is looking into consumer data security: But will it actually act?

http://pando.com/2014/02/03/congress-is-looking-into-consumer-data-security-but-will-they-actually-act/ BY CALE GUTHRIE WEISSMAN Pando Daily FEBRUARY 3, 2014 Today in Washington, a congressional Banking, Housing, and Urban Affairs subcommittee met to discuss recent consumer financial data breaches, and the role retailers, bankers, and the government must play to prevent them from happening again. Leading the subcommittee was Congressman Mark Warner of Virginia, who detailed the necessity for swift action. He repeatedly called for unity among all players — including bankers, retailers, and credit cards — noting that all must be on the same page and not consider the others antagonists in order to successfully protect millions of consumers’ personal data. The elephant in the room was undoubtedly the ongoing Target and Neiman Marcus security breach, which allowed hackers access to millions of customers personal financial information. Executives from these companies will be testifying to Congress in the coming weeks. The looming question on the tip of each senator’s tongue was, what can be done to prevent such a data fiasco from happening again? Senator Mark Warner, the subcommittee’s chair, noted that last year cyber crime caused reportedly $300 billion in damage, and that that statistic has most definitely increased over the last year. He questions the tactics the Secret Service has taken when looking at and trying to block large-scale security breaches. “Why is that that the security service or even security bloggers are the first to know of these attacks,” pointing to private companies and news outlets who made the Target story public. He then queried, “why is it taking us so long to respond?” The first panelists at the hearing — William Noonan, Deputy Special Agent in Charge of the US Secret Service, and Jessica Rich, the Director of the FTC’s Bureau of Consumer Protection — didn’t provide too much insight into either of these question. They did insist, of course, that their organizations are working to protect such crimes from happening again. Given the constantly evolving state of cybercrime Noonan noted that “malware can be molded and changed per attack.” And he ultimately agreed that the legislative action would help his organization a great deal. Ms. Rich repeatedly harped on the fact that there is no federal standard for data security practices. “It would be extremely helpful to have a federal law around data security… with civil penalties,” she said. She continued repeating this as the hearing continued. […]