NRF moving forward with creation of program that will provide retailers with access to information on cybersecurity threats identified by other retailers, government and law enforcement agencies, financial services sector
April 14, 2014
– First Step in Establishment of Retail and Merchant Industry Information Sharing and Analysis Center for Cybersecurity
The National Retail Federation is moving forward with the creation of a program that will provide retailers access to information on cybersecurity threats identified by retailers, government and law enforcement agencies and partners in the financial services sector. The program, developed in consultation with the Financial Services Information Sharing and Analysis Center (FS-ISAC), will launch with the establishment of an information-sharing platform for retail industry information security specialists, and plans call for a retail ISAC to be established in June.
“We believe a heightened and well coordinated information sharing platform such as a retail ISAC is a vital component for helping retailers in their fight against cyber attacks,” NRF President and CEO Matthew Shay said. “Establishing a new program takes time, but time is not our friend when it comes to stopping these sophisticated and unpredictable criminals. The willingness of the FS-ISAC to work with retailers provides our industry with a new and important tool as we explore all of the options available for merchants to protect their customers and their businesses.”
Responding to the NRF announcement, Senator Mark Warner (D-VA) said, “Establishing a Retail and Merchant ISAC will allow the industry to better share information that could help prevent the types of widespread consumer data thefts we now are seeing. I am pleased to see FS-ISAC collaborating with retailers to establish a tool for real-time sharing of information and best practices around the serious and growing threat of hacking, cyber and identity theft.” In early February of this year, Senators Warner and Mark Kirk (R-IL) called for the establishment of a Retail and Merchant Industry ISAC in a letter to the Federal Trade Commission.
Cy Fenton, senior vice president, information technology (CIO) at Books-A-Million, Inc. said, “As an industry, it is critically important that we continue to work together and identify problems while providing solutions that prevent criminal hacking and the resulting data breaches. The safety and security of our customers unites retailers large and small, and information sharing is one of several important steps we are taking in order to achieve this mission critical goal.”
Fenton is chairman of the IT Security Council, a sub-committee of the NRF CIO Council, composed of CIOs and other technology experts from over 120 leading retailers and industry partners. The group has been meeting regularly to discuss existing cybersecurity programs as well as exploring new opportunities for retailers.
“In partnership with key stakeholders, NRF is committed to finding broad-based, long-term solutions to ensure that consumers’ sensitive information remains secure. It is a retailer’s top priority,” Shay said. “Implementing robust security solutions with innovative technologies and information sharing to protect consumer data and the integrity of our payment systems is a start, but we will always need to stay one step ahead of these determined criminals.”
Recently, representatives from NRF held in-depth discussions with the United States Secret Service and other law enforcement agencies for insight and guidance on how to improve communication, identify available resources and collaborate more effectively to help retailers combat criminal cyber activity.
NRF has also retained the services of Kim Peretti, a partner in the law offices of Alston and Bird, LLC. Peretti is part of the firm’s White Collar Crime Group and co-chairs the Security Incident Management and Response Team. She is also a former director of PricewaterhouseCoopers’ cyber forensic investigation unit and a former senior litigator for the Department of Justice's Computer Crime and Intellectual Property Section.
As announced in January, the NRF is working closely with the cybersecurity professionals from The Chertoff Group, providing NRF members with the highest level of insight and guidance in risk management and cybersecurity expertise.
NRF is the world’s largest retail trade association, representing discount and department stores, home goods and specialty stores, Main Street merchants, grocers, wholesalers, chain restaurants and Internet retailers from the United States and more than 45 countries. Retail is the nation’s largest private sector employer, supporting one in four U.S. jobs – 42 million working Americans. Contributing $2.5 trillion to annual GDP, retail is a daily barometer for the nation’s economy. NRF’s This is Retail campaign highlights the industry’s opportunities for life-long careers, how retailers strengthen communities, and the critical role that retail plays in driving innovation. www.nrf.com.
National Retail Federation
Stephen Schatz or Bethany Aronhalt, 855-NRF-PRESS