July 21, 2014

TO THE MEMBERS OF THE UNITED STATES SENATE:

The U.S. Chamber of Commerce, the worlds largest business federation representing the interests of more than three million businesses of all sizes, sectors, and regions, as well as state

and local chambers and industry associations, and dedicated to promoting, protecting, and

defending Americas free enterprise system, supports S. 2588, the Cybersecurity Information Sharing Act of 2014 (CISA), which was passed by the Select Committee on Intelligence on July 8 by a strong bipartisan vote of 12 to 3.

The Chamber believes that CISA would strengthen the protection and resilience of

businesses information networks and systems against increasingly sophisticated and malicious actors. The bill would also complement the National Institute of Standards and Technology

(NIST)-coordinated cybersecurity framework, which many business associations and companies

are embracing and promoting with their constituents. The 2013 executive order that created the

framework is focused, in large part, on increasing the volume, timeliness, and quality of cyber threat information shared with businesses so that they can better defend themselves against cyber attackers.

A fundamental goal of the Chambers cybersecurity policy is to enlarge government-to-business information sharing. The Chamber also seeks to persuade businesses to share cyber

threat data with appropriate industry peers and civilian government entities to bolster U.S.

systems and make the costs of cyber attacks increasingly steep. Several industry sectors have

information sharing and analysis centers (ISACs) that operate at differing levels of maturity.

ISACs typically emphasize threat data sharing, research, and education and training.

Businesses stress that they need practical safeguards to increase their information-sharing

capabilities. CISAs targeted protectionsincluding limited liability, disclosure, regulation, and antitrustshould constructively influence businesses decisions to share cyber threat data and countermeasures more quickly and frequently.

What is important is that CISA is headed in the right direction, and the Chamber looks

forward to working with committee staff to enhance the bill. CISA is one of several cyber

measures that the Chamber supports. At the outset of the 113th Congress, the Chamber urged

Congress and the administration to focus on improving information sharing and related

protections, pursuing international cooperation against cybercrime and the theft of intellectual

property, enhancing national cybersecurity research and development, reforming the Federal

Information Security Management Act of 2002, and heightening public awareness and education.

The goal of CISA is to help companies achieve timely and actionable situational

awareness to improve the business communitys and the nations detection, mitigation, and response capabilities. The bill would also strengthen the security of personal information that is

maintained on company networks and systems.

The Chamber strongly supports this bill and urges the Senate to bring up CISA and pass

it expeditiously.

Sincerely,

R. Bruce Josten