July 21, 2014

TO THE MEMBERS OF THE UNITED STATES SENATE:

The U.S. Chamber of Commerce, the worlds largest business federation representing the
interests of more than three million businesses of all sizes, sectors, and regions, as well as state
and local chambers and industry associations, and dedicated to promoting, protecting, and
defending Americas free enterprise system, supports S. 2588, the Cybersecurity Information
Sharing Act of 2014 (CISA), which was passed by the Select Committee on Intelligence on July
8 by a strong bipartisan vote of 12 to 3.

The Chamber believes that CISA would strengthen the protection and resilience of
businesses information networks and systems against increasingly sophisticated and malicious
actors. The bill would also complement the National Institute of Standards and Technology
(NIST)-coordinated cybersecurity framework, which many business associations and companies
are embracing and promoting with their constituents. The 2013 executive order that created the
framework is focused, in large part, on increasing the volume, timeliness, and quality of cyber
threat information shared with businesses so that they can better defend themselves against
cyber attackers.

A fundamental goal of the Chambers cybersecurity policy is to enlarge government-to-
business information sharing. The Chamber also seeks to persuade businesses to share cyber
threat data with appropriate industry peers and civilian government entities to bolster U.S.
systems and make the costs of cyber attacks increasingly steep. Several industry sectors have
information sharing and analysis centers (ISACs) that operate at differing levels of maturity.
ISACs typically emphasize threat data sharing, research, and education and training.

Businesses stress that they need practical safeguards to increase their information-sharing
capabilities. CISAs targeted protectionsincluding limited liability, disclosure, regulation, and
antitrustshould constructively influence businesses decisions to share cyber threat data and
countermeasures more quickly and frequently.

What is important is that CISA is headed in the right direction, and the Chamber looks
forward to working with committee staff to enhance the bill. CISA is one of several cyber
measures that the Chamber supports. At the outset of the 113th Congress, the Chamber urged
Congress and the administration to focus on improving information sharing and related
protections, pursuing international cooperation against cybercrime and the theft of intellectual
property, enhancing national cybersecurity research and development, reforming the Federal
Information Security Management Act of 2002, and heightening public awareness and education.

The goal of CISA is to help companies achieve timely and actionable situational
awareness to improve the business communitys and the nations detection, mitigation, and
response capabilities. The bill would also strengthen the security of personal information that is
maintained on company networks and systems.

The Chamber strongly supports this bill and urges the Senate to bring up CISA and pass
it expeditiously.

Sincerely,

R. Bruce Josten