Retailers to Establish Cybersecurity Information-Sharing Body

April 17, 2014

Retailers to Establish Cybersecurity Information-Sharing Body Retailers returned to Capitol Hill yesterday trying to repair a public image damaged by the security breaches uncovered at Target, Neiman Marcus and others. The National Retail Federation, representing retailers in front of the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies, reiterated the retail industry’s commitment to securing consumer data in the wake of the large network compromises. To that end, the NRF is planning to establish a Retail Information Sharing and Analysis Center (ISAC) that will be better able to warn retailers of imminent cyber-attacks, according to Tom Litchford, vice president of retail technologies for the NRF.

“NRF is currently in the planning stages with respect to a final step in the development of the Retail ISAC: the establishment of the technological and operational infrastructure to support a secure portal through which members can share information,” Litchford said. “NRF’s goal is to allow credentialed [Retail ISAC] members to share information of varying levels of sensitivity anonymously, thus allowing the Retail ISAC to act as a repository of critical threat, vulnerability and incident information that is sourced from various members and outside organizations, and to facilitate peer-to-peer collaboration with the sharing of risk mitigation best practices and cybersecurity research papers.”

Litchford said membership in the Retail ISAC is not contingent on membership in the NRF. He added that the Retail ISAC would be in a position to receive and share information not only between itself and retailers, but among the United States Secret Service, United States Computer Emergency Readiness Team, iSightPartners and the Financial Services ISAC.