WASHINGTON – U.S. Senators Jerry Moran (R-Kan.), Chairman of the Senate Commerce Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security, and Kirsten Gillibrand (D-N.Y.) have introduced legislation to address critical cyber security vulnerabilities by helping to create a network of trusted partnerships across the public and private sectors aimed at detecting, preventing and mitigating cyber threats through information sharing.

The Cyber Information Sharing Tax Credit Act would incentivize businesses of all sizes to join sector-specific information sharing organizations, known as Information Sharing and Analysis Centers (ISACs), by providing refundable tax credits for all costs association with joining ISACs. As more industries and businesses participate, these networks will help businesses understand and improve their cyber posture and ensure the timely dissemination of information on increasingly sophisticated cyber threats.

“Consumers, businesses, and our nation’s critical infrastructure face constant and evolving threats from cyber criminals who seeks to do us harm. When it comes to detecting and preempting these threats and protecting American consumers from cybercrimes, information sharing within trusted industry networks has proven to be a valuable tool across numerous sectors of our economy,” Sen. Moran said. “The Cyber Information Sharing Tax Credit Act will make participation in vital ISACs more accessible for all companies, especially those who may not fully understand their risk of cyber-attack or who would not otherwise have the resources to participate in an information sharing organization."

"Hackers have put consumers and businesses in their crosshairs, and have shown they can easily access confidential information we trust can and should remain private. It’s time to improve our security and establish standards that better protect consumers in New York and across the country,” Sen. Gillibrand said. “This legislation is an important first step toward a national solution and opportunity to address our vulnerabilities, strengthening defenses against emerging data breaches, taking necessary safeguards to help victims and prosecuting perpetrators of these attacks."

The Cyber Information Sharing Tax Credit Act was originally authored in 2014 in response to the current threats to our national security outlined in a report titled “Reflections on the Tenth Anniversary of The 9/11 Commission Report.” The authors – members of the 9/11 Commission – identified domestic cyber readiness as one of the five most pressing national security issues facing the country. The report highlights that senior leaders were “uniformly alarmed by the cyber threat to the country,” comparing currently policies to “September 10th levels.” The report also states, “One lesson of the 9/11 story is that, as a nation, Americans did not awaken to the gravity of the terrorist threat until it was too late. History may be repeating itself in the cyber realm."

The Cyber Information Sharing Tax Credit Act would incentivize information sharing about security vulnerabilities, and would also facilitate the dissemination of sector-specific cyber protection. The Moran-Gillibrand bill would encourage this through a refundable tax credit for any business that joins an ISAC. The refundable tax credit would cover personnel participation costs, product and service costs directly related to sharing information with the ISAC, as well as other costs reasonably associated with participation.

Membership in an ISAC will give a small business access to real-time alerts about ongoing cyber threats to their systems, or newly discovered vulnerabilities in their networks that hackers might exploit, along with technical advice on how to protect against these attacks and eliminate their vulnerabilities.

Over the last decade, there have been more than five thousand separate security breaches, compromising nearly 800 million records containing sensitive personal information, many of which have led to identity theft and other crimes. According to a July 2014 report by Unisys and Ponemon Institute, nearly 70 percent of companies had at least one cyber security breach in the preceding year that led to the loss of confidential information of disruption of operations. A June 2014 report from security firm McAfee estimates that the likely annual to the global community from cybercrime is more than $400 billion. Cyber criminals and terrorists have also infiltrated NASDAQ, one of the nation’s largest stock exchanges, and also have targeted U.S. utilities, demonstrating that no sector is safe from this evolving threat. 

###