Due to a highly publicized spate of security breaches at major retailers, continuing a pattern that has persisted for years, cyber security has already developed into one of the big stories of 2014.

Accordingly, the House Financial Services Committee's Subcommittee on Financial Institutions and Consumer Credit held a hearing titled "Data Security: Examining Efforts to Protect Americans' Financial Information," featuring panels representing, first, the Secret Service and the Department of Homeland Security, and then the affected industries and a Democratic witness from U.S. Public Interest Research Group (PIRG).

The staff memorandum notes that under title V of the Gramm-Leach-Bliley Act of 1999, consumers are entitled to be informed annually of the policies of financial institutions for handling personal data and to opt-out of certain data sharing practices. The stated purpose of the hearing was for the subcommittee to gain a better understanding of the occurrences of breaches, what happens after they occur, what security measures are in place to prevent breaches and what technologies could reduce these incidents.

On the first panel, William Noonan, deputy special agent in charge of the Secret Services Cyber Operations Branch, explained that the Secret Service is empowered to investigate both unauthorized access to computers and the fraudulent use of information to obtain money, goods, services or other things of value. He provided a list of leading breaches and explained in detail how the secret service interacts with many other agencies, domestic and foreign, to investigate cyber crimes.

Noonan was followed by Larry Zelvin, director of the National Cybersecurity and Communications Integration Center at the Department of Homeland Security. Zelvin described how the Center focuses specifically on computer network defense, with recent threats having been directed largely at the point of sale (POS) to capture personal data (Track One) and credit card numbers and expiration dates (Track Two).

On the second panel, Troy Leach, chief technology officer of the PCI Security Standards Council testified that the life cycle for data security technology is three years and that there is no single technology solution, not even the adoption of chip-and-pin technology, that can prevent breaches. Therefore, he advocates continued collaboration among all parties.

Greg Garcia, advisor to the Financial Services Information Sharing & Analysis Center, formed under a presidential directive in 1999 to address cyber threats to the nation's critical infrastructures, asserted that the Center provides a model for how to address these problems by partnering with public and private entities to speed the identification of threats.

David Fortney, senior vice president for The Clearing House, which represents the largest money center banks, discussed two technologies, electromagnetic field, a chip-based technology, and tokenization, a security feature of online and mobile payments, that offer promise for reducing the risk of future breaches, and he stressed that implementation would require the cooperation of both bankers and merchants.

Ed Mierzwinski, consumer program director of PIRG, cited an estimate by the Privacy Rights Clearinghouse that since 2005, 665 million records have been breached in 4,188 separate incidents. He calls for upgrading protection for debit cards to that of credit cards, and he opposes preempting state breach laws.

(Archived video, witness statements and the staff memorandum can be found here.)