Home Governance Cybersecurity leaders urge US senators for stricter data protection regulations

Cybersecurity leaders urge US senators for stricter data protection regulations


Cybersecurity industry leaders and experts have urged U.S. Senators Mark Warner (D-VA) and Senate Minority Leader Charles Schumer (D-NY) to advance data-centric cybersecurity technology and its capability to protect the sensitive data of both consumers and businesses in the event of a security breach. The group of infosec industry experts recently travelled to Washington to meet the senators.

The cybersecurity leaders and experts who met with the senators include: Jim Varner, President and Chief Executive Officer of SecurityFirst; Ricardo Bueno, Co-founder and Chief Executive Officer of Trivalent; Dr Aviel Rubin, Professor of Computer Science and Technical Director of the Information Security Institute of John Hopkins University; and Robert Roy, Chief Technology Officer of the U.S. Public Sector Cybersecurity Team at Micro Focus. The group also urged the senators to make data-centric security a core requirement for all government agencies and businesses dealing with Personally Identifiable Information (PII) or Personal Health Information (PHI). Warner is the co-chair of the Senate Cybersecurity Caucus and Schumer has long been a proponent of stronger consumer cyber protections.

Recent high-profile cybersecurity breaches, notably those involving the U.S. Office of Personnel Management (OPM) and Equifax, are stern reminders of the poor state of data protection across government and commercial industries. Without federal regulations requiring stricter data protection measures, sensitive consumer and business data will continue to be at risk from cybercriminals or hostile nation-states and other nefarious foreign entities. Regulations require a basic level of data security compliance for some industries and government agencies, but the message from these industry leaders is this is not enough and more must be done.

SecurityFirst CEO Jim Varner, who led the discussions, noted, “It was important for us, as industry leaders, to voice our concerns to key members of our legislative branch of government about the value and capabilities of advanced data-centric cybersecurity technology. Strategies built to keep cybercriminals out of the network and away from the data will eventually fail. But advanced data-centric strategies built to ensure cybercriminals walk away with nothing of value – providing protection from the point of data creation to deletion – succeed.”

Unlike network-centric solutions, advanced data-centric solutions built around both strong encryption at the source and advanced capabilities such as cryptographic splitting, user authentication, access controls, and least privileged access, ensures data privacy far above the standards of network access or secured storage.

Another key point made by Varner was, “Compliance and basic encryption does not equal effective security. Some are just looking to ‘check the encryption box’ by utilizing simple full-disk and storage encryption. Those technologies were designed with physical theft in mind, only protecting the data if a disk is stolen.”

“The mandate for more serious data protection is here and now. Advanced data-centric cybersecurity tools – even certified by the NSA as Top-Secret capable – are available today. These tools have the potential to greatly improve the data protection and privacy needs of our country and its industries,” concluded Varner.