Members of the Senate Banking, Housing and Urban Affairs Committee voiced support this week for legislation to require greater corporate disclosure of cybersecurity preparedness, and relayed concerns that personally identifiable information (PII) collected by government and private sector entities cannot be adequately safeguarded against theft or loss.
At a committee hearing on Wednesday looking into financial services sector cybersecurity, Sen. Jack Reed, D-R.I., stumped for legislation–the Cybersecurity Disclosure Act, S.536–he introduced last year that would require public companies to disclose whether they had any cybersecurity experts on their boards of directors.
J. Michael Daniel, president of the Cyber Threat Alliance and former White House cybersecurity coordinator under President Obama, responded to Sen. Reed that “the nature of cybersecurity right now is we do need more disclosure … We have an information asymmetry right now.”
Sen. Mark Warner, D-Va., vice chairman of the Senate Intelligence Committee and a sponsor of the Cybersecurity Disclosure Act, said the legislation was needed because cyber risks to corporations are “only going to get much, much worse.”
He also said that every financial institution of mid-size and higher should have an official with clearance to receive classified cyber threat data from the Federal government, but that some don’t because of a big backlog in processing applications for clearance. He said the total backlog for security clearances from all sources was about 740,000, adding “that is insane.”
Elsewhere at Wednesday’s hearing committee Chairman Mike Crapo, R-Idaho, said he was worried about PII security issues and that the committee planned to focus on that.
“The collection of PII by both the government and private companies is something that has long troubled me,” the senator said, adding, “Many question how both use the data collected and how such data is secured and protected … The collection and use of PII will be a major focus of the Banking Committee moving forward, as there is broad-based interest on the Committee in examining this.”
Sen. Heidi Heitkamp, D-N.D., asserted that many Americans have “given up” on the hope of being able to protect their privacy in the online world, but that they still hope for better cybersecurity.