Secure File Sharing: The next NIST Standard

Last week, Senator Ron Wyden of Oregon sent a letter to the National Institute of Standards (NIST) asking them to:
 
‘create and publish guidance describing how individuals and organizations can safely share sensitive documents with others over the internet’
 
Senator Wyden said this standard was necessary because:
 
‘in many government and private organizations employees use password-encrypted ZIP files to share sensitive documents, but these files can in many cases be cracked using widely available hacking tools due to the use of weak encryption.’
 
The Senator’s letter shows clearly that the government and industry need a better way to secure sensitive data from foreign adversaries.
 

From the Whitehouse 2018 report on the impact to the U.S. economy of malicious cyberactivity
 

Government data in the crosshairs

 
One doesn’t have to look far to find evidence supporting Senator Wyden’s fear. For example, in January 2018, Chinese government hackers compromised highly sensitive data related to U.S. Navy warfare as well as the details on hundreds of mechanical and software systems.
 
Attacks by China on US from 2010-2015
From NBC News. Attacks by China on US from 2010-2015

 
In December of 2018, the US government charged two Chinese men tied to Chinese intelligence with hacking the computer systems of companies and government agencies in a dozen countries.
 
And through no malice on the part of government employees, incidents like these are perpetuated.
 
Employees are busy. They are looking for a quick and secure way to share sensitive data with colleagues. And, without any formal guidance or instruction, they chose .zip encryption and passwords. Employees think this process is both easy and secure.
 
The unfortunate consequence, as we have seen, is the exposure of sensitive government data that threatens our national security.
 

A recommendation for NIST

 
Given that the government is facing this significant problem of theft of its sensitive data, the solution must start by establishing a robust system of encryption that keeps data secure even if servers are breached, passwords are stolen or admin accounts are compromised.
 
PreVeil, based on robust end-to-end encryption, offers this very type of system. End-to-end encryption is the gold standard for protecting data and ensures data is only decrypted on user devices, never on the server. Because of this security, foreign adversaries attacking sensitive data on government servers would only get gibberish since the data is encrypted.
 
Senator Wyden noted that ‘password-protected files can be easily broken with off-the-shelf hacking tools’. With PreVeil, files would be protected by robust unbreakable encryption algorithms that could be attacked by neither ‘off-the-shelf hacking tools’ nor sophisticated nation-state actors.
 
In addition, the PreVeil system is extremely easy to use. It integrates with users’ existing Windows Explorer or MacFinder as well as with users’ existing Outlook or Gmail inbox. Users don’t need a new email address nor do they need to create another mailbox. PreVeil’s inbox sits right next to user’s existing unsecured inbox but allows them to exchange messages and files securely.
 


 
With PreVeil, employees no longer need to worry that their files will rely on password-protected zip files for protection. Instead, they will have iron-clad security protecting their data and their country’s security.
 

Conclusion

 
Senator Wyden, you requested NIST provide guidance on how the government and civilian workforce can have the tools and training they need to safely share sensitive data. You don’t need to look any further for the right technology. PreVeil provides the very tool employees need to safely encrypt and share documents.
 
We will also happily provide the training.
 
Please contact us so we can get started on this very important mission.