WASHINGTON, D.C— Following a worldwide cyber-attack last month that hit more than 300,000 computers, Congresswoman Anna Eshoo (D-CA), Senator Orrin Hatch (R-UT), Senator Ed Markey (D-MA) and Congresswoman Susan Brooks (R-IN) introduced legislation to combat cyberattacks and cybercrime against U.S. computer networks. The Promoting Good Cyber Hygiene Act instructs the National Institute of Standards and Technology (NIST), in consultation with the Federal Trade Commission (FTC) and the Department of Homeland Security (DHS), to establish a baseline set of voluntary best practices for good cyber hygiene that are made available online. In addition, the bill instructs the agencies to consider the cyber hygiene benefits of standard cybersecurity measures such as multi-factor authentication and data loss prevention.
“The Internet of Things era is defined by the connectivity of the daily digital world – our devices, appliances, and machines now communicate with one another across rooms, across states, and across oceans,” Markey said. But the Internet of Things era could morph into the Internet of Threats era if appropriate cybersecurity safeguards are not put in place now to protect consumers. This legislation will help establish best practices for good cyber hygiene such as two factor authentication, an important step that will help Americans protect against cyber hacks and attacks. I thank Senator Hatch, and Reps. Eshoo and Brooks for their hard work on this timely bill.”
“Our nation’s computer networks—public and private—are under constant attack from cyber criminals,” Eshoo said. “It’s estimated that these attacks cost our economy nearly half a trillion dollars annually in identity theft, stolen blueprints, exposed financial information, and more. The scary truth is that data security experts have suggested 90 percent of successful cyberattacks are due to system administrators overlooking two integral pillars of network security: cyber hygiene and security management. By instituting commonsense best practices, system administrators can better protect their networks and consumer data from a majority of known cyber threats.”
“With cybercriminals growing bolder in their attacks, strengthening our cybersecurity infrastructure remains one of my top priorities in the Senate,” Hatch said. “Cyberattacks threaten our economy and inflict untold damage on thousands of Americans. Fortunately, proper cyber hygiene can prevent many of these attacks. This bill will establish best practices for cyber hygiene and make them available on a publically accessible website. I am honored to join Congresswoman Eshoo in introducing a bill that will help Americans better protect themselves from enemies online.”
“As technology evolves and becomes even more integrated in our daily lives, the number of cyberattacks hurting Americans will only increase if action is not taken,” said Brooks. “Having strong passwords, regularly installing software updates, and establishing a set of online security best practices is the kind of cyber hygiene necessary to protect private and sensitive information. Federal agencies, companies, and individuals need to prioritize online security management to ensure the safe use of electronic devices. I am proud to work with Congresswoman Eshoo and Senator Hatch on a bill that works to keep Americans safe online and less susceptible to cybercrime.”
‘WannaCry’, the software that locked thousands of computers in more than 150 countries, took advantage of a software vulnerability that was known and patchable since March of this year. Organizations and individuals practicing good cyber hygiene by installing updates in a timely manner may have been able to dramatically limit the impact of this attack. While the United States wasn’t hit as hard as other countries by this particular attack, the U.S. is still as susceptible to these as attacks as other countries. Good cyber hygiene best practices must be a key part of the overall cyber defense strategy.
The Promoting Good Cyber Hygiene Act would help both system administrators and consumers better protect their networks and devices against known cyber threats by:
· Establishing a baseline set of voluntary best practices;
· Ensuring these practices are reviewed and updated annually;
· Making the established best practices available in a clear and concise manner on a publicly accessible website; and
· Instructing the Department of Homeland Security to study cybersecurity threats relating to Internet of Things devices.