Eshoo Bill Vaccinates Against Majority of Hacks with ‘Cyber Hygiene’ & Network Security Management
October 1st, 2015
WASHINGTON, D.C.—Congresswoman Anna G. Eshoo (D-Calif.), Ranking Member of the Communications and Technology Subcommittee, today introduced legislation to combat the alarming rate of cyberattacks and cybercrime against U.S. computer networks. The Promoting Good Cyber Hygiene Act builds on President Obama’s 2013 Executive Order by instructing the National Institute of Standards and Technology, in consultation with the Federal Trade Commission and the Department of Homeland Security, to establish voluntary best practices for network security, such as not using a default password and regularly applying software updates.
“Our nation’s computer networks—public and private—are under constant attack from cyber criminals,” Eshoo said. “It’s estimated that these attacks cost our economy nearly half a trillion dollars annually in identity theft, stolen blueprints, exposed financial information, and more. The scary truth is that data security experts have suggested 90 percent of successful cyberattacks are due to system administrators overlooking two integral pillars of network security: cyber hygiene and security management. By instituting commonsense best practices, system administrators can better protect their networks and consumer data from a majority of known cyber threats.”
According to Symantec’s annual Internet Security Threat study, cyberattacks against large companies increased 40 percent globally in 2014. Breaches have also grown in scale with major retail companies, including Home Depot, Target, Neiman Marcus and Sony, falling victim to massive attacks costing hundreds of millions of dollars.
The public sector is not immune either. The federal Office of Personnel Management announced last week that 5.6 million fingerprint records were stolen by hackers in a breach. This is millions more than originally estimated and is in addition to highly sensitive information about employee health, financial history and families.
A U.S. Government Accountability Office report released this week found “persistent weaknesses at 24 federal agencies” relative to data security. The report also found that “These deficiencies place critical information and information systems used to support operations, assets, and personnel of federal agencies at risk[.]”
The Promoting Good Cyber Hygiene Act would help both system administrators and consumers better protect their networks and devices against known cyber threats by:
- Establishing a baseline set of voluntary best practices;
- Ensuring these practices are reviewed and updated annually;
- Making the established best practices available in a clear and concise manner on a publicly accessible website; and
- Instructing the Department of Homeland Security to study cybersecurity threats relating to mobile devices.
Eshoo concluded: “Our digital world is imperfect, but this is not an acceptable excuse for the millions of consumers who’ve had their identities stolen, their bank accounts drained or their credit destroyed, especially if it could have been prevented.”
Text of Promoting Good Cyber Hygiene Act
# # #