Time's up for poor cyber hygiene

January 30, 2018
On Jan. 30, President Trump will deliver his first State of the Union address to Congress. The purpose of this constitutionally sanctioned speech is to reflect on the challenges facing our country and policies to address them. One challenge that must not be ignored is the ongoing threat of cyberattacks to our personal security.

Last year was one of the worst years for cyberattacks in U.S. history. In May, the WannaCry ransomware attack affected hundreds of thousands of computers in more than 150 countries, including the U.S., and held computers hostage until ransoms were paid by owners to restore access. This new type of ransomware, which we later learned was launched by the North Korean regime, exploited known vulnerabilities in computers that failed to install basic software patches.

The WannaCry attack was soon dwarfed in comparison by the Equifax data breach, which compromised the personal information of nearly 146 million Americans including names, Social Security numbers, birth dates, addresses and driver’s license numbers. Appearing before the House Energy and Commerce Committee, Equifax’s now-former CEO announced that the breach was reportedly caused by the failure of a single Equifax employee to install basic software updates in a timely manner. Altogether, the personal information of hundreds of millions of consumers was exposed to malicious hackers last year, and it’s likely yours was too.

Despite the severity of these attacks and the pronouncements of outrage by Members of Congress, no sensible legislation has been advanced to prevent a similar attack from happening in the future.

If we’re actually serious about protecting ourselves from data breaches and cybercrime that increasingly threaten our daily lives and personal security, we have to address the twin pillars of network security: cyber hygiene and security management.

Cyber hygiene is the responsibility of all Internet users to take basic and proactive steps to secure networks and devices. Installing software updates to patch known vulnerabilities; using strong, secure passwords; and utilizing modern firewall and security techniques are some of the hallmarks of good cyber hygiene. As an entire network can be compromised by a single individual’s neglect of cybersecurity, as in the Equifax case, maintaining good cyber hygiene is imperative.

The other essential pillar of cybersecurity is security management. It is the responsibility of organizations to maintain secure networks. Businesses and government agencies can greatly reduce the incidence of cybercrime within their networks by implementing security controls, classifying sensitive data, and creating and practicing attack response plans. Vigilant security management, coupled with good cyber hygiene, is a recipe for keeping our digital systems secure.

In the wake of last year’s attacks, I introduced the bipartisan Promoting Good Cyber Hygiene Act to strengthen both pillars of American cybersecurity. The bill promotes cyber hygiene by instructing the National Institute of Standards and Technology (NIST) to maintain a user-friendly list of cybersecurity best practices that is easily accessible to the American people. As security protocol is constantly evolving, this list of up-to-date best practices will be prized by anyone seeking to improve their cyber hygiene.

This bill also strengthens cybersecurity management within the federal government by mandating that the Department of Homeland Security regularly assess cybersecurity threats and work with agencies to address them. As the federal government curates the most sensitive and vast collection of data on Earth, it is central to our national interest to keep that data secure.

In today’s ever-increasing digital world, the American people need to trust the Internet with their most sensitive and intimate information. From online bank accounts to medical records, the information we store and transmit online must be protected. For the state of our union to be strong, it is imperative that Congress act this year to improve our nation’s cybersecurity. The digital systems that sustain our way of life are vulnerable to attack, and we must act to protect whatever the American people deem as private and whatever our government deems as essential to our national security.

Democrat Rep. Anna G. Eshoo represents the 18th Congressional District of California. She is a senior member of the Energy and Commerce Committee. This op-ed ran in the January 29th version of the Washington Times