New bill looks to NIST, FTC for cyber hygiene

A new bill in the House would tap the National Institute of Standards and Technology and the Federal Trade Commission to come up with voluntary standards to blunt opportunistic cyber infections on U.S. networks, personal computers and mobile devices.

Rep. Anna Eshoo (D-Calif.), ranking member of the Communications and Technology Subcommittee of the House Energy and Commerce Committee introduced legislation on Oct. 1 aimed at combatting cyberattacks and cybercrime against U.S. computer networks.

Eshoo said in an Oct. 1statement that the Promoting Good Cyber Hygiene Act builds on President Obama's 2013 Executive Order instructing NIST, in consultation with the FTC, to establish voluntary best practices for network security, such as not using a default password and regularly applying software updates.

The bill aims to help network administrators, as well as everyday computer users, plug the most common computer and network infection points that let most conventional cyber thieves steal identities, financial information and more.

Specifically, the legislation would establish a baseline set of voluntary best practices; ensure the practices are reviewed and updated annually; make the established best practices available in a clear and concise manner on a publicly accessible website; and instruct the Department of Homeland Security to study cybersecurity threats relating to mobile devices.

"The scary truth is that data security experts have suggested 90 percent of successful cyberattacks are due to system administrators overlooking two integral pillars of network security: cyber hygiene and security management," said Eshoo. "By instituting commonsense best practices, system administrators can better protect their networks and consumer data from a majority of known cyber threats."