SALT LAKE CITY — Multiple, global cyberattacks over the past few months have highlighted that the failure to employ some very simple digital precautions can lead to catastrophic consequences.
In an effort to build wider resilience to these intrusions, which are on the rise, Sen. Orrin Hatch, R-Utah, is helping lead a bicameral, bipartisan group of lawmakers in championing new legislation aiming to ramp up public cybersecurity education.
The Promoting Good Cyber Hygiene Act of 2017, introduced in the Senate this week by Hatch and co-sponsor Sen. Ed Markey, D-Mass., directs the National Institute of Standards and Technology to establish an easily accessible set of voluntary best practices for good cyber hygiene for the public. The institute works with the Department of Homeland Security on cybersecurity issues, including the national Cybersecurity Framework, which works to ensure digital security for organizations of all sizes across the U.S.
“With cybercriminals growing bolder in their attacks, strengthening our cybersecurity infrastructure remains one of my top priorities in the Senate,” Hatch said. “Cyberattacks threaten our economy and inflict untold damage on thousands of Americans. Fortunately, proper cyber hygiene can prevent many of these attacks.
"This bill will establish best practices for cyber hygiene that will help Americans better protect themselves from enemies online.”
Utah Department of Public Safety Sgt. Jeffrey Plank, who specializes in cybersecurity investigations and is a member of the FBI's multijurisdictional Cyber Task Force, praised Hatch's effort to prioritize education and outreach.
"This effort is great, especially as it focuses on awareness and education," Plank said. "While there are many things that people can do to protect themselves from cybercriminals, the top five are probably the easiest and will protect you from 90 percent of the threats that are out there."
Hatch's bill, as well as its companion piece introduced last week in the House, seeks to do the following:
- Establish a baseline set of voluntary best practices
- Ensure these practices are reviewed and updated annually
- Make the established best practices available in a clear and concise manner on a publicly accessible website
- Instruct the Department of Homeland Security to study cybersecurity threats relating to internet of things devices (appliances and devices connected to the internet)
Robert Jorgensen is a veteran private sector cybersecurity expert and the current director of Utah Valley University's cybersecurity program. He said too many individuals and business owners are still lacking knowledge about basic precautions. "Everyone wants to be digitally secure, but far too many people still don't know how," Jorgensen said. "There is a lot of information out there, including some great publications from NIST, but they can be hundreds of pages long, very technical and very dry.
"Getting this information out there in plain English is critical to helping people educate and protect themselves."
Jorgensen also noted that the bill's call for an assessment focused on the growing number of connected products that fall into the internet of things category was a thoughtful and important inclusion.
"A lot of these new, connected devices are just being rushed to market and people aren't considering the security issues," Jorgensen said. "Exploiting security weaknesses in the internet of things realm isn't theoretical, it's happening now."
Hatch's office said it hopes to see wide, bipartisan support for both Hatch's bill, S. 1475 and the House's companion piece, H.R. 3010, sponsored by Rep. Anne Ashoo, D-Calif.
How to guard against a cyberattack:
• Back up. Have a recovery system in place to protect data — ideally, one in the cloud and one physical, such as a portable hard drive or thumb drive.
• Use robust antivirus software.
• Update software. When your operating system or software programs release a new update, install it.
• Trust no one. Never open attachments in emails from someone you don't know.
• Enable the "show file extensions" option in the Windows settings on your computer. This will make it much easier to spot potentially malicious files. Stay away from file extensions such as .exe, .vbs and .scr.
• If you discover a rogue or unknown process on your computer, disconnect it immediately from the internet or other network connections — such as home Wi-Fi — to prevent further infection.