California Lawmaker Wants New ‘Cyber Hygiene’ Standards from NIST, FTC

In an effort to get federal agencies and private companies to start practicing basic cyber hygiene, a California lawmaker wants government regulators to develop new best practices aimed at boosting public and private sector network security.

Rep. Anna Eshoo, D-Calif, whose district includes part of Silicon Valley, introduced the “Promoting Good Cyber Hygiene Act of 2015” Oct. 1.

The legislation requires the National Institute of Standards and Technology, along with the Federal Trade Commission and the Department of Homeland Security, to develop a list of voluntary best practices to shore up cybersecurity in the government and private sector.

It's hardly news that federal agencies are struggling to defend their networks against attacks. Just last week, the Office of Personnel Management announced that millions more fingerprint records had been stolen than originally reported, bringing the number to 5.6 million.

The vast majority of successful attacks could likely be prevented by system administrators simply addressing cyber hygiene and security management, Eshoo said in a statement.

“An impregnable computer network is ambitious, but the good news is that common-sense steps can be taken now to mitigate risk,” she said in an op-ed published in The Hill.

The best practices will include straightforward, common-sense tips that address the most prevalent cyber threats, including: completing frequent software updates, avoiding default passwords and taking advantage of commercial off-the-shelf technologies, among others. 

The list is designed to be a “baseline,” according to the bill.

NIST, FTC and DHS would have one year after the bill’s enactment to create this list of best practices. They would also be expected to conduct a study on mobile device cybersecurity threats,according to the bill.