House Dem drafts bill to address 'scary truth' about cybersecurity

House Dem drafts bill to address 'scary truth' about cybersecurity
© Greg Nash

Rep. Anna Eshoo is urging the government to set voluntary cybersecurity guidelines to help U.S. companies and government agencies defend their networks from hackers.

On Thursday, the California lawmaker, who is the top Democrat on the House Subcommittee on Communications and Technology, introduced the Promoting Good Cyber Hygiene Act.


The bill would direct the government’s standards-setting body, the National Institute of Standards and Technology, to work with the Department of Homeland Security (DHS) and Federal Trade Commission to create the elective guidelines for securing networks.

Some of the pointers might seem basic, such as not using a default password or regularly updating software. But cyber specialists report that the vast majority — up to 90 percent — of successful intrusions occur because of basic cybersecurity lapses.  

Eshoo called this “the scary truth” in a statement.  

But the upside, she added, is that “by instituting common sense best practices, system administrators can better protect their networks and consumer data from a majority of known cyber threats.”

Eshoo’s bill would also require that the guidelines be posted on a publicly accessible website that is reviewed and updated yearly.

Both the government and private sector have been roiled by cyberattacks over the last year.

Major retailers, banks and health insurers have all been hit, exposing the personal data of hundreds of millions of Americans.

And this summer, suspected Chinese hackers infiltrated the Office of Personnel Management, pilfering over 20 million federal workers’ data.

“These are chilling developments with potentially devastating implications, yet the American people are largely numb to the consequences, in part due to the frequency with which cyberattacks occur,” Eshoo wrote in an op-ed published Thursday in The Hill.

Companies also say foreign cyber spies are constantly lifting corporate secrets, something that hits home in Silicon Valley, part of Eshoo's district.

“The personal and financial information of millions of Americans is under constant attack and being sold to criminals on the black market,” Eshoo wrote. “American ideas are being stolen. Research, formulas, source code and blueprints are being nabbed by hackers on a massive scale.”

Congress has scrambled to try and pass legislation that could help curb the digital assaults.

Legislation passed late last year helped organize and clarify the DHS cyber role. The House in April also passed complementary bills that would boost the public-private exchange of data on hackers. The Senate will likely consider its companion legislation sometime in October.

“Our digital world is imperfect, but this is not an acceptable excuse for the millions of consumers who’ve had their identities stolen, their bank accounts drained or their credit destroyed, especially if it could have been prevented,” Eshoo said.