While the government tries to protect businesses from cyber threats, you need to take basic steps to protect yourself.
In the last two years, the COVID-19 pandemic and the proliferation of work-from-home arrangements have exacerbated cybersecurity risks for both businesses and consumers. Cyber threats to critical infrastructure, from healthcare to transportation and utilities, have especially raised concerns. So much so that the U.S. government has set its sights on improving cybersecurity across the nation.
Last year, for example, a U.S. presidential executive order honed in on things like supply chain cybersecurity, while a $2 trillion infrastructure plan earmarked grants for cybersecurity improvements. Keeping up the momentum in Congress, the U.S. House recently passed two new cybersecurity measures. While the government is trying to do something about cybersecurity at the national level, this is a call for citizens to take their own measures to protect themselves.
The Department of Homeland Security (DHS) Roles and Responsibilities in Cyber Space Act
The first measure approved by the House, the DHS Roles and Responsibilities in Cyber Space Act (H.R. 5658), would require DHS to report on the effectiveness of its cyber incident response. If enacted, DHS would need to develop a strategy for reviewing cyber response policies and recommend improvements that ensure federal response plans keep up the pace with the evolving threat landscape.
The bill was a reaction to several major incidents that we saw last year, such as the ransomware attacks on the Colonial Pipeline and the JBS meat-processing plant. Both companies had to shut down operations for several days. In the case of Colonial, the attack caused widespread gas shortages and buying panic across the East Coast.
“The federal response to these cyber incidents was inadequate and exposed gaps and confusion in how we defend our critical infrastructure,” said Rep. Don Bacon (R-Neb.), who introduced the bill. “It’s clear that our cyber incident response framework must evolve to match the threat.”
President’s Cup Cybersecurity Competition Act
The House also passed H.R. 6824, the President’s Cup Cybersecurity Competition Act, by a vote of 386-31. Organized by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) since 2019, the annual President’s Cup Cybersecurity Competition aims to “identify, challenge, and reward the best cybersecurity talent in the federal workforce,” and winners receive cash prizes.
The measure, essentially, would elevate this competition by making it a law. As bill sponsor, Rep. Elaine Luria (D-Va.), explained, “By incentivizing cybersecurity in the federal government, we are strengthening our cyber infrastructure while investing in our federal workforce and improving their capabilities to defend our nation.”
Other bills on the horizon
With these two bills, Congress is only warming up. More measures are underway, such as a bill that would provide state and local entities with technical assistance, including cybersecurity exercises, and another bill that would allocate federal funding for cybersecurity curriculum in schools. The latter bill, Cybersecurity Grants for Cybersecurity Act of 2022 (H.R. 6868), is especially one to watch. The measure would fund cybersecurity and infrastructure security training and education programs at the elementary and secondary education levels. Given the severe, ongoing shortage of cybersecurity talent—currently estimated at 879,000 in the United States alone—getting young people interested in cybersecurity at an early age is an important effort.
How individuals can protect themselves
Cybersecurity is not only a concern for the government and companies. Consumers are a target as well because malicious actors can use personal data to steal identities and perpetrate crimes such as fraud.
If you use any digital tools or online services, you need to take measures to protect your own data—and your digital identity.
Here are five simple steps for securing your data:
- Use a different, strong password or passphrase for each online account or digital tool you have. If you reuse a password that gets compromised in a data breach, you’re giving fraudsters easy access to your other accounts because they use automated tools to try to crack access with stolen passwords.
- Choose at least two methods of user identity authentication (known as two-factor authentication or 2FA and multi-factor authentication or MFA) for every account when available. This creates an additional hurdle for cybercriminals if your password is stolen.
- Update passwords that were compromised in a data breach or security incident. These passwords typically become available on the dark web for easy access to numerous malicious actors, which puts your account at great risk.
- Don’t use personal information to create passwords. A cybercriminal trying to hack your accounts can find that personal info through social media and in other ways.
- Don’t store your passwords in your browser. While this is very convenient, it’s also very risky because browsers don’t encrypt that information and a crafty cybercriminal could find ways to retrieve that info remotely.
These steps are basic, but they can greatly improve your online account security. After all, it’s up to both individuals and the government to protect themselves online.