U.S. Director of National Intelligence, Avril Haines, emphasized the importance of "cyber hygiene" for protecting infrastructure from breaches and attacks during a discussion with the Senate Armed Services Committee in early May. She revealed that active cyber entities have intensified attacks on "U.S. industrial control systems, which use automation in industrial processes." In a statement published by the U.S. Department of Defense (Pentagon), she noted that these systems are utilized by "critical infrastructure sectors, including water, wastewater, food, agriculture, defense, energy, and transportation." Haines warned that while the likelihood of widespread impact on such services may be low, the "increasing number of attacks, and the willingness of actors to access and manipulate control systems, raises the chances that at least one attack could have significant consequences." She mentioned that worldwide ransomware attacks have risen by 74% in the past year. Haines stressed the significance of "cyber hygiene" as the first line of defense to reduce exposure to attacks, stating, "In all attacks against critical infrastructure in the United States, cyber actors have exploited default or weak passwords, unpatched vulnerabilities in systems, or unprotected communication networks."
What is Cyber Hygiene?
"Cyber hygiene" or "cybersecurity hygiene" refers to a set of practices that organizations and individuals undertake to maintain the security of users, devices, networks, and data, according to a report published by the site "Tech Target." It explains that the goal of these practices is "to safeguard sensitive data and enhance the organization’s ability to recover in the event of successful attacks," drawing a parallel with the concept of "personal hygiene" where individuals maintain healthy practices to avoid infections or diseases; similarly, breaches and cyber incidents can be prevented through precautionary measures.
How to Achieve Cyber Hygiene?
To achieve cyber hygiene, there are practices conducted at both the organizational and individual levels. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) emphasizes the importance of conducting tests in different infrastructure institutions to mitigate the risks of cyber attacks and ensure "cyber hygiene." According to its website, the agency performs tests to identify "cybersecurity vulnerabilities" to provide opportunities for addressing them and preventing any proactive attack they might face. The tests include: security vulnerability assessments to evaluate the presence of external access points capable of breaching communication networks and systems, providing weekly reports on vulnerabilities, in addition to tests related to accessible web applications that attackers might exploit to infiltrate systems.
Pentagon Announces Its Cyber Defense Strategy
On Tuesday, the Pentagon released the 2023 Department of Defense Cyber Strategy document outlining how the department will work to protect the American people and enhance cyber defense priorities.
At the individual level, several actions can be taken to ensure "cyber hygiene," which include:
- Backing up important files and storing them in a separate and secure location, isolated from the primary network that may be at risk.
- Raising individual awareness to avoid falling victim to phishing schemes, prevent malware attacks, and refrain from clicking on links received via email.
- Encryption, utilizing systems to encrypt data and protect sensitive information.
- Protection systems, ensuring that protective systems are in place on the networks and systems used by the organizations.
- Passwords, following a policy of periodically changing passwords, choosing complex ones, and utilizing password authentication techniques.
In recent years, Western countries have shown an increasing readiness to expose malicious cyber attacks and point fingers at foreign governments, particularly China, Russia, North Korea, and Iran.