Cyber advice for Hill staffers

Shutterstock image (by deepadesigns): Safety concept, closed padlock on a digital background.

On Capitol Hill, every lawmaker's office has its own network, which makes cyber hygiene especially complicated for staffers.

As a prelude to the Department of Homeland Security's National Cybersecurity Awareness Month campaign taking place throughout October, a panel of government technology officials offered tips to help staffers protect their offices from phishing and identity theft attempts.

"You are your own CISO," said John Krebs, an attorney in the Division of Privacy and Identity Protection at the Federal Trade Commission. "You have to engage in risk management for yourself.... We live in a world where this is now important."

There are some tools that legislative offices can use. One Capitol Hill official told FCW on background that the Continuous Diagnostics and Mitigation cybersecurity program offered by DHS can be used on Hill networks. However, the official said Einstein cannot because using the program is not a top priority right now, and it would be difficult to implement because of the separation between the legislative and executive branches.

So managing cybersecurity risks in the absence of advanced network protection tools requires a more than basic level of cyber hygiene.

Social engineering and phishing remain among the most common cybersecurity risks, and one of the best ways to combat such attempts to gain network access is to avoid them altogether, said Randy Vickers, director of information security at the House.

"It sounds very obvious, but it's not," Vickers said. "Phishing has become a very strong campaign, and it's getting better. People use web browsers to check personal email periodically throughout the day, which is totally acceptable, but if you have something in your service provider's junk box, don't go digging through it and click on it and possibly infect [the network]. It's probably [in the junk folder] for a reason."

Another straightforward but important protection the panel recommended is to avoid simple passwords and use multifactor authentication whenever possible.

In the event that a breach or an attempt at identity theft does take place, Krebs said the FTC has websites -- such as -- to help users diagnose what might have happened and recover as quickly as possible.

"Dealing with identity theft is easier with a plan," he said. "What we give a customizable recovery plan" that allows users to input what happened to them and offers clear and tailored instructions in terms of next steps, as well as basic information such as warning signs, legal rights and definitions.

Krebs said the FTC has bigger aims for the site, adding, "We're working right now with credit reporting agencies, hopefully the IRS, to make this a one-stop shop."

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.