Cybersecurity

Senators press legislative IT office for data on hacks

 

Two Senators are looking to change the way the institution talks about its cybersecurity problems, and they want to see data on the scope of the threat.

In a March 13 letter to Senate Sergeant at Arms Michael Stenger, Sens. Ron Wyden (D-Ore.) and Tom Cotton (R-Ark.) asked how frequently Senate IT assets have been compromised over the past decade.

The letter mentioned two of the last publicly known cyber intrusions into Congress over the past 13 years -- the 2006 compromise of then-Rep. Frank Wolf's (R-Va.) email system and a series of attacks on then-Sen. Bill Nelson's (D-Fla.) office computers in 2009 -- and asks for more transparency about any other successful attempts the Sergeant at Arms knows of since then.

"Companies and executive branch agencies are required by state and federal law to report breaches," the senators wrote. "In contrast, Congress has no legal obligation to disclose breaches and other cyber incidents. We believe that the lack of data regarding successful cyberattacks against the Congress has contributed to the absence of debate regarding congressional cybersecurity -- this must change."

The senators said they aren't asking for details around specific incidents, but rather statistics for the number of Senate computers compromised and times hackers have successfully accessed sensitive Senate data. They also want the Sergeant at Arms to inform Senate leaders and the Senate Committees of Rules and Intelligence no later than five days after learning of any breach of a Senate computer.

Giving individual Senators these numbers "would enable the Senate to engage in informed debate about the security threats faced by the legislative branch and consequently, the need for the Senate to fund, prioritize and conduct aggressive oversight of its own cybersecurity," the pair wrote.

National security officials have repeatedly warned that members of Congress their staff and even their family members are at risk from hacking groups, with former NSA Director Michael Rogers calling lawmakers "prime targets for exploitation" in 2018.

It's not just official Senate computers and email that are vulnerable. Last year, after Google began alerting unnamed Senators that their personal accounts and emails were being targeted by nation-state hacking groups, Wyden wrote to the Sergeant at Arms expressing "alarm" that the office rebuffed requests from Senators seeking cybersecurity assistance.

In December 2018, Wyden successfully pushed the Federal Election Commission to allow members of Congress to reallocate leftover campaign funds to protect the personal electronic devices and accounts of members and staff.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected