Cybersecurity

Senators press legislative IT office for data on hacks

 

Two Senators are looking to change the way the institution talks about its cybersecurity problems, and they want to see data on the scope of the threat.

In a March 13 letter to Senate Sergeant at Arms Michael Stenger, Sens. Ron Wyden (D-Ore.) and Tom Cotton (R-Ark.) asked how frequently Senate IT assets have been compromised over the past decade.

The letter mentioned two of the last publicly known cyber intrusions into Congress over the past 13 years -- the 2006 compromise of then-Rep. Frank Wolf's (R-Va.) email system and a series of attacks on then-Sen. Bill Nelson's (D-Fla.) office computers in 2009 -- and asks for more transparency about any other successful attempts the Sergeant at Arms knows of since then.

"Companies and executive branch agencies are required by state and federal law to report breaches," the senators wrote. "In contrast, Congress has no legal obligation to disclose breaches and other cyber incidents. We believe that the lack of data regarding successful cyberattacks against the Congress has contributed to the absence of debate regarding congressional cybersecurity -- this must change."

The senators said they aren't asking for details around specific incidents, but rather statistics for the number of Senate computers compromised and times hackers have successfully accessed sensitive Senate data. They also want the Sergeant at Arms to inform Senate leaders and the Senate Committees of Rules and Intelligence no later than five days after learning of any breach of a Senate computer.

Giving individual Senators these numbers "would enable the Senate to engage in informed debate about the security threats faced by the legislative branch and consequently, the need for the Senate to fund, prioritize and conduct aggressive oversight of its own cybersecurity," the pair wrote.

National security officials have repeatedly warned that members of Congress their staff and even their family members are at risk from hacking groups, with former NSA Director Michael Rogers calling lawmakers "prime targets for exploitation" in 2018.

It's not just official Senate computers and email that are vulnerable. Last year, after Google began alerting unnamed Senators that their personal accounts and emails were being targeted by nation-state hacking groups, Wyden wrote to the Sergeant at Arms expressing "alarm" that the office rebuffed requests from Senators seeking cybersecurity assistance.

In December 2018, Wyden successfully pushed the Federal Election Commission to allow members of Congress to reallocate leftover campaign funds to protect the personal electronic devices and accounts of members and staff.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.