Hacks targeting Democrats put a spotlight on cyber in Congress

In the wake of a cyber breaches against Democratic targets, Congress is trying to step up its own cybersecurity to gird against future threats. The Democratic National Committee and the Democratic Congressional Campaign Committee were targeted in high profile hacks that included leaks of sensitive information.

A recent email to House staffers alerted them to the incident, in which a spreadsheet that included email addresses and/or telephone numbers of "nearly every Democratic member of the House of Representatives, as well as several Republicans" as posted online. The email noted that the House IT system was not compromised in this hack.

House Minority Leader Nancy Pelosi called the hack an "electronic Watergate break-in."  The cyberattack has been attributed to Russian sources by cyber experts; the DCCC hired a cybersecurity firm to investigate.

House of Representatives IT officials also took action. The chief information security officer of the House, in coordination with the sergeant-at-arms and Capitol Police, communicated with everyone whose address may have been compromised on what to do. An email from the House Chief Administration Office alerted everyone on the status of the House IT system, and what to do to avoid any further cyber intrusions. Also, cybersecurity experts were tasked with providing updates on the breach as they become available.

Rep. Adam Schiff (D-Calif.), the ranking member of the House Permanent Select Committee on Intelligence, said, "I hope the administration will disclose who is attempting to interfere with the American political process, and levy strong consequences against those responsible." Schiff, along with the Senate Intelligence Committee Chairwoman Diane Feinstein (D-Calif.), asked the president to declassify and release any intelligence community assessments related to the hacks.

Congress is also working to internally manage its cybersecurity posture better.  The Senate is looking for an IT branch manager who will work inside the Sergeant-At-Arms Office to manage security strategy, among other functions.

Cybersecurity experts point out that the congressional CISOs have a big challenge ahead of them.

"You have the responsibility to secure the enterprise and networks of basically 500+ CEOs that have their own office automation ideas, opinion of the importance of security, and varying degrees of willingness to follow security standards," Lance Dubsky, chief security strategist at cybersecurity firm FireEye, told FCW on Aug. 16.

"The House and Senate CISOs can provide the standards and best practices," Dubsky, who previously served as chief information security officer at the National Geospatial-Intelligence Agency, added.  "However, the implementation of these often breaks down within the offices of the senator or congressman."