Senators want insights into hack attempts
- By Derek B. Johnson
- Mar 14, 2019
Despite near constant attempts by hackers to infiltrate government agencies, health care organizations and private-sector businesses, the last publicly recorded breach of the legislative branch was in 2009, according to two senators who want more transparency and data on the scope of the threat.
A March 13 letter from Sens. Ron Wyden (D-Ore.) and Tom Cotton (R-Ark.) asked Senate Sergeant at Arms Michael Stenger how frequently Senate IT assets have been compromised over the past decade.
"Companies and executive branch agencies are required by state and federal law to report breaches," the senators wrote. "In contrast, Congress has no legal obligation to disclose breaches and other cyber incidents. We believe that the lack of data regarding successful cyberattacks against the Congress has contributed to the absence of debate regarding congressional cybersecurity -- this must change."
The letter mentioned two of the last publicly known cyber intrusions into Congress over the past 13 years -- the 2006 compromise of then-Rep. Frank Wolf's (R-Va.) email system and a series of attacks on then-Sen. Bill Nelson's (D-Fla.) office computers in 2009 -- and asks for more transparency about any other successful attempts the sergeant at arms knows of since then.
The senators said they aren't asking for details around specific incidents, but rather statistics for the number of Senate computers compromised and times hackers have successfully accessed sensitive Senate data. They also want the sergeant at arms to inform Senate leaders and the Senate Committees of Rules and Intelligence no later than five days after learning of any breach of a Senate computer.
Giving individual senators these numbers "would enable the Senate to engage in informed debate about the security threats faced by the legislative branch and consequently, the need for the Senate to fund, prioritize and conduct aggressive oversight of its own cybersecurity," the pair wrote.
National security officials have repeatedly warned that members of Congress their staff and even their family members are at risk from hacking groups, with former NSA Director Michael Rogers calling lawmakers "prime targets for exploitation" in 2018.
It's not just official Senate computers and email that are vulnerable. Last year, after Google began alerting unnamed senators that their personal accounts and emails were being targeted by nation-state hacking groups, Wyden wrote to the sergeant at arms expressing "alarm" that the office rebuffed requests from senators seeking cybersecurity assistance.
In December 2018, Wyden successfully pushed the Federal Election Commission to allow members of Congress to reallocate leftover campaign funds to protect the personal electronic devices and accounts of members and staff.
This article was first posted to FCW, a sibling site to GCN.
Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.
Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.
Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at firstname.lastname@example.org, or follow him on Twitter @derekdoestech.
Click here for previous articles by Johnson.