The Congressional Budget Office (CBO) officials have stated that they have been a target of a foreign cyberattack. The attack resulted in disruptions of services and questions about the potential compromise of restricted government data. The Hill and BleepingComputer websites reported the incident whereby the CBO systems that conduct the office’s economic analysis and CBO analysis Congressional communications were attacked.
The CBO referred to the situation as an isolated incident
The referred to isolated incident in which CBO contained the attack from its network. The CBO has cooperated with containment and prompt actions of the appropriate investigative federal authorities.
The focus of the investigation has been to determine the possible compromise of restricted government data. The CBO reported that they detected unauthorized access to their systems and have declassified some nodes and access points in their network.
The reported compromised systems include communications with economic analysis and models that were to go to the Congress, and documents that were in draft state. Further, the CBO has been restricted in stating the expected loss.
Government officials stated that the breach did not seem to compromise classified information, but it did disrupt some parts of the CBOโs data systems that are used for budget forecasts and estimating the cost of legislation.
Cybersecurity experts state that the breach demonstrated a sophisticated understanding of government systems
Although the CBO is nonpartisan and not involved in direct policymaking, it is central to the entire legislative process. It is the CBO that prepares the reports that determine the congressional decisions on taxes, spending, healthcare, and defense. Even minimal access to unfinished reports and unedited fiscal projections would give foreign adversaries access to sensitive U.S. political and economic information.
Before this situation, the CBO seemed to be a target that was not easy to hack. Now, foreign governments are theorized to be interested in the CBO, especially its communications with Congress.
Collaboration on intrusion tracing and investigations between the CBO and CISA and congressional IT staff preceded CBO’s additional network monitoring and access supervision, which included the implementation of forced password authentication on employee accounts. Despite the disruption, Phil Swagel, the agency’s CBO director, stated that the agency was still operational.
โOur mission continues! Weโve strengthened our cybersecurity protections, and while we ensure congressional obligations.โ
The Senate Sergeant at Arms’ office advised Congress staff to review electronic communication with the CBO
While there is no concrete indication that any emails or documents were altered, some information in emails and documents is compromised and under investigation.
The breach case shows a pattern of cyber operators targeting institutions that are not limited to information and defense. There is a shift in the focus of foreign cyber intruders, where the focus is now on government research, data analytics, and fiscal agencies for indirect information with regard to U.S. tactics.
Concerns voiced by leaders across the political spectrum focused on the need for strengthened cyber defenses for all congressional support entities, like the Government Accountability Office and the Library of Congress. Senator Angus King:
โThis incident shows how vulnerable our legislative branch remains;ย cybersecurity must now be treated as an essential part of national defense.โ
The breach, and possible data theft or data leakage, is still being assessed for impact. However, the incident is a reminder that every federal agency, no matter what it is, is vulnerable to attacks of modern technology. While the CBO restores its systems and prepares its cyber defenses, this incident teaches a clear lesson: during a time when policy is driven by data, every link in the chain of government systems is an entry point for an adversary.
