In the current digital age, we’ve become almost numb to digital breaches of information. Especially where large organizations are concerned. They are readily becoming a daily occurrence, one that leaves sensitive information unguarded and people’s livelihood in jeopardy.
Essentially, what happens far too often is that these sensitive databases are accessed, passwords are stolen, emails are sifted through and utilized, innocent people are put at risk, and corporations are knocked down a peg and shown how vital security procedures really are.
However, what you don’t tend to hear about often are hacks of computer and IT systems belonging to government entities.
In fact, the last time a breach of congressional computers was publicly disclosed was in March 2009, when then-Senator Bill Nelson revealed computers in his office had been attacked three times in the previous month, and that "The threat to our national security, to be sure, is real”.
Under legal obligation, federal agencies and corporations alike are regulated and made to publicly disclose breaches. On the other hand, Congress is under no such obligation. This essentially means that the public may have no idea that their political representatives have been hit, and if they have, what was affected.
This past week, two US Senators, decided that they have had enough with keeping the public in the dark.
These two US senators have requested the US Senate Sergeant at Arms to disclose details about cyber-attacks against the Senate and its members.
The formal request was made in a letter signed and dated on the 13th of March by Ron Wyden a Democrat from Oregon and Tom Cotton a Republican from Arkansas, both members of the US Senate Intelligence Committee.
Essentially, this committee was created to “oversee and make continuing studies of the intelligence activities and programs of the United States Government,” to “submit to the Senate appropriate proposals for legislation and report to the Senate concerning such intelligence activities and programs,” and to “provide vigilant legislative oversight over the intelligence activities of the United States to assure that such activities are in conformity with the Constitution and laws of the United States.”
In their letter, the Senators call for transparency:
"Companies and executive branches are required by state and federal law to report breaches. In contrast, Congress has no legal obligation to disclose breaches and other cyber incidents," the two senators wrote in their letter.
"The Sergeant at Arms must be transparent in providing members of the Senate all information about the possible existence and scale of successful hacks against the Senate," the letter reads.
"Each US senator deserves to know and has a responsibility to know, if and how many times Senate computers have been hacked, and whether the Senate's existing cybersecurity measures are sufficient to protect both the integrity of this institution and the sensitive data with which it has been entrusted."
For obvious reasons, the two say they understand that some data about cyber-attacks might need to remain confidential as part of ongoing investigations, or because of its sensitive nature to the public.
However, they ask the Sergeant at Arms to at least disclose statistics about attacks as a whole, so senators can have informed debates and allocate funds to improve the Senate and senators' cyber-security protections.
To that end, the two provide the following steps of action to initiate change on this matter:
The initiation of this letter by Senator Wyden is no coincidence. Last September, he was the one to reveal that several senators' Gmail accounts had been targeted by foreign hackers.
Wyden is also the same senator who pushed the Senate Sergeant at Arms to implement full disk encryption on Senate laptops and computers, and also pushed the Senate to allow staff members to use the Signal secure messaging app for internal communications.
The hope behind this move, is to start a discussion. It’s time for members of the Senate to start recognizing cyber security as a serious national security issue. With the work of this letter, that may just become reality.
LACyber is a division of Lincoln Archives providing comprehensive Data Breach Defense Services. Lincoln Archives and LACyber are proud to be a part of Lincoln Family of Companies serving the Western New York Community since 1914.