US Lawmakers Call for Senate Breach Alerts

Written by

Two senior lawmakers have called on the US Senate to provide greater transparency on cyber-attacks, with a view to improving oversight of online threats to the legislature.

Senators Rony Wyden and Tom Cotton signed an open letter to the institution’s sergeant at arms, Michael Stenger, arguing that senators shouldn’t be kept in the dark over cyber threats, given how big a target the Senate is for hackers.

Congressional computers belonging to Frank Wolf’s office are known to have been hacked in 2006, while three years later senator Bill Nelson revealed that his machines had been “invaded” several times, they said.

However, 2009 was apparently the last publicly disclosed breach of congressional computers.

Unlike private US companies and even executive agencies, Congress has no legal obligation to reveal incidents and breaches, and so it has remained largely silent, the senators claimed.

“We believe that the lack of data regarding successful cyber-attacks against the Congress has contributed to the absence of debate regarding congressional cybersecurity—this must change,” Wyden and Cotton wrote.

“Each US senator deserves to know, and has a responsibility to know, if and how many times Senate computers have been hacked, and whether the Senate’s existing cybersecurity measures are sufficient to protect both the integrity of this institution and the sensitive data with which it has been entrusted.”

Although the details surrounding individual incidents may need to be kept secret, senators should be given aggregate stats about successful attacks on senate computers and data, the two argued.

They also called for a new policy whereby all Senate leaders and members of committees on rules and intelligence are notified of any breach within five days of discovery.

The two are right to be anxious about the lack of transparency of cyber-attacks on the Senate. Just last year, Russian state hackers were observed setting up phishing sites designed to mimic the chamber’s ADFS (Active Directory Federation Services).

What’s hot on Infosecurity Magazine?