During the last decade, hackers have successfully infiltrated U.S. government agencies including the Office of Personnel Management, health care firms such as Anthem, and technology giants like Google. Hackers continue to target all manner of government entities, and there is little doubt that Congress is squarely in their sights. We believe that the lack of data regarding successful cyber attacks against the Congress has contributed to the absence of debate regarding congressional cybersecurity - this must change. Each U.S. Senator deserves to know, and has a responsibility to know, if and how many times Senate computers have been hacked, and whether the Senate’s existing cybersecurity measures are sufficient to protect both the integrity of this institution and the sensitive data with which it has been entrusted.The letter further calls upon the Senate to produce an annual report detailing the number of times hackers have managed to compromise Senate computers and phones and when sensitive data has been accessed. In addition, Senate Sergeant at Arms Michael Stenger is asked to inform the Senate committees on Rules and Intelligence about any cybersecurity breaches within five days of their discovery. If nothing else, more transparency about hacks involving the US Congress would help to keep cybersecurity in the minds of politicians and may better inform their understanding of the scale of the problem. The two senators acknowledge in the letter that some information about hacking attacks may need to remain confidential because of its sensitive nature or because an investigation is ongoing. Senator Ron Wyden is certainly no stranger to raising issues around computer security, having previously raised concerns about a variety of topics including federal government employees using foreign VPNs, the US government's reliance on Adobe Flash and the State Department's poor adoption of multi-factor authentication.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.